The goal of risk management is to identify risks that may hinder the company from achieving its business objectives. A risk can be defined as any uncertainty that affects F-Secure’s business objectives and the ability to reach its results.
The risks can be defined into strategic, operative and financial risks. Strategic risks comprise e.g. risks related to changes in industry, markets or competition, intellectual capital, operator or subcontracting agreements, or acquisitions. Operative risks include risks related to production, processes and quality. Financial risks include all risks concerning financial activities, such as currency risks.
According to the risk management policy the Company may take business risks that enable long-term increase in shareholder value, competitiveness and Company’s profitable growth. The Company may not take business risks that could compromise the Company’s business or may lead to violation of regulation.
The responsibility for the company’s risk management lies with the CEO and the Leadership Team. The Board of Directors is responsible for defining the company’s overall level of risk tolerance. The Board of Directors and its committees approve and monitor the reporting procedures, as well as the adequacy, appropriateness and effectiveness of the company’s business and administrative processes.
F-Secure’s risk management team is regularly monitoring and coordinating the Company’s risk profile and activities to mitigate threats.As part of the ongoing target planning and coordinating work twice a year, the Company-wide risk portfolio and risk-related management plans are updated. The most important risks detected in the risk management plans are reported to the Audit Committee once a year.
Weekly and monthly financial reporting that covers the entire company is used to monitor how well financial targets are being met. The reports include actual figures, plans and up-to-date forecasts. The company has sought to manage the risks relating to its business operations by developing its operating processes and control systems. The
Board has set certain appropriate authorization limits to the management, and if these limits are exceeded, the decisions shall be handled by the Board of Directors.
The invoicing is mainly in euros. In order to minimize the impact of the fluctuation of the exchange rates, the goal is to hedge the estimated cash flow of affected currencies. The Company does not provide financing outside the industry standard payment terms. The investment policy of the company for cash reserves is conservative. Cash and cash equivalent are mainly invested in short-term funds and other low-risk investments.
Significant risks and uncertainties
F-Secure has not seen material changes in risks and uncertainties during the reporting period. Uncertainty in the economic environment may impact on the growth of broadband connections and on Operators’ willingness to invest in new services. These may have negative impact on F-Secure’s security and content cloud sales. The Company continues to monitor closely the development in the economic and financial markets.
F-Secure's risks and uncertainties are related to, among other things, the competitiveness of F-Secure's product portfolio, competitive dynamics in the industry, pricing models (e.g. free services, cost of content cloud services), impact of changes in technology, timely and successful commercialization of complex technologies as new products and solutions, the ability to protect own intellectual property (IPR) in F-Secure's solutions as well as the use of third party technologies on reasonable commercial terms, subcontracting relationships, regional development in new growth markets, sustainability of partner relationships, compromising stored personal data, service quality related penalties, risk exposure from increasing contractual liability requirements and forming of the new business areas.
Due to the longevity and complexity of project deliveries in the content cloud business, project completion timelines and related revenues are more unpredictable by nature than in the traditional security services business. This may cause risks for delivery delay penalties and may cause more variability in revenue forecasts.