Risk management

UPM regards risk management as a systematic and proactive means to analyse and manage the opportunities and threats related to its business operations. It also includes careful planning and evaluation of future projects and business environment in order to avoid risks. The company’s risk management objectives and operating principles are defined in the Risk Management Policy approved by the Board of Directors. The management of financial risks is based on the Group Treasury Policy, adopted by the Board of Directors.

Risk management responsibilities

Risk management is an integral part of UPM’s management system as risk taking is a normal part of business operations. While executing strategies, UPM and its business areas, functions and manufacturing units are exposed to a number of risk and opportunities. Each business area, function and unit is responsible for identifying, measuring and managing of risks related to its own operations, and for reporting on risk exposures, risk management activities and results to its own management team and to the Risk Management Function.

UPM’s Risk Management Function is responsible for:

  • communicating and enforcing the Risk Management Policy and risk limits
  • developing group-wide risk management procedures and guidelines
  • measuring and monitoring risk management performance
  • aggregating and reporting the risk management information collected from the business areas, functions and manufacturing units to the Risk Management Committee and the Audit Committee.

The Risk Management Committee, chaired by the CFO, is responsible for recommending risk tolerances and profile to the President and CEO and the Group Executive Team. The Group Executive Team is responsible for defining risk management priorities and tolerance, and aligning business and risk management strategies and policies.

The Board of Directors, assisted by the Audit Committee, monitors and assesses the effectiveness of the company’s risk management systems and oversees the assessment and management of risks related to the company’s strategy and operations. The Audit Committee oversees that risk management activities are aligned with the Risk Management Policy, and that risk assessments are used to guide internal audit activities.

Risk factors

At UPM, risk factors are classified as strategic risks, operational risks, financial risks and hazard risks. The main risk factors that can materially affect the company’s business and financial results are presented in the Report of the Board of Directors on pages 98–99 of the Annual Report 2016. Near-term risks and uncertainties are described in the interim reports issued by the company quarterly. A description of the financial risks and financial risk management is available in the notes to the consolidated financial statements on pages 138–140 of the Annual Report 2016.

Risk management pertaining to financial reporting

The company’s risk management pertaining to financial reporting is also based on the Risk Management Policy approved by the Board of Directors, and on the principles, roles, responsibilities and risk management processes set out in the policy. Risk management pertaining to financial reporting is described in the Corporate Governance Statements issued by the company annually.