Risk management linked with strategic planning

Elekta operates in a highly competitive and regulated industry and a strong local presence leave us open to such risks as threats, uncertainties or lost opportunities relating to current or future operations or activities. Sound practices for risk manage ment are an essential element of our culture, corporate gover nance, strategy development, and operational and financial management. We strive to maintain a culture of individual accountability, where everyone factors in risk in daily decision making so that the right level of risk is being assumed.

Clear accountabilities at all levels

The first level of control consists of our employees who perform the day-to-day activities within the boundaries set by the Exec utive Committee, and ultimately, the Board of Directors. These boundaries ensure that the actions of a single individual will not result in disproportionate risk, missed opportunities for the entire company or Elekta not achieving its strategic goals. Elekta's employees and their managers own all risks related to their business operations and are expected to manage these by maintaining internal controls and risk control procedures. Every employee is expected to comply with internal policies and procedures, applicable laws and regulations. Elekta's support functions, such as Finance, IT, Human Re sources, Legal & Compliance, Risk and Regulatory Affairs & Quality, form a second control level and carry out various risk management and compliance activities to support and monitor the first level of control. Elekta's independent internal audit function constitutes a third and final level of control reporting to the Audit Committee on the effectiveness of the risk management processes and internal control system.

Elekta's two-dimensional ERM process:

"Top-down" - designed to distill insights and provide clarity on the most important risk areas, supporting risk-informed decisions at the executive level and enabling proper risk oversight by the Board of Directors.
"Bottom-up" - ensuring a consistent, comprehensive and group wide risk identification and prioritization of important risks. Risks are evaluated on the basis of impact and probability and the level of risk preparedness.

Top-down Methodology provides clarity on key risks at group level and enables proper risk oversight by the Board of Directors.

Bottom-up Methodology ensures consistent and com prehensive risk identification and prioritiza tion across the company. Risks are evaluated on the basis of impact and probability and level of preparedness.

Risk management governance

The Board of Directors is ultimately responsible for the gover nance of risk management and control systems. The President and CEO, assisted by the Executive Committee, is responsible for ensuring there is a common and efficient risk management process in place. Support functions provide guidance on gover nance, risk management and internal control.

Risk management linked with strategic planning

Elekta has an established Enterprise Risk Management (ERM) framework aligned with the strategic planning process. A group-wide overview of all Elekta's risks is undertaken twice a year, using a common risk identification and rating method ology, providing a basis for decision-making and prioritization as well as ensuring appropriate levels of control.

Elekta's risk universe and risk approach

The Elekta risk universe is built from a bottom-up approach where individual risks are consolidated into 28 identified aggregated risk area, and subsequently four risk categories (strategic, operational, financial, and external risks, more details below).

Each individual risk is measured on its probability, risk management preparedness and contribution on the overall impact on Elekta. Each risk is also given a unique weight, which will determine the level of influence on the overall risk score. To ensure efficiency in Elekta’s ability to successfully respond to disruptive events at group level and continue business operations Elekta has also embraced a top-down approach where major risks are further evaluated in the Executive Committee and thereafter the Board, who both sign off on Elekta’s defined Key Risks (more details below).

Insurance as a risk management tool

Where identified risks cannot be avoided, mitigated or accept ed, risks are being transferred through insurance where possible. Elekta's insurable risks are covered through global insurance programs tailored to transfer risks associated with property and business interruption, transportation, project execution, business travel, cyber- and liability risks.

Risk areas	Risk description	Consequences	Mitigation
Customer satisfaction & quality excellence (operational risk)	Ability to timely and efficiently identify and respond to customer needs, demonstrate the value proposition of new products and services and fully comply with internal quality assurance systems and processes.	Customer dissatisfaction, loss of quality advantage, generating costs of non-quality and loss of market share.	Continuous development of products in close collaboration with customers and continuous improvements in efficient quality management processes.
Cyber & security threats (operational risk)	Cyberattack on the Elekta inter- Dal network or on external services providers.	Damage to the company network and/or leakage of confi dential information resulting in business interruption, loss of business critical data and breach of privacy regulations.	Consistent risk analyses and monitoring of threats. Employee training, updated software and internal control.
Talent attraction & employee retention (operational risk)	Ability to attract, recruit and retain highly skilled employees.	Lost technological advantage, knowledge transfer disruption and inability to secure long-term talent growth.	Retention and succession planning. Leadership and people development programs and initiatives. Demonstrate sustainable business practices to increase human capital attractiveness.
Compliance & business ethics (operational risk)	Allegations of corruption and bid rigging and failure to prevent improper payments by third parties on Elekta's behalf.	Breach of bribery, public tender and specific industry laws. Loss of reputation, brand value and shareholder value in addition to fines, blacklisting and management distraction and prosecution.	Implementation of effective compliance programs and training with focus on high-risk areas and behavior consistent with Elekta's values.
Technology & innovation (strategic risk)	Ability to anticipate and adapt to customer's needs and tomer's ability to adopt new technology and software.	Loss of competitiveness and ability to reach strategic targets, leading to lower growth and financial performance.	Technology and innovations to be proven through clinical and financial data. Proactively work with customers to support clinical evidence for new technology adoption.
Business transformation & process excellence (operational risk)	Overcoming change management challenges, new delivery. and support models.	Slow adoption of new ways of working and deliveries. Results in lost competitiveness and fail we to meet strategic targets.	Align processes with strategy and stakeholders. Ensure right employee competences and research. Working together as one Elekta team addressing change management.
Macro economic developments (external risk)	Ability to adapt and react to pandemics, trade restrictions/ protectionism and war impact on sales, operations, employee well-being, cash flow and downturns in emerging markets.	Pandemics, trade restrictions and war causing limited access to hospitals and delayed start of installations. Inability to plan long-term, leading to less agile business, higher costs and potentially lower financial performance.	Control of costs and close moni toring of the macroeconomic development in all markets, adjusting ways of working to keep servicing customers and maintain business sustainability.
Competition landscape (external risk)	Ability to anticipate and respond to competition pressure due to vendor and customer consolidation as well as increased competition from the evolving medical imaging and informatics industry market	Potential loss of competitiveness and ability to reach strategic targets, leading to lower growth and financial performance.	Continuous development of state-of-the-art solutions and focus on unique value proposition.
Environmental compliance (operational risk)	Ability to comply with minimum environmental standards & preparedness for investments in climate change	Loss of business advantage, brand value and impacting human capital and financial attractiveness.	Continuous monitoring of environmental legislation development, compliance with legislation and active participation in environmental ratings organizations

Risk management linked with strategic planning

Clear accountabilities at all levels

Elekta's two-dimensional ERM process:

Risk management governance

Risk management linked with strategic planning

Elekta's risk universe and risk approach

Insurance as a risk management tool

Operational risks

Risk factors

Risk approach

Strategic risks

Risk factors

Risk approach

External risks

Risk factors

Risk approach

Financial risks

Risk factors

Risk approach

Elekta key risks (top-down)

Your cookie settings

Risk management linked with strategic planning

Clear accountabilities at all levels

Elekta's two-dimensional ERM process:

Risk management governance

Risk management linked with strategic planning

Elekta's risk universe and risk approach

Insurance as a risk management tool

Operational risks

Risk factors

Risk approach

Strategic risks

Risk factors

Risk approach

External risks

Risk factors

Risk approach

Financial risks

Risk factors

Risk approach

Elekta key risks (top-down)