Risk management

Fortum’s Board of Directors approves the Group Risk Policy that defines the objective, main principles and division of responsibilities for risk management. The Group Risk Policy also includes a description of the main features of the risk management process which is applicable to all processes including financial reporting

Risk management framework and objectives

Fortum’s Risk Management framework is described in the Group Risk Policy and supporting documents. The Group Risk Policy includes an overview of Fortum’s risk management systems consisting of the general principles of risk management and the main features of the risk management process. The objective of the risk management systems are to;

  • support the development of the Group strategy,
  • support strategy execution,
  • support the achievement of agreed targets within acceptable risk levels so that the Group’s ability to meet financial commitments is not compromised,
  • ensure the understanding of material risks and uncertainties affecting Fortum, and
  • support the prevention of accidents that can have a severe effect on the health and safety of employees or third parties, and from incidents that can have a material impact on Fortum’s assets, reputation or the environment.

The main principle is that risks are managed at source meaning that each Division and Corporate Function Head is responsible for managing risks that arise within their business operations. However, certain risks, such as currency, interest rate, liquidity and refinancing risks, are managed centrally.

Internal controls in relation to financial reporting

The internal control and risk management systems relating to financial reporting are designed to provide reasonable assurance regarding the reliability of financial reporting and aim at ensuring compliance with the applicable laws and regulations.

financial reporting framework model

Fortum’s internal control framework is based on the main elements of the framework introduced by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). The controls including financial reporting controls, have been defined based on the main risks in the process. Internal controls are one of the key elements of Compliance
Programme in Fortum, which also covers business ethics and regulatory compliance.

Fortum has decentralised organisational model, and a substantial degree of authority and responsibility has been delegated to the divisionsin the form of control responsibilities. Fortum’s control governance applies the so-called “Three lines of defense” model as illustrated in the graphic.

Control governance model

Internal Audit

Fortum’s Internal Audit is an independent and objective assurance function providing a disciplined and systematic approach in examining and evaluating the appropriateness and effectiveness of the Group’s management and corporate governance processes, internal control system, risk management, and operational processes.

The Institute of Internal Auditors’ International Professional Practices Framework form the basis for the work of Internal Audit.


Financial risk management at Fortum


Fortum's financial reports and presentations archive