Risk management and internal control

Raute's risk management policy is approved by the Board of Directors. The Board is responsible for organizing internal control and risk management, and for monitoring their efficiency.

Preventive risk management ensures continuity

The aim of risk management is to further the achievement of strategic and other objectives by foreseeing and limiting substantial risks and the negative effects of occurred risks on business. Preventive risk management ensures the continuity of operations.

Risk management also includes recognizing, assessing and preparing for the risks related to business opportunities. The primary goal of crisis management is the safety of the personnel.

Our Group’s most important identified risks relate to the nature of the project business, geopolitical and macroeconomic conditions, human resources, information security, financing, and damage or loss. According to our analysis, the most significant risks facing the Group at the moment are fluctuations in investment demand resulting from the developments of the global economy and geopolitics, risk related to renewal of the group’s information technology systems, retention of key people, refinancing and liquidity risk and cyber security risk.

Raute has started a development program, to improve competitiveness and profitability, that aims to achieve annual savings of some EUR 4-5 millions by the end of 2023. The company is exposed to a risk of capturing the savings within the planned timeline.

Restrictions resulting from the pandemic caused by Covid-19 may continue to have a negative impact on Raute’s outlook also in the future, but to a lesser extent than in the two previous years

Organizing risk management

Raute’s risk management policy is approved by the Board of Directors. The Board is responsible for organizing internal control and risk management, and for monitoring their efficiency.

The Executive Board defines the Group’s general risk management principles and operating policies and defines the boundaries of the organization’s powers. The President and CEO and the CFO regularly report significant risks to the Board.

The Group’s President and CEO controls the implementation of the risk management principles within the entire Group, while the Presidents and CEOs of the Group companies are responsible for risk management in their respective companies. The members of the Group’s Executive Board are responsible for their own areas of responsibility across company boundaries.

The foundation of our Group’s internal control is management in accordance with our values and Code of Conduct. There is no separate internal control organization in the Group. The Controller function oversees the annual internal control plan, develops internal control and risk management procedures together with the operative leadership, and monitors compliance with risk management principles, operational policies and powers.