Risk management and control

Risk management is an integral part of management in Kesko
Kesko’s risk management is proactive and an integral part of day-to-day management. The objective of risk management is to support the implementation of Kesko’s strategy.

Risk management in Kesko Group is guided by the risk management policy confirmed by Kesko's Board of Directors. The policy defines the goals and principles, organisation, responsibilities and practices of risk management in Kesko Group. In the management of financial risks, the Group's treasury policy, confirmed by Kesko's Board of Directors, is observed.

In Kesko, a risk is defined as an event or circumstance

  • that can hinder or prevent the attainment of Kesko's objectives, or
  • that can lead to a failure to exploit business opportunities.

Risk management principles in Kesko Group: 

  • We set our objectives taking account of related business opportunities and risks.
  • We take calculated and assessed risks within the limits set in strategy selections in, for example, expanding business operations, strengthening market position and creating new business.
  • We assess risks taking account of the scale of potential impacts the risk could have and the likelihood of the impacts to occur, while considering the impacts on people, the environment and reputation in addition to financial impacts.
  • We avoid or reduce operational and damage/loss risks.
  • We ensure shopping safety and data protection as well as product safety for our customers.
  • We create a safe working environment for our employees.
  • We minimise the opportunities for crime or malpractice.
  • We secure critical operations and the resources needed for them in order to ensure continuity.
  • We have crisis management, continuity and recovery plans, plan implementation testing and sufficient insurance cover in place to provide for the realisation of risks.
  • We keep risk management costs and resources in proportion to the obtainable benefits.
  • We provide information on risks and risk management to stakeholders in accordance with Kesko's corporate governance principles.

The Group has a uniform model for risk assessment and risk reporting

Kesko Group applies a business-oriented and comprehensive approach to risk assessment and management. This means that key risks are identified, assessed, managed, monitored and reported as part of business operations at Group, division, company and function levels throughout the Group.

Kesko has a uniform risk assessment and reporting model. Risk identification is based on business objectives and opportunities and the defined risk appetite. Risks are prioritised on the basis of their significance by assessing their impacts in euros and the probability of their realisation. When assessing the impact of realisation, the impacts on reputation, the wellbeing of people and the environment are assessed in addition to the impacts in euros.

Risk identification and assessment play a key role in Kesko's strategy work and operations planning. In addition, risk assessments are made of significant projects related to capital expenditure, business arrangements or changes in operations. The risk assessments of divisions and common functions that include a risk map, risk management responses, responsible persons and schedules are reviewed regularly by the management of the respective division or common function.

Risks and risk management responses are reported in accordance with Kesko’s reporting responsibilities. The divisions and the common functions report on risks and changes in risks to the Group's risk management function. Risks are discussed by the risk management steering group, which includes representatives of the divisions and the common functions. On that basis, the Group’s risk management function prepares the Group’s risk report, which is reviewed by the Governance, Risk and Compliance (GRC) steering group, after which the Kesko's President and CEO approves the report. 

The Group's risk map, the most significant risks and uncertainties, as well as material changes in and responses to them are reported to the Kesko Board's Audit Committee in connection with reviewing the interim reports, the half year financial report and the financial statements. The Audit Committee also evaluates the efficiency of Kesko’s risk management system. The Chairman of the Audit Committee reports on risk management to the Board of Directors as part of the Audit Committee Report.

Kesko's Board discusses Kesko Group’s most significant risks and uncertainties. The Board reports on the most significant risks and uncertainties to the market in the Report by the Board of Directors and on material changes in them in the half year financial report and the interim reports.

Arranging insurance cover is part of Kesko's risk management

Arranging insurance cover is part of Kesko's risk management and it is guided by the insurance principles confirmed by Kesko's Board of Directors. The need for insurance cover is assessed taking account of Kesko's risk capacity and appetite. The risks that have a significant impact on Kesko's profit and liquidity are insured, whereas the need for insuring other risks is assessed on a risk basis. The purpose of insurance is acting as a means to balance the profit in case of unexpected damage. Risks can be knowingly left uninsured at own risk, if it is sensible and cost effective on the basis of risk assessment. The Group's risk management function is responsible for the Group-level insurance programmes, related guidelines, their competitive tendering and brokerage services. 

Risk management model and responsibilities

Kesko's Board of Directors confirms the Group's risk management policy and reviews the Group's most significant risks and uncertainties in its meetings.

The President and CEO manages Kesko Group's operations in accordance with the instructions and orders given by the Board of Directors and reports to the Board of Directors on the developments in the Company's business and financial situations. In risk management, the President and CEO is assisted by the Group's risk management function, as well as the GRC (Governance, Risk & Compliance) steering group, which consists of key persons from the Group management and risk management.

The management of the business operations and common functions are responsible for the execution of risk management. In each division, the finance director is responsible for the execution of risk management. The risk management unit coordinates the risk management process and is responsible for risk reporting and executes risk identification, the determination of risk management responses and their implementation jointly with the businesses and common functions. Every member of Kesko personnel must know and manage the risks in his/her area of responsibility. 


Risk management responses in 2020

The scope of risk management was improved by expanding the use of risk data arising from various risk assessments between units and functions, and by adopting new indicators for risks and risk management measures. A dedicated Covid-19 pandemic preparedness management team was established for the Group in the spring to coordinate the situation, decide on measures, and supervise the implementation of those measures. Key focus areas were the health and safety of personnel and customers and business continuity. A Covid-19-related risk assessment and reporting process was also established to support the planning and implementation of measures. To ensure the effectiveness of insurance coverage, insurance services outside Finland were harmonised. The improvement of the efficiency of security technology and services continued through concentration of purchases, the development of the lifecycle management of security and real estate systems.

Risk management focus areas in 2021

Key focus areas for risk management will be better utilisation of risk data and developing the measurement of risks and risk management measures. In continuity management, we will continue the implementation of the new steering model and update reporting to management. Kesko Group's insurance coverage will be updated based on risks, if necessary. The improvement of the efficiency of security technology and services will continue through concentration of purchases, the development of the lifecycle management of security and real estate systems, and the prevention of related cyber threats. Special Covid- 19-related measures to ensure the safety of personnel and customers and business continuity, first launched in 2020, will continue.

To top