Risk management is a part of the company's control and monitoring system. The objective of Citycon’s risk management is to ensure that the business targets are achieved by identifying and mitigating key risks which may threaten these targets.
Risk management process and reporting
The risk management and reporting process involves identifying, assessing, quantifying, mitigating and monitoring the most significant business-related risks. The process includes evaluation of existing, and the planning of new, risk mitigation plans for the identified risks in order to continuously improve risk management. Successful risk management implemented in the business processes decreases the likelihood of risk realisation and mitigates the negative effects of realised risks. The risk reporting process gathers data on risks and the respective mitigation plans into one group-wide risk register, for annual reporting to Citycon's Board of Directors. This is done in conjunction with the budgeting process so that the risks are linked to the annual business targets. In order to evaluate the importance of each risk and to improve the comparativeness, an estimate of the loss associated with each risk is determined together with the probability of risk realisation. The possibly realised risks during the previous year are also estimated and reported.
Each function has a dedicated person who is the owner of the risks in that area and also is responsible for the reporting of the risks, the mitigation plans and the follow-up on their implementation. Core risks are reported to the Group Treasurer who prepares the risk report for the Board of Directors. It is the duty of the CEO and the Corporate Management Committee to develop and maintain procedures in line with the principles of risk management approved by the Board of Directors. The Board of Directors regularly monitors the company's business risks and uncertainties and reports them as required under the legislation in force and regulations or guidelines issued by the Finnish Financial Supervisory Authority.
Risk factors and risk management
At Citycon risk factors are classified as internal risks and external risks. The main risk factors that can materially affect Citycon's business and financial results are associated with property values, leasing, property development, operations, environment and people and financing. The company’s risk factors, along with its main risk management actions, are presented in detail on pages 60-61 in the Annual and Sustainability Report 2015 and in the Financial Statements 2015. Near-term risks and uncertainties are described in the interim reports issued by the company quarterly.