Solar’s risk management system consists of policies and procedures approved by the Board of Directors. The overall purpose is to manage all major business risks and risk correlations across the organisation.
Risk management is based on Enterprise Risk Management (ERM) and was established to enable Solar to run a robust business that is able to react quickly and flexibly when conditions change.
The national management teams in our markets take a structured approach to risk management, providing us with updated risk assessments minimum twice a year.
This data is consolidated at group level and the findings are presented to the Board of Directors for approval. This means we analyse and identify both specific risks faced by the individual subsidiaries as well as group-wide risks.
Solar’s risk management approach observes current corporate governance principles.
The group’s risk management is based on the Board of Directors’ rules of procedure, which place the responsibility for risk management with the Executive Board.
The Executive Board is responsible for ensuring that necessary risk management policies and procedures are available, that efficient risk management systems have been established for all relevant areas and are improved continuously.
The Executive Board follows up with the subsidiaries regularly.
The focus of risk management in Solar is to identify and assess operational risks and operational aspects of strategic risks throughout the Solar Group. Solar defines these risks as events or developments that could significantly reduce Solar’s ability to:
1) meet profit expectations,
2) execute the strategy, and/or
3) maintain license to operate.
Accordingly, Solar works with the concepts of gross risk (inherent risk) and net risk (residual risk).
The gross risk effect is defined as the product of the impact if the risk occurs without any change in current mitigation, and the probability that the risk occurs without any change in current mitigation.
The net risk effect is defined as the risk level when considering current as well as planned mitigation activities regarding both impact and probability.
Solar evaluates the effect of a risk based on a product of the probability of the risk materialising and the gross impact if the risk does materialise.
In detail, the probability of the risk is defined as the expected frequency with which the risk may occur, while the impact is divided into three dimensions:
1. Effect on earnings
2. Reputational damage
3. Compliance (license to operate)
These criteria are gathered in the risk assessment matrix.
Risk appetite and tolerance
Solar’s risk appetite and risk tolerance define and articulate the extent to which Solar is willing to take risks and the extent to which Solar is willing to accept risks in five overarching categories: Governance, Strategy and planning, Operations/Infrastructure, Compliance and Reporting.
Accordingly, the risk appetite outlines Solar’s strategic outlook towards risks and defines the degree to which Solar is risk seeking or risk avoiding, while the risk tolerance, as an indicative parameter, outlines the level of net risk that Solar is willing to accept for a given measure of reward.
Risk appetite and risk tolerance are set by the Board of Directors and are reviewed annually.
The purpose of identifying and then handling risks is at all time to bring it to an acceptable level, which is in line with the above risk appetite and tolerance. In Solar, we work with four different risk treatment strategies when handling risks.
Seeking to eliminate uncertainty by changing circumstances.
Seeking to transfer ownership and/or liability of the risk to a third party.
Seeking to reduce or minimise risk exposure to below acceptable threshold.
|Mitigate||Recognising residual risks and devising responses to control and monitor these.|
The risk treatment strategies provide a number of formal responses to the identified risks to help risk owners manage these. Only if new or different activities are developed and implemented to treat the risks, will risk management add value to the business.
Solar’s risk management efforts cover Denmark, Norway, Sweden, the Netherlands, Poland and MAG45.
The purpose of the risk management efforts is to assess, prioritise and report the most significant risks of these markets and of Solar Group. As part of this process, Solar Group’s risk management function collaborates closely with the subsidiaries’ local risk managers in administrating the annual cycle of work to ensure that the process is valid and addresses all relevant risk areas to identify all significant business risks.
The individual risk owners are responsible for mitigating the risks to a level within Solar’s risk appetite and tolerance. Throughout the year, Solar Group’s risk management function and the local risk managers actively monitor the progress of this mitigaion to ensure that risks are at an acceptable level.
Exposure to potential top risks and mitigation
(extract from Annual report 2017)