Risk management is an integral part of UPM’s management system as risk taking is a normal part of business operations. While executing strategies, UPM and its business areas, functions and manufacturing units are exposed to a number of risk and opportunities. Each business area, function and unit is responsible for identifying, measuring and managing of risks related to its own operations, and for reporting on risk exposures, risk management activities and results to its own management team and to the Risk Management function. The Risk Management function is independent from business areas and global functions except from Finance and Control function under which it operates.
UPM’s Risk Management function is responsible for:
The Risk Management Committee, chaired by the CFO, is responsible for recommending risk tolerances and profile to the President and CEO and the Strategy Team. The Strategy Team is responsible for aligning risk management priorities, business and risk management strategies and policies.
The Board of Directors, assisted by the Audit Committee, monitors and assesses the effectiveness of the company’s risk management systems and oversees the assessment and management of risks related to the company’s strategy and operations. The Audit Committee oversees that risk management activities are aligned with the Risk Management Policy, and that risk assessments are used to guide internal audit activities.
At UPM, risk factors are classified as strategic risks, operational risks, financial risks and hazard risks. The main risk factors that can materially affect the company’s business, financial results and non-financial performance are presented in the Report of the Board of Directors on pages 102–104 of the Annual Report 2017. Near-term risks and uncertainties are described in the interim reports issued by the company quarterly. A description of the financial risks and financial risk management is available in the notes to the consolidated financial statements on pages 148–151 of the Annual Report 2017.
The company’s risk management pertaining to financial reporting is also based on the Risk Management Policy approved by the Board of Directors, and on the principles, roles, responsibilities and risk management processes set out in the policy. Risk management pertaining to financial reporting is described in the Corporate Governance Statements issued by the company annually.