Securitas SHARE: Sustainability Report 2016 | Página 20

Risk management
1
Input and risk identification
The ERM process is integrated into the Group’s business planning
and performance monitoring processes, regardless of the risk
category concerned. As part of the overall annual business plan
process, each level of the organization prepares an ERM business plan.
The ERM business plan includes risk assessment,
controls, risk management activities and action
plans. It determines the main focus and priorities
for operational risk management at the country,
division and Group level for the coming year.
Securitas’ ERM business plan risk assessment tool
is used to facilitate the risk assessment process, as
well as action planning, depending on the level of
risk and controls that are in place.
Key risk determination The yearly risk assess-
ment process is coordinated by the Group risk
organization, which is also responsible for maintain-
ing the risk register. The risk register contains about
50 risks and is updated annually, primarily based on
the country ERM business plans, but also on other
sources of input such as audits, self-assessment
results and management input. Out of the 50 risks,
about 15 are selected as top risks that will be sub-
jected to monitoring activities. Out of these, six
20
Securitas Sustainability Report 2016
risks are currently considered key Group risks and
have been assigned primary focus for the coming
year. For examples of these risks and how they are
managed, refer to www.securitas.com.
The ultimate prioritization of key risks for each
year is decided by Group Management and pre-
sented to the Audit Committee.
Six key risks 2016
• Customer contract risk
• Assignment execution risk
• Compliance (regulatory and other) risk
• IT failure risk
• Price risk
• ­Securitas’ Values and Ethics compliance risk