Risk management

Summa Defence is a Finnish defense and security technology group that serves as a growth platform by bringing together security companies and securing product development and resources in a globally growing and developing industry. 

The most important objective of Summa Defence’s risk management is to support the implementation of the Group’s and its companies’ strategy, ensuring the continuity of operations and the achievement of business objectives by anticipating, identifying and managing risks related to the Group’s operations. 

The Group’s risk management is integrated into the company’s strategy process, business planning and Group management. Risks are identified and managed as part of operations, planning and decision-making in accordance with the company’s management system and responsibilities. Risks are reported externally as part of financial reporting.

The Group’s risks are classified into strategic risks, operational risks, financial risks, and compliance and regulatory risks. Uncontrolled risks may affect the Group’s ability to achieve its strategic and/or operational business objectives. Risks are anticipated by continuously monitoring the operating environment and integrating risk management into the company’s key processes. 

Risks related to the company’s business activities are also described in the 31 March 2025 Company Description.

risk management responsibilities

Summa’s risk management responsibilities are as follows: 

The company’s Board of Directors acts as the supreme supervisory body, which monitors and assesses that Summa’s risk management process and foresight are adequate. The Board of Directors assesses the company’s risks in relation to the implementation of the strategy. 

The Group’s operative management and the CEOs of the Group companies are responsible for taking risks into account in operational activities and for taking sufficient mitigation measures to enable the implementation of the company’s strategy. Operational management also ensures sufficient resourcing. 

The company’s employees take risks into account and manage them as part of their daily work and, if necessary, participate in identifying the company’s risks. 

Internal audit 

The company does not have a separate internal audit function but internal audit is divided between different functions within the company. If necessary, the Board of Directors may use external consulting to carry out oversight and internal audit assessments. If necessary, these can be used to develop the company’s operations and ensure that the company’s processes optimally support the implementation of the strategy.