Clear accountabilities at all levels
The first level of control consists of our employees who perform the day-to-day activities within the boundaries set by the Exec utive Committee, and ultimately, the Board of Directors. These boundaries ensure that the actions of a single individual will not result in disproportionate risk, missed opportunities for the entire company or Elekta not achieving its strategic goals. Elekta's employees and their managers own all risks related to their business operations and are expected to manage these by maintaining internal controls and risk control procedures. Every employee is expected to comply with internal policies and procedures, applicable laws and regulations. Elekta's support functions, such as Finance, IT, Human Re sources, Legal & Compliance, Risk and Regulatory Affairs & Quality, form a second control level and carry out various risk management and compliance activities to support and monitor the first level of control. Elekta's independent internal audit function constitutes a third and final level of control reporting to the Audit Committee on the effectiveness of the risk management processes and internal control system.
Elekta's two-dimensional ERM process:
- "Top-down" - designed to distill insights and provide clarity on the most important risk areas, supporting risk-informed decisions at the executive level and enabling proper risk oversight by the Board of Directors.
- "Bottom-up" - ensuring a consistent, comprehensive and group wide risk identification and prioritization of important risks. Risks are evaluated on the basis of impact and probability and the level of risk preparedness.
Top-down Methodology provides clarity on key risks at group level and enables proper risk oversight by the Board of Directors.
Bottom-up Methodology ensures consistent and com prehensive risk identification and prioritiza tion across the company. Risks are evaluated on the basis of impact and probability and level of preparedness.
Risk management governance
The Board of Directors is ultimately responsible for the gover nance of risk management and control systems. The President and CEO, assisted by the Executive Committee, is responsible for ensuring there is a common and efficient risk management process in place. Support functions provide guidance on gover nance, risk management and internal control.
Risk management linked with strategic planning
Elekta has an established Enterprise Risk Management (ERM) framework aligned with the strategic planning process. A group-wide overview of all Elekta's risks is undertaken twice a year, using a common risk identification and rating method ology, providing a basis for decision-making and prioritization as well as ensuring appropriate levels of control.
Elekta's risk universe and risk approach
The Elekta risk universe is built from a bottom-up approach where individual risks are consolidated into 28 identified aggregated risk area, and subsequently four risk categories (strategic, operational, financial, and external risks, more details below).
Each individual risk is measured on its probability, risk management preparedness and contribution on the overall impact on Elekta. Each risk is also given a unique weight, which will determine the level of influence on the overall risk score. To ensure efficiency in Elekta’s ability to successfully respond to disruptive events at group level and continue business operations Elekta has also embraced a top-down approach where major risks are further evaluated in the Executive Committee and thereafter the Board, who both sign off on Elekta’s defined Key Risks (more details below).
Insurance as a risk management tool
Where identified risks cannot be avoided, mitigated or accept ed, risks are being transferred through insurance where possible. Elekta's insurable risks are covered through global insurance programs tailored to transfer risks associated with property and business interruption, transportation, project execution, business travel, cyber- and liability risks.