Risk management and control

Risk management is an integral part of management in Kesko

Kesko’s risk management is proactive and an integral part of management and day-to-day activities. The goal of risk management is to ensure the implementation of Kesko’s strategy.

The risk management policy confirmed by the Board guides risk management in Kesko Group. The policy defines the goals and principles, organisation, responsibilities and operating practices of risk management. Kesko divides risks into strategic, operational and financial risks.

In Kesko, a risk is defined as an event or circumstance

  • that can hinder or prevent the attainment of Kesko's objectives, or
  • that can lead to a failure to exploit business opportunities.

Risk management principles in Kesko Group: 

  • We set our objectives taking account of related business opportunities and risks.
  • We take calculated and assessed risks within the limits set in strategy selections in, for example, expanding business operations, strengthening market position and creating new business.
  • We assess risks taking account of the scale of potential impacts the risk could have and the likelihood of the impacts to occur, while considering the impacts on people, the environment and reputation in addition to financial impacts.
  • We avoid or reduce operational and damage/loss risks.
  • We ensure shopping safety and data protection as well as product safety for our customers.
  • We create a safe working environment for our employees.
  • We minimise the opportunities for crime or malpractice.
  • We secure critical operations and the resources needed for them in order to ensure continuity.
  • We have crisis management, continuity and recovery plans, plan implementation testing and sufficient insurance cover in place to provide for the realisation of risks.
  • We keep risk management costs and resources in proportion to the obtainable benefits.
  • We provide information on risks and risk management to stakeholders in accordance with Kesko's corporate governance principles. 

The Group has a uniform model for risk assessment and risk reporting
Kesko Group applies a business-oriented and comprehensive approach to risk assessment and risk management. This means that key risks are systematically identified, assessed, managed, monitored and reported as part of business operations at the Group, division and function level in all operating countries. Risk identification and assessment play a key role in Kesko's strategy work and operations planning. In addition, risk assessments are made of significant projects related to capital expenditure, business arrangements or changes in operations.

Kesko uses a uniform risk assessment and reporting model. Risk identification is based on business objectives and opportunities and the defined risk appetite. Risks are prioritised on the basis of their significance by assessing their impacts in euros and the likelihood of their occurrence. When assessing the impact of occurrence, the impacts on reputation, the wellbeing of people and the environment are assessed in addition to the impacts in euros. Responsible persons are assigned to the planning, execution and monitoring of risk management responses. When responses are determined it is taken into account that all risks cannot or need not be managed. The determined responses are included in operating plans and follow-ups.

Arranging insurance cover is part of Kesko's risk management
Arranging insurance cover is part of Kesko's risk management and it is guided by the insurance principles confirmed by Kesko's Board of Directors. The need for insurance cover is assessed taking account of Kesko's risk capacity and appetite. The risks that have a significant impact on Kesko's profit and liquidity are insured, whereas the need for insuring other risks is assessed on a risk basis. The purpose of insurance is acting as a means to balance the profit in case of unexpected damage. Risks can be knowingly left uninsured at own risk, if it is sensible and cost efficient on the basis of risk assessment. The Group's risk management function is responsible for the Group-level insurance programmes, related guidelines, their competitive tendering and brokerage services.

Risk management model and responsibilities
The duties of Kesko's Board of Directors include ensuring the proper operation of the management system. In this role, the Board of Directors confirms the Group's risk management policy and considers the Group's most significant risks and uncertainties in its meetings.

The President and CEO manages Kesko Group's operations in accordance with the instructions and orders given by the Board of Directors and reports to the Board of Directors on the developments in the Company's business and financial situations. In risk management, the President and CEO is assisted by the Group's risk management function, as well as the GRC steering group (Governance, Risk & Compliance), which consists of key persons from the Group management and risk management.

The managements of the business operations and the common functions are responsible for the execution of risk management. The risk management unit coordinates the risk management process and is responsible for risk reporting and performs risk identification and management response determination jointly with the common functions. Every member of the Kesko personnel must know and manage the risks of their areas of responsibility.


Risk management execution in 2016
Kesko's risk management was centralised and reorganised in spring 2016 with the purpose of integrating it more closely into the strategy process and enhancing the execution of risk management throughout the organisation. In 2016, the most significant development areas in risk management included the harmonisation of the divisions' and the common functions' risk management processes, especially the definition of measures related to the reduction of risks and setting risk limits, as well as enhancing monitoring. In addition, the creation of a cyber risk management model, as well as preparatory work for a competitive bidding process for an insurance cover more clearly based on Kesko's risk capacity. Better use of centralised purchasing power in the procurement of security services and technology continued. Risk management actively contributed to the risk management processes of the acquisitions that were completed, and to the takeover and integration of the acquired companies' risk management, corporate security and insurance solutions at the Group level. A positive trend continued in terms of damages and there were no major single damages.

Focus areas of risk management in 2017
The most important focus area in risk management is to support Kesko's strategy by executing strategy based risk management. The development of the efficiency and assurance of measures related to the reduction and limitation of risks will continue. Other focus areas in risk management include the implementation of the cyber risk management model, updating the insurance cover on the basis of risk capacity and risk appetite, as well as the development and updating of the management model for crisis and exceptional situations at Kesko in line with Kesko's new organization. In addition, the development of the Group's common functions' risk management process will continue and the implementation of the risk management process in the revised foreign organisations of the building and technical trade will be ensured. The improvement of cost efficiency by centralised purchasing will continue.

To top