Risk management
Four-step process for managing enterprise risk
Securitas’ enterprise risk management process (ERM) is engrained in the business and
based on close cooperation between operative management and all functions working
with the different parts of the risk management process.
The identified risks and adopted
policies also set the structure for all
compliance monitoring in the Group
Operational
ecuritas Group Policies as well as local
S
processes, rules and procedures estab-
lish the framework for day-to-day risk
management
The ultimate responsibility for gover-
nance of risk management lies with
the Board of Directors, but the work
involved in minimizing risks takes place
through a structured process of assigning
responsibility to all levels of the organization
ecuritas is exposed to various types of risks in its
S
daily business. When providing security services,
Securitas manages not only its own risks, but also
risks on behalf of its customers. Minimizing the risk
of a loss occurring, and thereby protecting our
stakeholders, is an important objective. Securitas’
risks have been classified into three main catego-
ries: contract and acquisition risks, operational
assignment risks and financial risks. The catego-
ries are based on the natural flow of the business –
entering into a contract, execution of the assign-
ment and the financial result. Similar risk categories
are also relevant for acquisitions, but are then clas-
sified as acquisition risks, operational integration
risks and financial integration risks.
All of the risks in these categories can impact
the Group’s financial performance and position if
they are not managed in a structured way. This is
why Securitas has developed its four-step process
approach for managing enterprise risks.
Financial /
Financial
reporting
Ris
Contract
and
acquisition
1
2
3
4
d ris k
ut an
Inp tification
n
ide
The process starts with risk identifica-
tion and prioritization during the ERM
planning process
t
k managemen
activities
To support the ERM work, Securitas has imple-
mented a web-based governance, risk and compli-
ance (GRC) system that comprises all four steps in
Securitas’ enterprise risk management process and
gathers the ERM information in one database. The
GRC system supports the overall ERM work in the
Group. It is used to streamline the ERM processes
to further structure current processes and work-
flows. The main workflows included in the system
are ERM self-assessment, ERM business plan,
policy management, sustainability reporting, audit
module and risk register. Also, the system auto-
mates current processes, such as reports, with the
aim to improve the overall quality of the ERM work
and serves as a single point of information.
The four steps and current actions are described
in further detail on the following pages.
Securitas Sustainability Report 2016
19