Risk management
Proactive Risk Management and Internal Control
Securitas ’ process for enterprise risk management ( ERM ) seeks to identify , prioritize and manage the key risks to our business at all levels and in all parts of the business . Securitas ’ internal control system is designed to manage , rather than eliminate , the risk of failing to achieve business objectives . The system provides reasonable , but not absolute , assurance against material misstatement or loss , as well as compliance with the main policies .
Internal control over financial reporting is included as a part of the overall internal control of Securitas and constitutes a central part of the Group ’ s corporate governance . The description below covers a broader perspective on how Securitas ’ internal control is organized , using a structure based on the COSO model ( 2013 , Framework ), but also makes specific reference to items pertaining directly to internal control over financial reporting . On pages 19 – 23 we describe the company ’ s enterprise risk management process , which sets the overall process for Securitas ’ proactive and continuous work with risk management and internal control . Securitas ’ insurance and claims strategy is to “ act as if uninsured ”. Refer to page 44 in the printed Annual Report 2016 for more information about insurance as a risk management tool .
Control environment The key features of the control environment include : clear terms of reference for the Board and each of its committees , a clear organizational structure with documented delegation of authority documented in an approval matrix , from the Board to President and CEO and further to Group Management . It also includes the competence of employees and a series of Group policies , procedures and frameworks .
Emphasis lies on the competence and abilities of the Group ’ s employees , with continuous training and development actively encouraged through a wide variety of schemes and programs .
The Group has three fundamental values – Integrity , Vigilance and Helpfulness – to help its employe es exercise good judgment and make decisions on a consistent basis .
Policies that apply to internal control over financial reporting are described in Securitas ’ Group Policies , which include the company ’ s model for financial control ( for more detailed information on the model , refer to pages 46 – 47 in the printed Annual Report 2016 ), and in the Securitas Reporting Manual , which specifically focuses on reporting matters to ensure compliance with reporting requirements and rules . This creates an environment that supports reliable and accurate reporting .
Risk assessment At the highest level , the Board considers where future strategic opportunities and risks lie , and helps shape the corporate strategy . Balanced and focused risk management is necessary for the fulfillment of Securitas ’ strategies and the achievement of its corporate objectives .
Enterprise risk management ( ERM ) is an integral component of Securitas ’ operations , and risk awareness is part of the company culture . Risk assessments are conducted within the framework of the Securitas ERM process , regardless whether the assessments pertain to operational risks or financial reporting risks . Securitas does not classify compliance risk as a separate category . Instead , it is included in the operational category . Risk assessment is a dynamic process that aims to identify and analyze risks in relation to Securitas ’ objectives . It serves as the basis for implementing mitigating actions after considering the controls in place ( reduce , transfer / share or accept the risk in question ). See page 20 for more details on the risk assessment and planning process .
16 Securitas Sustainability Report 2016