Cargotec's governance and management are based on the Finnish Limited Liability Companies Act and Securities Markets Act, as well as the Company’s Articles of Association and Code of Conduct. The Cargotec class B share is listed at Nasdaq Helsinki and the Company complies with the rules and guidelines of Helsinki Stock Exchange and the Finnish Financial Supervision Authority as well as with all the recommendations of the Finnish Corporate Governance Code 2020, published by the Securities Markets Association (www.cgfinland.fi/en).
The objective of Cargotec’s internal control is to ensure that its operations are efficient and profitable, that risk management is adequate and appropriate, and that financial and other information produced is reliable. Cargotec’s internal control is based on the company’s Code of Conduct and Internal Controls Framework. With respect to the financial reporting process, these are supported by Cargotec’s policies and guidelines, as well as its internal financial reporting process and communication. Cargotec’s internal control policy, which is approved by the Board of Directors, specifies the applicable control principles, procedures and responsibilities. The company SpeakUp Line gives an opportunity to confidentially and anonymously raise concerns of possible misconduct or other matters that may not be in line with company values and policies.
Similarly to other Cargotec operations, responsibility for internal control is divided into three tiers. The line management is principally responsible for internal control. This is backed by corporate support functions, which define instructions applicable across the company and supervise risk management. Internal and external audits form the third tier, their task being to ensure that the first two tiers function effectively.
The role of Cargotec Internal Audit is an independent and objective assurance and consulting activity that is guided by a philosophy of adding value and improving the operations of Cargotec and its businesses. It helps and supports the business organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. To ensure the independence of the Internal Audit function, Head of Internal Audit reports functionally to the Audit and Risk Management Committee, and administratively to the CFO. Internal Audit develops a flexible risk based audit plan which is approved by the Audit and Risk Management Committee.
Cargotec's risk management aims at anticipating risks involved in operations and managing them in the appropriate manner. The purpose of this is to support the values, strategy and goals, and the continuity of operations.
Cargotec’s global operations require comprehensive risk management. Cargotec defines a risk as any internal or external threat or uncertainty which may prevent or jeopardise operations and the achievement of company objectives.
At Cargotec, risk management is part of internal control operations. The key principle is continuous, systematic and preventive action taken to identify risks, define the company’s risk appetite, assess and manage risks and, should they materialise, deal with them effectively.
The objectives and principles of risk management are defined in the Cargotec Risk management policy approved by the Board of Directors. Cargotec’s risk management is spread across units and corporate support functions that assign responsibility for risk management and which are in charge of identifying, managing and reporting risks.
The Board of Directors is responsible for ensuring sufficient risk management and control. The Board is also responsible for defining Cargotec’s risk appetite, that is, the level of risk accepted, on an overall basis. The Board shall receive relevant and timely reporting on risks and risk management as defined in the risk management policy, and it can mandate the Audit and Risk Management Committee of the Board to assist in the practical oversight role.
The CEO and Leadership Team are responsible for the methods, implementation and supervision of risk management, and report on these to the Board of Directors.
As far as it is possible and practical, risk management is conducted within business units and support functions as part of day-to-day processes. Identification, assessment, treatment planning and reporting are part of Cargotec’s planning and decision-making processes. Follow-up of risks and risk management actions forms part of the management and follow-up of the company’s operations as a whole. Each Cargotec employee is responsible for identifying, assessing and managing risks in his or her area of responsibility, and for reporting any significant risks to the relevant managers.
The role of the corporate risk management function is to develop and coordinate the overall risk management framework and process. This function supports the businesses in implementing risk management and performs certain specified tasks, such as the coordination of global insurance programmes.
Climate-related risks and opportunities are identified and assessed with the help of the general corporate risk management process as well as a dedicated climate-related risk management process, created by the corporate sustainability and strategy teams. Financial risks are managed centrally by the Corporate Treasury and reported on for corporate management and the Audit and Risk Management Committee on a regular basis.