Skip to content

Risk management


The main operational risks monitored under Digia’s risk management are related to customers, personnel, deliveries, IT, data security and protection, immaterial rights, and goodwill.

The company manages customer risks by actively developing its customer portfolio structure and avoiding any potential risk positions.

Personnel risks are evaluated and managed using a performance review and development discussion process in which key personnel participate. To enhance personnel commitment, the company strives to systematically improve the efficiency of internal communications via regular personnel events and by increasing the management’s visibility. Two major personnel-related risks are competence development and recruitment. These risks are systematically managed by developing our personnel’s competence and through continual recruitment management and subcontractor management.

Internal – and as required also external – audits of major projects and continuous services are conducted with a view to enhancing project and service risk management and securing the success of customer deliveries. The Group’s certified quality systems are evaluated regularly. Digia uses an ISO 9001-certified quality management system (Core Process Model), and the processes described in this system are utilised in all operations with a view to providing an optimal customer experience.

You can read more about our sustainability risk management in the Sustainability report.

Audits are carried out to manage data security and protection risks, and the company also continually develops working models, practices and processes that promote data security and protection. Security training is organised for all personnel. In 2020, we renewed our internal data security and data protection training package. This training must be retaken every year, not only by Digia personnel but also any subcontractors working on Digia’s premises.

In 2022, we received the ISO 27001 international information security certificate. ISO 27001 is an international information security standard that provides organisations with a security management framework for implementing, administering and continuously improving information security
management. The certificate is awarded to organisations whose operations meet the standards required by the audit. Although the first phase of certification covers only two of Digia’s business areas (Secure and Scalable Solutions and Managed Services), Digia’s security management as a whole has been updated to comply with the ISO 27001 standard. Digia will expand the scope of its certificate during 2023. After the adoption of ISO 27001, new additional trainings were also provided and mandatory annual trainings were updated.

The Management Team is tasked with systematically managing risks associated with business integration, shared operating models and best practices, as well as their integrated development. Typical risks in the software business include the appropriate protection of the company’s own
immaterial property rights (IPRs) and violation of third parties’ IPRs. These are managed through extensive internal policies, standard contracts, and appropriate supervision and analysis.

With respect to IFRS-compliant accounting policies, the Group actively monitors goodwill and its associated impairment tests as a part of prudent and proactive risk management practices within financial management.

Digia has assessed the corporate liability risks associated with its own operations and business relations, and has adequate and appropriate processes in place to predict and take precautions against these risks.

In addition to operational risks, the company is subject to financial risks. Digia Plc has centralised internal and external financing and the management of financial risks within the finance function of the Group’s parent company. This function is responsible for the Group’s liquidity, the sufficiency of financing, and the management of interest rate risks. The Group is exposed to several financial risks in the normal course of business. The Group’s risk management seeks to minimise the adverse effects of changes in financial markets on the Group’s earnings. The primary types of financial risks are interest rate risk, credit risk, and funding risk. The general principles of risk management are approved by the Board of Directors, and the Group’s finance function together with the business segments is responsible for their practical implementation.

 Learn more about our risk management on our Annual Report