Risk management and internal controls

Risk management, internal controls, PHM’S Code of Conduct, together with PHM’s values are an integral part of corporate governance at PHM.

At PHM the risks have been divided into the following main categories

• Changes in operational environment
• Risks related to business operations
• Risks related to personnel and management
• Risks related to mergers and acquisitions
• Risks related to information technology systems

Risk management at PHM is a evaluation, planning, governance and control process relating to operating environment, business and personnel as well as sustainability. Risk management in PHM is part of PHM’s strategy work, decision-making, day-to-day management and operations.

The objective of PHM’s risk management is to prevent and minimise the impact of potential risks while PHM is striving to achieve its targets and implementing its strategy.

Risk management process and implementation of risk management measures

PHM’S Group Management Team carries out risk management assessment, which is reviewed by the PHM’S Board of Directors. The goal of the annual risk analysis is to identify high-level risks and draw up plans to mitigate them. In addition, PHM’s Board of Directors confirms risk management policy and also processes the PHM’s most significant risks and uncertainties at its meetings when necessary.

Risk management measures are planned based on the assessment and constantly reviewed and updated by the PHM’s Group Management Team.

Responsibility for the implementation of risk management lies with the management of the relevant business operations and common PHM group level operations. The PHM Group Management Team coordinates the risk management process and is responsible for risk reporting, as well as identifying risks and determining management measures in cooperation with business operations and common support functions. Each PHM employee must know and manage the risks within their area of responsibility.