Securitas' enterprise risk management process (ERM) is engrained in the business and based on a close cooperation between operative management and all functions working with the different parts of the risk management process.
- The process starts with risk identification and prioritization during the ERM Planning process
- The Group Policies and Guidelines as well as local processes, rules and procedures establish the framework for day-to-day risk management
- The identified risks and adopted policies also set the structure for all compliance monitoring in the Group
- The ultimate responsibility for governance of risk management lies with the Board of Directors, but the work involved in minimizing risks takes place through a structured process of assigning responsibility to all levels of the organization
Securitas is exposed to various types of risks in its daily business. When providing security services, Securitas manages not only its own risks, but also risks on behalf of its customers. Minimizing the risk of a loss occurring, and thereby protecting our stakeholders, is an important objective. Securitas’ risks have been classified into three main categories: contract and acquisition risks, operational assignment risks and financial risks. The categories are based on the natural flow of the business – entering into a contract, execution of the assignment and the financial result. Similar risk categories are also relevant for acquisitions, but are then classified as acquisition risks, operational integration risks and financial integration risks.
All of the risks in these categories can impact the Group's financial performance and position if they are not managed in a structured way. This is why Securitas has developed its four-step process approach for managing enterprise risks.
To support the ERM work, Securitas has implemented a web-based governance, risk and compliance (GRC) system that comprises all four steps in Securitas’ enterprise risk management process and gathers the ERM information in one database. The GRC system is implemented with the purpose to support the overall ERM work in the Group. It is used to streamline the ERM processes to further structure current processes and workflows.
The main workflows included in the system are ERM self-assessment, ERM business plan, policy management, sustainability reporting, audit module and risk register. Also, the system automates current processes, such as reports, with the aim to improve the overall quality of the ERM work and serves as a single point of information. The four steps and current actions are described in further detail on the following pages.
Click here to read about enterprise risk management in the Annual Report 2016