Neste Board of Directors has the ultimate responsibility for risk oversight and is in this role responsible for example for setting the Group’s risk appetite and for approving the Risk Management Policy.
Practical implementation, development and monitoring of the risk management process is based on the three lines of the defense model. The model distinguishes between:
1st Line of Defense
As part of the first line of defense, Neste’s President and CEO and the Neste Executive Board have the overall responsibility for proper risk management.
In practice, business areas and common functions are owning and managing risks with the help from a dedicated network of risk champions. The role of the risk champions is to represent different risk disciplines and to ensure that risk discussions are embedded into everyday management routines.
2nd Line of Defense
Role of the actors in the second line of defense is to provide risk management support, facilitation, and consultation.
Compliance Committee, headed by the CFO, aims at increasing management oversight on compliance related issues within the Group. The Committee also ascertains adequacy of mitigation actions in higher risk compliance areas.
The risk coordination team, supporting the CRO, acts as a working group that aims to ascertain effective and efficient risk management practices within Neste. The team steers the development of risk management principles, tools, and processes.
The corporate risk management team is responsible for confirming that risk management activities are carried out consistently. Corporate risk management also drives overall development of risk management practices and tools.
3rd Line of Defense
Internal Audit evaluates the effectiveness and efficiency of the corporate level risk governance model and related risk management processes, including the effectiveness of internal controls and other risk treatment actions in the scope of each audit.
Internal Audit also provides recommendations for improvement areas.