Solar’s risk management is based on Enterprise Risk Management (ERM) and the Board of Directors’ rules of procedure, which place the responsibility for risk management with the Executive Board.
The Executive Board is responsible for ensuring that the necessary policies and procedures are in place, that efficient risk management systems have been established for all relevant areas and are improved continuously.
The overall purpose of the risk management initiative is to support the running of a robust business that is able to react quickly and flexibly when conditions change.
Solar’s risk management efforts cover almost all Solar companies in Denmark, Norway, Sweden, the Netherlands, Poland and MAG45. The process supports national management teams in taking a structured approach towards risk management, with regular risk self-assessments anchored in the annual cycle. The data is consolidated at group level, and the findings are presented to the Board of Directors for approval.
The individual risk owners are responsible for mitigating risks to a level within Solar’s risk appetite and tolerance. Throughout the year, Solar’s Group Risk Management and local risk managers actively monitor the progress of this mitigation to ensure that risks are at an acceptable level.
The focus of Solar’s risk management is to identify and assess operational risks and operational aspects of strategic risks throughout the Solar Group. Solar defines these risks as events or developments that could significantly reduce Solar’s ability to:
1) Meet profit expectations,
2) Execute the strategy, and/or
3) Maintain a licence to operate.
Solar works with the concepts of gross risk (inherent risk) and net risk (residual risk).
The gross risk effect is defined as the product of the impact and the probability of the risk materialising without any change in current risk mitigation.
The net risk effect is defined as the risk level when considering current as well as planned mitigation activities regarding both impact and probability.
Risk appetite and tolerance
Solar’s risk appetite and risk tolerance articulate the extent to which Solar is willing to accept risks in five overarching categories: Governance, Strategy and Planning, Operations/Infrastructure, Compliance and Reporting.
Accordingly, the risk appetite outlines Solar’s strategic outlook towards risk and defines the degree to which Solar is risk-seeking or risk-avoiding, while the risk tolerance, as an indicative parameter, outlines the level of net risk that Solar is willing to accept for a given measure of reward.
Risk appetite and risk tolerance are set by the Board of Directors and are reviewed annually.
Solar evaluates the effect of a risk based on a product of the probability of the risk materialising and the gross impact if the risk does materialise. In detail, the probability of the risk is defined as the expected frequency with which the risk may occur, while the impact is divided into three dimensions:
1) Effect on earnings
2) Reputational damage
3) Compliance (licence to operate)
The purpose of identifying and then handling risk is at all times to bring it to an acceptable level, which is in line with risk appetite and tolerance. In Solar, we work with four different risk treatment strategies when handling risks.
Seeking to eliminate uncertainty by changing circumstances.
Seeking to transfer ownership and/or liability of the risk to a third party.
Recognising residual risks and devising responses to monitor and control these.
|Mitigate||Seeking to minimise risk exposure to below acceptable threshold.|
The above strategies provide a number of formal responses to identified risks to help risk owners manage these.
Exposure to potential top risks and mitigation
(extract from Annual report 2018)