Risk management and internal control are an important part of Patria’s control and monitoring system. Risk management and internal control contribute to ensuring that operational and profitability goals are achieved and loss of resources and assets is prevented. Furthermore, risk management and internal control contribute to ensuring appropriate reporting, compliance with laws and regulations, and to avoiding damage to Patria’s reputation.
Patria has a Risk management and internal control policy, approved by the Board of Directors. This policy specifies the tasks, objectives, responsibilities and authorizations of Risk management and internal controls. Primary responsibility for risk management and internal control lies with the business units and support functions performing the day-to-day control. Patria’s support functions provide guidelines regarding risk management and internal control, and monitoring these activities on different levels. The Internal Audit Function and the Auditors, security and quality auditors, as well as customers, monitor and evaluate the effectiveness of risk management and internal control.
The Board is responsible for monitoring and steering the risk management and internal control as the highest body of the company, and the Audit Committee of the Board monitors the effectiveness of the risk management and internal control. The CEO is responsible for the proper operations and monitoring of the Group’s risk management and internal control. Patria also has a risk management steering group that supports the Group and business unit management in the planning, development, and implementation of risk management processes.
Risks are classified into strategic, operations, and financial risks, caused either by external conditions and events or activities within the Group. Risk identification and assessment, as well as the planning and monitoring of risk control and mitigation activities, are part of Patria’s annual business operations planning and an integral part of the daily operations of the business units and support functions.
Twice a year, Patria’s business units and support functions report their major risks and the related control and mitigation actions to Group management. New, significant risks are reported to Group management without delay, immediately after they have been identified. The most significant risks faced by the Group, together with the related risk control and mitigation activities, are reported to the Audit Committee and the Board of Directors.
Due to the nature of Patria’s business operations, individual project agreements can be material in relation to the Group’s annual turnover. They may include product development, require extensive subcontracting and other co-operation with third parties, and may result in deliveries that take place over several years. Moreover, the contents of deliveries and the forms of industrial co-operation implemented together with partners can be complex in nature. The risks and uncertainties involved in such agreements and projects are typically versatile and significant, requiring thorough assessment and management.
The effects and control of risks related to Patria’s major projects are assessed with regularity by the Risk and Revenue Recognition Board and the Board of Management, and thereafter reported to the Audit Committee of the Board and to the Board of Directors.
Patria’s values and the Code of Conduct accepted by the Board, policies and guidelines accepted by the Board and management, and guidance given by the Group or Business Units provide the basis for internal control. Internal control includes also the organization structure of the Group and the authorities and responsibilities. Internal control is part of everyday work and the tasks of internal control are implemented in the business processes. Internal control activities are carried out at all levels and functions of the Group.