Risk management and risks

Risks and uncertainties

The Group’s risks are related to its operational environment, or business or financial risks. Risks related to the operational environment may include business development risks, market risks or legislative risks. Business level risks may include personnel risks, risks related to management, process risks, service risks, information security risks, accident risks, growth-related risks or partner risks. Financial risks include, for example, financing and credit risks. During 2018, no substantial changes have occurred in the Group’s view of its risks.

Poor economic development in Finland or Sweden may have an indirect adverse impact on VMP’s business and result. In economic downturns it is possible that companies use less staffing services and other HR services offered by VMP. The future development of the labor market may affect VMP’s business. Material short-term risks also include tighter competition in the HR and recruitment market, changes in legislation or collective agreements, and the cyclical nature of the business.

VMP manages its activities according to its strategy. Therefore, the company’s business operations include risks in case the company is unable to successfully realize its strategy. In its operations, VMP is reliant on its ability to find, recruit and manage a sufficient number of staffed workers, and on the successful execution of recruitment, headhunting and personal evaluation assignments. Identifying targets for corporate acquisitions, realizing corporate acquisitions and integrating the acquired companies into the Group’s operations may present a risk for VMP’s business. Development of new products and services include risks to business operations. In addition, there are risks related to the functionality of the Group’s IT systems, data privacy, and the availability of competent and skilled key employees. The Group’s business also includes reputational risk.

Main features of internal control and risk management related to financial reporting process

Overview of risk management

The objective of risk management is to ensure the realization of the Group’s targets and uninterrupted continuity of operations. In its activities, VMP complies with the principles of risk management and guidelines for internal control approved by the Board. The principles of risk management are based on the Finnish governance code.

VMP’s risk management is part of the Group’s ERP and is thus an integral part of the Group’s management system. It is an integral part of VMP’s planning and management process, decision making, day-to-day management and operations, and its monitoring and reporting functions. Risk management is a part of internal control.

Risk management is systematic, predictive and comprehensive. It covers the activities of the entire Group and accounts for all risk areas. This means that key risks are identified, assessed, managed, monitored and reported on systematically as part of business operations.

The planning and strategy process includes identifying risks that threaten the realization of targets and defines the means of managing them. VMP’s risk management consists of a risk management target state, a risk management process and its implementation, monitoring and reporting. Risk management is developed continuously as part of VMP’s operations.

VMP may take calculated risks that can be managed and that would have reasonable impact if realized. Risk-taking shall be based on advance identification and assessment of possible impact as well as identification and weighing of potential benefits and harms. Risk-taking shall not jeopardize the realization of the Group’s targets or short- or long-term business continuity.

The Board confirms the principles of the Company’s internal control and risk management and changes related to them, and handles the significant risks and uncertainties related to the Company’s operations.

VMP’s CEO, with the support of the Group’s Management Team, is responsible for drafting the principles of risk management. The CEO is responsible for ensuring that the Group implements risk management systematically and appropriately. In addition, the CEO shall ensure the adequate scope of VMP’s risk management and evaluate its implementation. The CEO reports to the Board on VMP’s strategic level risks and means of controlling them, in compliance with the risk management principles and risk management processes approved by the Board.

The Board discusses the most significant strategic-level risks and the measures for managing them, and evaluates the efficiency and functioning of risk management. The Group Management Team discusses the most significant business risks to different business operations and the measures for managing them, and evaluates the efficiency and functioning of risk management. The CEO and each member of the Management Team and franchisee is responsible for operational risk management, identification of risks as well as defining and monitoring risk management methods in their areas of responsibility.

The Legal Counsel is responsible for the coordination of risk management.

Internal control and audit

The goal of VMP’s internal control to ensure that VMP’s objectives and targets are achieved, the Group’s resources are spent economically and efficiently, business risks are managed appropriately, and that financial and other information is reliable and accurate. In addition, internal control seeks to ensure business continuity in a changing operating environment and compliance with VMP’s internal policies, instructions and processes, as well as applicable legislation and regulations. Internal control is an integral part of the Company’s good governance.

Internal control of financial reporting seeks to ensure that published interim reports, half-year statements, financial statements and other financial information, financial statements and annual reports are reliable and comply with the accounting and reporting principles adopted by the Company. The Company’s Board reviews and approves interim reports and financial statements according to its Rules of Procedure and approves the operating principles of internal control and auditing and monitors their implementation.