Input and risk identification
The process starts with risk identification and prioritization during the ERM planning process. As part of the overall annual business plan process, the organization prepares an ERM business plan, which sets the focus and priorities for operational risk management within countries, divisions and the Group for the coming year.
The yearly risk assessment process is coordinated by the Group risk organization, which is also responsible for maintenance of the risk register which is updated annually primarily based on the organization's ERM business plans, but also on other sources of input.
The risk register contains about 50 risks. Out of the 50 risks, 12 are selected as top risks that will be subjected to monitoring activities. Out of these, eight risks are currently considered key Group risks and have been assigned primary focus for the coming year. The ultimate prioritization of key risks for each year is decided by Group Management and presented to the Audit Committee.
Eight key risks
- Client contract risk
- Assignment execution risk
- Compliance (regulatory and other) risk
- Business continuity risk
- Price/Production cost risk
- Information security risk
- Securitas’ Values and Ethics compliance risk
- Insider threat risk