Enterprise risk management
Securitas’ process for enterprise risk management (ERM) is engrained in the business and seeks to identify, prioritize and manage the key risks to our business at all levels and in all parts of the business.
Securitas is exposed to various types of risks in its daily business. When providing security services, Securitas manages not only its own risks, but also risks on behalf of its clients. Minimizing the risk of a loss occurring, and thereby protecting our stakeholders, is an important objective. Securitas’ risks have been classified into three main categories: Operational risks, financial risks and strategic risks and opportunities.
Our own operational risk are the risks associated with our daily operations and the services we provide to our clients. The operational risks include a number of different areas such as the risk of not delivering services to our clients in line with contract obligations, that we as a company do not adhere to laws and regulations, the digital information security risk, the risk to our people etc.
Financial risks comprise risks within the financial area such as the cash-flow risk including that we manage the DSO (Days of Sales Outstanding) in an efficient manner, correct reporting of financial accounts, risks related to external financing needs, tax risk, currency exposure and so forth.
To allow the divisions, countries and regions to focus fully on their operations, the management of certain risks (such as financing and currency) is centralized to the Group Treasury Centre, to the greatest possible extent.
Strategic risks and opportunities
Strategic risks and opportunities include that we to be a successful company need to ensure that we manage the strategic risks, that is to continuously follow, lead and adhere to industry trends, that we follow the macroeconomic situation, that we have continuous internal innovation and that we protect and develop the Securitas brand.
All the risks in these categories can impact the Group’s financial performance and position if they are not managed in a structured way. Therefore, Securitas has developed its four-step process approach for managing enterprise risks. The four steps are described in further detail on the following pages:
- Input and risk identification
- Policy development
- Risk management activities
- Risk-based monitoring
To support the ERM work, Securitas has implemented a web-based governance, risk and compliance (GRC) system that comprises all four steps in Securitas’ enterprise risk management process and gathers the ERM information in one database. The GRC system is used to streamline the ERM processes to further structure the processes and workflows and automates the processes, such as reports, with the aim to improve the overall quality of the ERM work and serves as a single point of information.
Securitas' insurance and claims strategy is to "act as if uninsured". Read more about insurance as a risk management tool.