Sandvik Group key risks 2018
Risk description
Risk consequence
Risk mitigation
Risks connected to shifts or consolidation in the industry, in certain customer segments or markets.
The inability to reach strategic objectives long term, leading to lower growth or lower financial performance.
The different business areas are working with proactive business development and M&A. There is a strong focus on product segmentation (multi-company development/strategies, midmarket), aiming to diversify the product portfolio and reduce dependence on individual customer segments. There is also strong cost control in all our businesses.
Risks connected to high market volatility, rapid macroeconomic fluctuations and cyclical industries/markets.
The inability to plan long term, leading to less agile business, higher costs or price models not being profitable, causing lower financial performance long term.
All businesses are working with strong cost control and cost flexibility. All businesses are closely monitoring relevant Key Risk Indicators (capex investment in mining, raw material prices, GDP, oil rig count, daily order rates, etc.). They all have up to date contingency plans, including different scenarios, ready to activate at first signs of a down-turn.
Risks connected to technological developments/advancements that can impact or challenge current ways of doing business or demand for current products/ services. Increased need for specialist/expert competence in R&D and other niche areas. Inability to attract new talents in certain highly competitive markets.
The inability to reach strategic objectives long term, leading to lower growth or financial performance. A general risk of losing competitiveness and business position on the market with a special risk focus if not being able to take a strong position in the digital area fast enough.
There is a strong focus on R&D in all our businesses as well as proactive business development and M&A activities where growth is a priority. The business is closely monitoring the development of new technologies and customer segments. Partnerships have been formed with key partners and research centers to advance knowledge and capabilities in areas currently not core business. The business has also invested in additive manufacturing, powder technology, digitalization and automation. Sandvik has, across the business areas, focused on developing the Sandvik employer brand. One key area is to use new, digital channels to attract and recruit competence for the future. Succession planning has been strengthened for top management positions.
Significant new legislation or regulations that could have an impact on the Sandvik business.
The inability to quickly respond to new regulations leading to higher costs, fines or the inability to continue manufacturing of certain products. Can have negative reputational impact.
All parts of Sandvik work with the monitoring of different initiatives and continually evaluate their impact on our business. We are active in business associations and other organizations, such as Jernkontoret and Svenskt Näringsliv, to name a few, to monitor regulatory development to benefit long-term sustainable business.
Risks that legal and regulatory requirements are not met.
Worst-case scenarios show high financial impact due to fines in multiple markets. Can have a major negative reputational impact if risk were to materialize.
The Group has an established governance framework, The Sandvik Way, which includes Group policies, Group procedures and other steering documentation. The scope of the governance framework, including the controls implemented, is based on legal requirements and risk exposure. Sandvik's formal compliance programs of antibribery and anti-corruption, competition law, customs and export controls and data privacy are managed by the business with oversight through a Group functional council. GDPR (General Data Protection Regulation) program being rolled out globally.
Risks of disturbances in critical IT systems, business processes or other digital infrastructure. Increased need for digital and innovative business development competence.
Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.
A cyber security improvement program across the Sandvik Group is ongoing. Each business area is running an IT security improvement program, including risk review of critical business applications and risk-based network segmentation.
Failure to adequately restrict access to information which may result in unauthorized knowledge or use of confidential information.
Can lead to business critical information being made available to unauthorized individuals/organizations.
Increased authentication to prevent unauthorized access to certain systems has been implemented in Sandvik’s IT environment. All business areas have strengthened their IT security management and information security resources during the year. Review of key processes for information release and overall communication channels initiated. GDPR (General Data Protection Regulation) implementation is being rolled out globally.
Risk of unclarity on mandate and responsibilities in the new decentralized way of working.
Can result in both organisational inefficiency and inability to deliver products or services on time to customers.
Improved communication and training on roles and responsibilities in the new decentralized way of working. Compliance with Limits of authority.
Risks that major disasters or hazardous events disrupt the company’s ability to sustain operations, provide essential products and services to customers, or recover operating costs.
Inability to deliver products or services on time to customers or timely information to other stakeholders, leading to lower financial performance or negative financial impact due to fines.
A review and update of the Group’s Crisis Management Policy was conducted during 2018 and the development of the Business Continuity framework has been initiated. The business areas have already performed risk scenario planning for some of the most critical production entities, supply chain vulnerabilities and IT system dependencies.