Enterprise risk management
Securitas’ process for enterprise risk management (ERM) is engrained in the business and seeks to identify, prioritize and manage the key risks to our business at all levels and in all parts of the business.
Securitas is exposed to various types of risks in its daily business. When providing security services, Securitas manages not only its own risks, but also risks on behalf of its clients. Minimizing the risk of a loss occurring, and thereby protecting our stakeholders, is an important objective. Securitas’ risks have been classified into three main categories: contract and acquisition risks, operational assignment risks and financial risks. The categories are based on the natural flow of our business – entering into a contract, execution of the assignment and the financial result. Similar risk categories are also relevant for acquisitions, but are then classified as acquisition risks,operational integration risks and financial integration risks.
Contract and acquisitions risks
The contract risks (and acquisition risks) category includes the risks related to entering into a client contract and the risks related to the acquisition of a new business.
Operational assignment risks
The Operational assignment risks (and operational integration risks) category includes risks that are associated with our daily operations and the services we provide to our clients. This category also covers all risks related to the infrastructure necessary for running the business as well as sustainability risks. Examples are assignment execution risks, Securitas’ Values and Ethics compliance risk and health and safety risks and operational risks, such as IT failure, business continuity, information security and data protection, employee attraction and retention and more.
The Financial risks (and financial integration risks) category includes risks related to financial reporting, as well as financial risks related to external financing needs and currency exposure. To allow the divisions, countries and regions to focus fully on their operations, the management of certain risks (such as financing and currency) is centralized to the Group Treasury Centre, to the greatest possible extent. Other examples within this category are fraud and error risk, management estimates assumptions risk, credit and cash flow risk and regulatory reporting risk.
All the risks in these categories can impact the Group’s financial performance and position if they are not managed in a structured way. Therefore, Securitas has developed its four-step process approach for managing enterprise risks. The four steps are described in further detail on the following pages:
- Input and risk identification
- Policy development
- Risk management activities
- Risk-based monitoring
- Insurance as a risk management tool
To support the ERM work, Securitas has implemented a web-based governance, risk and compliance (GRC) system that comprises all four steps in Securitas’ enterprise risk management process and gathers the ERM information in one database. The GRC system is used to streamline the ERM processes to further structure the processes and workflows and automates the processes, such as reports, with the aim to improve the overall quality of the ERM work and serves as a single point of information.
Securitas' insurance and claims strategy is to "act as if uninsured", please click on this link for more information about insurance as a risk management tool.