Olli Uotila
Manager, Internal audit and Risk Management
Risk management aims to ensure the achievement of an organisation’s objectives. Risk management is an integral aspect of an organisation’s planning, management and continuous operational activities. Risk management processes are typically based on international risk management frameworks, such as:
or COSO ERM, an internal control model with integrated enterprise risk management
According to the ISO 31000 standard, the purposes of risk management include:
Enhancing the likelihood of achieving objectives
Improving the identification of opportunities and threats
Ensuring compliance with the applicable legislation and regulatory requirements
Creating a reliable foundation for decision making and planning
Improving operational effectiveness and efficiency.
In many organizations, risk management processes are complemented by corporate governance structures:
In Finland, listed companies are subject to the Corporate Governance Code issued by the Securities Market Association
Corporate governance recommendations have also been issued for unlisted companies (in Finnish)
Organizations subject to oversight by the Finnish Financial Supervisory Authority also have specific requirements and recommendations pertaining to risk management.
The controller function of the Ministry of Finance has drawn up recommendations on best practices in internal control and risk management for government agencies and institutions
We help you with:
Assessing and improving the level of risk management
Planning risk management processes and methods, and preparing instructions and guidelines
Risk assessment focused on various areas of operations, for example:
the entire organisation’s operations
a particular function or process within the organisation (e.g. project activities)
ICT risks
risks related to significant decisions (e.g. major investments)
Risk management systems’ requirements specifications and deployment
