Corporate governance

Home/Governing model/Risk management

Risk management

The core principle of risk management is continuous, systematic and preventive action to identify risks, define the risk level accepted by the company, assess and manage risks, and, in the event that risk materialize, manage and control them effectively so that the company achieves its strategic and financial objectives. Risk management forms part of the company’s management, monitoring, and reporting systems. Risk management covers risk identification, assessment, and contingency planning (Enterprise Risk Management, ERM).

The Board of Directors of the company is responsible for approving the Auroora’s risk management principles and for assessing the adequacy and appropriateness of risk management. The Chief Financial Officer is responsible for Group-level risk management and its organization, resourcing of the work, and reviewing the risk management principles. The Group Management Team is responsible for the implementation of risk management, monitoring of operational risks, risk assessment, and measures related to risks.

Risk management in Auroora is decentralized to the boards of the subsidiaries, which are responsible for risk management in their respective companies, define the responsible parties for risk management, and are responsible for risk identification, management, and reporting. The boards of the subsidiaries are responsible for identifying and assessing risks in their own companies, preparing proposals for risk mitigation, and reporting in accordance with the given instructions to the Group Management Team. Each employee is responsible for identifying and reporting risks related to their own work and other risks they observe to their supervisor.

The coordination of financial risk management is the responsibility of the Group finance and treasury function. It develops financial risk management, supports business risk management, and reports regularly on financial risks to the Management Team and the Board of Directors.

Strategic risks are addressed regularly in the management teams and board meetings of each group company in connection with monitoring the implementation of the strategy and annually in connection with the review of the strategy. Risk reports are reviewed by the Board of Directors and the Group Management Team. Key risks and risk management measures are reported annually in the company’s report of the Board of Directors, interim reports, and, where necessary, on a case-by-case basis.

Internal control is an essential element of corporate governance and risk management and enables the creation and preservation of corporate value. The purpose of internal control is to protect the company’s and its business units’ resources from misuse, ensure appropriate authorization of business transactions, support the management of IT systems, and ensure the reliability of financial reporting. Internal control is a process that minimizes the likelihood of accounting errors.

Primary responsibility for internal control lies with line management. This is supported by Group support functions, which prepare Group-wide guidelines and monitor risk management. The third level of internal control consists of external audit, whose task is to ensure that the first two levels operate effectively.

To combat financial and other abuses, the company has guidelines for reporting abuses in cooperation with an external service provider.

Control measures are intended to respond to risks identified at different levels of the company’s operations. The company seeks to replicate best practices in risk management across subsidiaries through active communication and cooperation. The company does not have a separate internal audit function (corporate audit). Therefore, internal audit responsibilities are distributed among the company’s governing bodies and functions. The Board of Directors has ultimate responsibility for the governance of the company and the proper organization of its operations. The Board also ensures that the company operates in accordance with its values, approves internal control, risk management, and corporate governance code, and may assign internal audit-related engagements to the external auditor or other service providers when necessary.

Insider management

Read more about insider management

Audit

Read more about audit

Auroora Group Plc is a Finnish compounder that creates shareholder value by investing the cash flow generated by its subsidiaries in new, good cash flow-generating SMEs in selected segments.

Auroora

Contacts

Auroora Group Plc
Keskustori 7 A 3
33100 Tampere, Finland
Business ID 0588514-3
info@auroora.com

All contacts

© Auroora Group Plc 2026

Privacy Policy   Privacy Settings