OX2’s ERM framework
The risk processes are supported by OX2’s framework for risk management, Enterprise Risk Management (ERM), which aims to create an aggregated analysis of the company’s risks and to systematize the continuous work.
Risk and risk management
OX2 has both a company-wide risk process and integrated risk management in its business process. By means of proactive, systematic risk management, OX2 is able to prevent and manage risks and exploit opportunities to deliver on OX2’s strategy and objectives.
The overall aim of the risk processes is to ensure that we manage risks systematically and effectively, and set the right priorities to achieve our goals. The OX2 management team has ultimate responsibility for risk management and the implementation of risk mitigation measures. The Board of Directors is involved in the annual risk analysis at company level and through representation in the business process for project management, in which project risks are continuously identified, assessed and managed.
Identify and aggregate
Analyze and assess
Report, integrate and mitigate
Follow up and communicate
Group-wide risk process
The Group-wide risk process is based on continuous risk management in the Group’s markets, product areas and Group functions. Reporting follows a common structure and risk categorization method. The risks reported are strategic and market related, operational, financial and regulatory, and sustainability risks. The risks identified by the functions as major risks, taking into account their impact and likelihood, are reported on a quarterly basis to the management team, which analyses the risks, follows up on mitigation measures and manages further risk mitigation activities.
General business risks fall into five categories: strategic and market, operational, financial and regulatory, and sustainability.
Strategic and market risks
The main strategic and market risks for OX2 are deemed to be closely related to grid connection constraints, lower electricity prices and weaker macroeconomic conditions. Factors such as reduced competitiveness as a result of technological development and how the company designs its offer to the market, and reduced access to project rights in the market are deemed to constitute more significant market risks.
Operational risks
The main operational risks are considered to be disruption in the supply chain, more difficult permitting processes, lack of skills and ability to retain key staff, inadequate capacity in Group functions, delays and cost overruns in the construction portfolio, and risks related to IT security and cybersecurity.
Financial risks
The most significant financial risk is related to the business processes and is attributable to the company’s guarantee commitments and financial counterparty risks, while the main regulatory risks relate to uncertainties about regulatory changes resulting from geopolitical changes and political decisions.
Sustainability risks
The main sustainability risk is related to breaches of anti-corruption laws and related counterparty risks.
