The identified risks and adopted policies set the structure for the fourth step of the process - Risk-based monitoring. Risk are monitored utilizing various tools and methods best suited for the respective risk domains, eg self-assessments, audits, risk and control diagnostics, and/or are subject to other monitoring activities throughout the year.
Monitoring permeates all levels throughout the organization and is performed by different functions depending on whether it is related to operational or financial reporting matters. Below please find some examples of monitoring within Securitas:
- The Board of Directors plays an important role in the ongoing process of identifying and evaluating significant risks faced by the Group and the effectiveness of related controls.
- The Audit Committee monitors the effectiveness of the Group's ERM and internal control systems. In addition, the Committee also supports the Board with the task of ensuring internal control over financial reporting. The Committee also reviews all quarterly and annual financial reports before publication.
- The President and CEO and Group Management review performance through a comprehensive reporting system based on regular business reviews of actual results, analyses of variances, key performance indicators and regular forecasting.
- Within the second line, the Group has established a structure of compliance areas, with clear accountabilities for monitoring and supporting compliance in relation to each such compliance area.
- The Group Internal Audit function is a part of the integrated assurance agenda to ensure that the Securitas operational model is adhered to. The risk-based audit plan is updated on a continuous basis, and adjusted throughout the year to best fit a changing operational risk landscape.
- Local management is primarily responsible for monitoring and ensuring compliance by local units with Securitas Group Policies including any division-specific policies and guidelines.