COURSE: ENTERPRISE RISK MANAGEMENT

PROJECT: STORA ENSO

Instructions for the submission:

● Please maintain the following: Font - Times New Roman, Font Size - 12, Line Spacing
- 1.5

S.No. Assessment Submission Marks

Format

1 Understanding risk Sora Enso Text 14 marks

(Questions 1 to 4)

2 Stora Enso risk analysis Text + Excel 56 marks

(Questions 5 to 12)

Project Maximum Marks 70 marks

Question 1. Identification of four risks faced by Sora Enso

Risk faced by Sora Enso:

1. Regulatory Changes: Changes in regulations for Pulp and wood
processing and each country following different laws.
2. Communities and human rights: Although sustainability has been
part of Stora Enso’s business model for decades, the need to
integrate sustainability formally into the company’s ERM was
catalyzed in 2014 by the discovery of child labor in the supply
chain of Bulleh Shah Packaging (BSP), Stora Enso’s 35%-owned
equity-accounted minority investment in Pakistan.
3. Macroeconomy, geopolitics and currency rates: Since Stora Enso
have operations in different locations is continues risk to manage
Economy risk.
4. Competition and market demand: During the pandemic, demand
for paper fell roughly 18 percent for Stora Enso as well as its
competitors. As the COVID-19 pandemic drove the transfer from
paper material to digital devices.
Question 2. Classification of the four risks being faced by Sora Enso

RISK IDENTIFIED DOMAIN

Regulatory Changes Strategic and Compliance Risk

Communities and human rights Operational and Compliance Risk

Macroeconomy, geopolitics and Strategic and Financial Risk

currency rates

Competition and market demand Strategic Risk

Question 3. Identification of Stora Enso’s maturity stage and its reasoning

Stora Enso is in Optimised Stage.

1. ERM embraced by the board and senior management: To
coordinate risk management across the organisation, an internal
ERM working group has been formed. The divisional risk
managers and the Senior Vice President, ERM, are among the
members of the working group
2. Automated assessments and risk interaction across Bus: The
corporation has made deliberate steps to integrate sustainability
and ERM, in addition to raising the profile of sustainability inside
the organisation. For example, in partnership with the
sustainability function, Stora Enso appointed a Senior Vice
President of ERM with sufficient sustainability credentials to
manage ERM development.
3. ERM is optimized: The risk management process followed by
Stora Enso has the following steps: • Key definitions • Objective
setting • Risk modelling • Risk classification • Identification and
evaluation including risk assessment criteria • Calculation of
residual risk • Report requirements and templates • Determination
 of risk appetite.

Question 4. Suitable risk management framework and its justification

 The ERM process is run by divisions based on a set of group-level
guidelines that are consistent with the COSO Framework and include
guidance on:
1. key definitions
2. objective setting
3. risk modelling
4. classification
5. identification and evaluation including assessment criteria
6. rules on calculating residual risk.
7. reporting requirements and templates
8. determination of risk appetite
Each division is responsible for addressing the company’s sustainability
agenda and has the support of sustainability subject matter specialists
aligned to each of the company’s ten sustainability issues. The division
may prioritize additional division-specific material sustainability issues
in consultation with sustainability subject matter specialists. The
sustainability subject matter specialists are also responsible for engaging
with external stakeholders

Question 5. Plotting of risks in the heat map (in the template excel file)

RISKS LIKELIHOOD IMPACT

Risk 1 Data hacking 2 2
Risk 2 Use of old technology 4 4
Risk 3 Declining sales 4 5
Risk 4 New regulations 4 3
Consumer preferring biodegradable
Risk 5
plastic packaging 3 1

5 Risk 3

4 Risk 2
IMPACT

3 Risk 4

2 Risk 1

1 Risk 5
1 2 3 4 5
LIKELYHOOD
Question 6. Calculation of risk scores

screenshot of the "Risk register" sheet of the template

RISKS LIKELIHOOD IMPACT VELOCITY RISK SCORE

Risk 1 Data hacking 2 2 High 4

Risk 2 Use of old technology 4 4 Low 16
Risk 3 Declining sales 4 5 Medium 20
Risk 4 New regulations
Consumer preferring 4 3 High 12
Risk 5 biodegradable plastic 3 1 Low 3

