UPM regards risk management as a systematic and proactive means to analyse and manage the opportunities and threats related to its business operations. It also includes careful planning and evaluation of future projects and business environment in order to avoid risks. The operating principles, objectives, roles and responsibilities of the company's risk management are defined in the Risk Management Policy approved by the Board of Directors. The management of financial risks is based on the Group Treasury Policy, approved by the Board of Directors.
Risk management responsibilities
Risk management is an integral part of UPM’s management system as risk taking is a normal part of business operations. While executing strategies, UPM and its business areas, functions and manufacturing units are exposed to a number of risk and opportunities. Each business area, function and unit is responsible for identifying, measuring and managing of risks related to its own operations, and for reporting on risk exposures, risk management activities and results to its own management team and to the Risk Management function. The Risk Management function is independent from business areas and global functions except from Finance and Control function under which it operates.
UPM’s Risk Management function is responsible for:
- communicating and enforcing the Risk Management Policy and risk limits
- developing group-wide risk management procedures and guidelines
- measuring and monitoring risk management performance
- aggregating and reporting the risk management information collected from the business areas, functions and manufacturing units to the Risk Management Committee and the Audit Committee.
The Risk Management Committee, chaired by the CFO, is responsible for recommending risk tolerances and profile to the President and CEO and the Strategy Team. The Strategy Team is responsible for aligning risk management priorities, business and risk management strategies and policies.
The Board of Directors, assisted by the Audit Committee, monitors and assesses the effectiveness of the company’s risk management systems and oversees the assessment and management of risks related to the company’s strategy and operations. The Audit Committee oversees that risk management activities are aligned with the Risk Management Policy, and that risk assessments are used to guide internal audit and compliance activities.