Risk management

Risk management, internal control and internal audit


Risk management

At Exel Composites risk management is a continuous process, which is integrated with the daily decision making and continuous monitoring of operations as well as with the preparation of half year financial reports, business reviews and annual financial statements.

The Board of Directors governs the risk management of the company through a risk management policy. In addition, the Board of Directors makes a risk assessment as part of the review and approval process of each set of half year financial reports, business reviews and annual financial statements. Risk factors are also considered in connection with any future guidance disclosed by the company.

The operative risk management, including risk monitoring, is part of the key duties of the operative management. Risks are considered and evaluated in conjunction with each business decision. Additionally, they are also monitored by the President and CEO and other group management on a monthly basis when the team reviews the business development and any near and long-terms risks upon presentation of the business unit heads and controllers.

Risks and uncertainties related to Exel Composites can be categorized as strategic, operational, financial as well as hazard and environmental risks.

Strategic risks

With respect to strategic risks, a significant portion of Exel Composites’ revenues is generated from certain key clients and market segments. Whereas production capacity and cost structure of the company is planned for growing business volume, negative development of such key clients or market segments could lead to deterioration of Exel Composites’ profitability. This risk is mitigated by a close cooperation with key clients. The development of key markets and consequently business volumes are actively followed and forecasted in order to be able to adjust our business and cost structures to the forecasts. New products and applications are also continuously developed in order to limit the dependency of any individual clients or market segments.

Strategic risks also include risks related to acquisitions where the realized level of benefits and synergies may differ from the planned.

Operational risks

The most significant operational risks relate to product development and sales as well as production. Exel Composites’ product range is very broad and often customer customized, which adds complexity to the product development and production. Designing, producing and selling a product that does not meet the requirements agreed with a client could potentially lead to substantial losses and damages as well as negative impact on the company reputation. This risk reduced by close cooperation with customers. In addition, availability of skilled employees and knowledge retention, protection of self-developed proprietary technology, fraud, possible human rights or other Code of Conduct violations in the company or within its supply chain, availability and pricing of key raw materials and health problems due to long-term exposure to chemicals or accidents belong to the most significant operational risks. The availability of skilled employees and knowledge retention, protection of self-developed proprietary technology, fraud prevention and detection, and the availability and pricing of key raw materials are critical for the profitability of the business, while possible human rights or other Code of Conduct violations or the realization of significant health and safety risks causing damage to people or the environment could potentially lead to reputational loss, sanctions or even influence its operational permits. Pre-emptive management of operational risks through careful contracting as well as appropriate business processes and working instructions are in key roles to prevent possible damages.

Financial risks

Financial risks consist of currency, interest rate, liquidity and funding risks, as well as credit and other counter party risks. Currency and interest rate risks are managed primarily by natural hedging or by using derivative instruments. Credit insurance is in place to cover risks related to trade receivables.

Hazard and environmental risks

Hazard risks include damages caused to property because of fire, floods, emissions or chemical spill. If realized, these have an impact first and foremost on the surrounding environment, but also in the company’s own business and losses due to related business interruptions, either in the company’s own operations or in its supply chain. The realization of environmental hazard risks could potentially lead to sanctions, reputational loss or influence its operational permits. Exel Composites’ primary aim is to actively prevent any such accidents and its environmental program is based on the identified risks, legislative requirements and certifications such as the ISO 9001, ISO 45001 and ISO 14001. Environmental monitoring and measuring are carried out at all sites. If realized, despite all pre-emptive measures, damages from hazard risks are mainly covered by insurance policies. This type of risks are also regularly audited by third parties that provide recommendations for improvement to reduce risk probability.

Of the before mentioned risks, the probability of individual strategic or operational risks can be deemed relatively high. The consequences, however, of any such risk, if realized, are typically not substantial. With the company’s current operating model, the probability of financial risks is deemed medium. The probability of hazard and environmental risks is low.

Internal control

Exel Composites Plc is the parent company for the whole Group. It manages and directs the operations for the whole Group. The main responsibility for the internal control and risk management relating to the financial reporting process lies with the Board of Directors. Exel Composites’ internal control framework and roles and responsibilities for internal control have been defined in the Internal Control Policy approved by the Board of Directors. Internal control is organized within the framework of regular management, reporting and reviews.

Exel Composites’ internal control and risk management related to financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with applicable laws and regulations, generally accepted accounting principles and other requirements for listed companies.

Exel Composites has established a Controller's manual (accounting and reporting rules), which is regularly updated. Other internal policies and rules related to the financial reporting process include the Code of Conduct, the Anti-corruption Policy, the Decision-making and Signing Policy, the Treasury Policy as well as the Credit Management Policy.

Group accounting maintains a common chart of accounts that is applied in all units. A Group enterprise resource planning system (ERP) and customer relationship management system (CRM) are in use in most units of the Group. Subsidiaries submit their figures to Group reporting system for consolidation purposes. The reported figures are reviewed both in the subsidiaries and in Group accounting.

The consolidated financial statements of Exel Composites have been prepared in compliance with International Financial Reporting Standards (IFRS), applying International Accounting Standards (IAS) and IFRS standards, as well as Standing Interpretations Committee (SIC) and International Financial Reporting Interpretations Committee (IFRIC) interpretations, valid on 31 December 2019. The notes to the consolidated financial statements are also in compliance with the Finnish Accounting and Companies Acts.
The ultimate responsibility for the appropriate arrangement of the control of the Company accounts and finances falls on the Board of Directors. In accordance with the Charter of the Board of Directors, the Board performs the duties of an Audit Committee. These duties include overseeing of the accounting and financial reporting process, the audit of the financial statements, and the review of internal control procedures as well as communication with the Company’s auditors. The President and CEO is responsible for the implementation of internal control and risk management processes and ensuring their operational effectiveness. The President and CEO is also responsible for ensuring that the Company accounting practices comply with the law and that financial matters are handled in a reliable manner. The Group’s management assigns responsibility for the establishment of more specific internal control policies and procedures to personnel responsible for the unit’s functions. Management and employees are assigned with appropriate levels of authority and responsibility to facilitate effective internal control over financial reporting.

Exel Composites’ common controls include variety of activities such as approvals, authorizations, verifications, reconciliations, monthly reviews of operating performance, and segregation of duties.

In financial reporting, the Controller’s manual sets the standards of financial reporting as well as accounting rules and procedures within the Group. The Group controller function assists the business units in maintaining adequate control activities in cooperation with the business controllers. The Group controller function is also responsible for ensuring that external financial reporting is correct, timely and in compliance with applicable regulations.

Ongoing monitoring activities include the follow-up of monthly financial results in relation to budget and targets as well as follow-up of internal and external projects. The scope and frequency of separate evaluations depend primarily on an assessment of the related risks and significance of the potential financial outcome. Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action, and to management and the Board as appropriate. Implementation and control of financial and other business targets are monitored through Group-wide financial reporting, and through regular management meetings in each of the business units.

Further information on internal control and risk management related to financial reporting can be found in the Corporate Governance Statement.


Internal audit

Based on the effective operation of the group financial control, including the established controller function, the Company does not have a separate internal audit function. The Board of Directors or the President and CEO can assign Exel Composites' controller function or an external service provider to perform internal audit assignments as needed.


Updated 28 February 2020

Exel Composites Oyj, Vantaa head office, Mäkituvantie 5, FI-01510 Vantaa, Finland