Risk management
- Investors
- Digia as an investment
- Stock exchange releases
- Reports and presentations
- Financials
- Share
- Shareholders
- Governance
- IR service
9.8.2024
Digia’s risks are classified as strategic, financial, operational and sustainability risks. The Audit Committee of the Board of Directors is responsible for supervising the implementation of risk management and assessing its effectiveness. Monitoring focuses on risks of material significance to the company that are classified as high risk. Digia’s Group Management Team is responsible for the appropriateness of risk management and overseeing operational activities. The owner of risk management is responsible for reporting on risks and their correct assessment. Digia’s risk management process is supported by centralised risk management software.
The development of the risk status is reported to the Audit Committee twice a year and the Group Management Team monitors the risk status at its regular meetings. Reports cover the risk status, the impacts of significant risks and measures used to manage them, and the monitoring of objectives, including the specified indicators.
The company’s strategic and financial risks relate to increasing competition and potential significant changes in the company’s operating environment and service areas. General economic trends, higher interest rates and changes in customers’ operating environment and financial position may have an unfavourable impact on the company’s business, financial position and result through slower decision-making and the postponement or cancellation of IT investments.
Implementing the growth strategy places demands on both the organisation and its management. The company’s ability to recruit, maintain and develop the correct competence – and also to correctly time the offering to meet demand – will play a vital role. In line with its strategy, Digia is also seeking growth through acquisitions. However, Digia cannot be certain of locating suitable companies for acquisition or of successfully integrating them.
Operational and cyclical risks largely involve risks related to short-term demand. If demand sees a sharp fall, price levels might also decline. Although the pricing models used in the service business balance out cyclical business, products provided via SaaS (Software as a Service) involve longer-term revenue streams compared to the one-off payment of product licenses. In an inflationary environment, it is not certain how quickly and to what extent the rise in costs will be passed on to market prices.
Major customer projects – and fixed-price projects in particular – involve both business opportunities and risks. As customer projects increase in size, the risks associated with profitability management also grow, and there is a greater need to manage extensive contract and delivery packages. Large customer projects typically involve delivery-related sanctions whose materialisation always poses a risk. Risks related to accounts receivable are also growing.
Data security and protection risks comprise a significant risk area in the company’s business operations. Organisations have more and more information that is critical to their operations. Threats to data security and protection have risen significantly in recent years. Data security and protection risks mainly concern technology and people. Significant risk factors include, for instance, risks in high-security projects and the subcontracting chain. Due to the nature of its operations, the company is also the target of hostile influence. The company identifies, manages and prevents both internal and external threats. The company implements a regular ISO 27001-certified risk management process based on best practices in handling data security and protection risks. Risks are identified and their impact and significance are analysed. The risk level is reduced with appropriate measures where possible. Operational response and the handling of potential threats have been planned, rehearsed and tested in practice. The company's employees are continuously trained, and data security and protection issues are actively communicated within the company and, if necessary, also to partners and customers. The company works in close cooperation with a variety of data security and protection authorities and networks. Physical security and personnel safety issues are managed using mechanisms similar to those employed in data security and data protection.
Sustainability risks consist of environmental, social and governance risks. Office work poses a rather low risk of environmental damage. Climate threats might disrupt the global supply chains of IT hardware. The potential risks related to social responsibility that are monitored include experiences of overwork, occupational well-being, discrimination and unequal treatment. With respect to the subcontracting chain, potential human rights risks have been analysed and their probability is monitored actively. Human rights risks are also taken into consideration in the selection of new subcontracting partners. Administrative risks primarily concern the company's legality and ethical operations as well as data security and protection.
In addition, increasing regulation may have an adverse impact on the development of Digia’s net sales and cost levels.