Question 7. Identification of the drivers for the risks

Screenshot of the "Risk register" sheet of the template

RISKS DRIVER

Risk 1 Data hacking Internal

Risk 2 Use of old technology Internal
Risk 3 Declining sales External
Risk 4 New regulations
Consumer preferring External
Risk 5 biodegradable plastic External
Question 8. Identification of the risk owners

Screenshot of the "Risk register" sheet of the template

RISKS RISK OWNERS

Risk 1 Data hacking Department- IT and Digitilization / Risk - IT / Name - Temmu salmi
Risk 2 Use of old technology Department - Strategy and innovation / Risk - Strategic / Name - Tobias Baamman
Risk 3 Declining sales Department - Sourcing and Logistic / Risk - Strategic / Name - Johanna Hagelberg
Risk 4 New regulations
Consumer preferring Department - Legal / Risk - Compliance / Name - Per Lyrvall
Risk 5 biodegradable plastic Department - Communication and Marketing / Risk - Financial / Name - Ulrika Lilja

Question 9. Prioritisation of the risks and justification for the order

 PRIORITY RISK JUSTIFICATION
LEVEL

P1 Data hacking Since the velocity is highest and can

impact immediately

P2 New regulations Since the velocity is highest and can

impact immediately

P3 Declining sales Its impact is highest which is high so

it’s P3 also with Declining sales so its
high priority is highest

P4 Use of old Its impact is high and velocity is low

technology so it’s P4 also its critical for industry
to adapt to new technology

P5 Consumer Its impact and velocity is low so it’s

preferring P5
biodegradable
plastic
packaging

Question 10. Four aggravating factors for the forest produce industry creating an impact
on their revenue generation
 screenshot of the "Risk register" sheet of the template
RISKS AGGRAVATING FACTOR
If company and customer data get hacked and publically available can give bad news
Risk 1
Data hacking to company and be a very big loss to company
New technology adopted by competition which will reduce the cost of manufacturing
Risk 2
Use of old technology or customer adoption increase can harm the company and reduce the sales
Risk 3 Declining sales Increase in cost of production, Employee strike
Risk 4 New regulations Going against the law and regulation and missing the deadlines
Consumer preferring
Risk 5 biodegradable plastic Competition producing biodegradable plastic packaging and company not able to
packaging adopt

Question 11. Four mitigation strategies to reduce the risk posed by the aggravating
factors

Screenshot of the "Risk register" sheet of the template

RISKS MITIGATING STRATEGIES
1. Access the information security risk of
the company.
2. IT department should take necessary
Risk 1 actions to increase the security and
address the risk.
Data 3. Get proper testing done so that risk is
hacking mitigated.
 1. Company should spend resources on
innovation and should encourage R&D
in different fields.
2. Access and adopt customer needs and
company’s future goals and improve
technology continuously.
Risk 2
3. Do experiments and if failed should
learn from them and encourage further
experiment.
Eg. Focus more on creating packaging
Use of old material that is free of carbon and is
technology biodegradable and reusable.
1. Should access the risk and find the root
cause of declining sales through market
research .
2. Take counter measures and to market
Risk 3 research to find the risk impact.
3. Do proper testing of counter measures and
Eg. Focusing on alternative of raw material,
Declining reduce the cost of manufacturing, introduce
sales products that are easily adopted by customer.
1. Legal should do proper research on new
regulations.
2. Should interact with local / international
governing bodies to find the necessary
Risk 4 steps to be taken to meet the regulations.
3. Keep track of Deadlines and necessary
actions to be taken to mitigating the risk.
New 4. Formulate proper strategy to mitigate these
regulations kind of risk in future.
Consumer
Risk 5 preferring 1. Do Market research and find the root
biodegradab cause of adoption.
 le plastic 2. Try to do market campaigns to increase
packaging communication about the product the
company produce and show its
environmental benefits as well.
3. Switch to production of the similar good
so that company can adopt the change.

Question 12. Risks that should be accepted with their justification

Risks company can take:

1. Consumer preferring biodegradable plastic packaging: Can be
taken since the company aim is to focus on biodegradable
products and can work on mitigating the risk.
2. Declining sales: Because we have budget that we can work on
mitigating the risk.
3. New regulations: We should take the risk of since its very
important to mitigate the risk to meet the product standards or
other regulations