COURSE: ENTERPRISE RISK MANAGEMENT

PROJECT: STORA ENSO

Instructions for the submission:

● Please maintain the following: Font - Times New Roman, Font Size - 12, Line Spacing - 1.5

S.No. Assessment Submission Marks

Format

1 Understanding risk Sora Enso Text 14 marks

(Questions 1 to 4)

2 Stora Enso risk analysis Text + Excel 56 marks

(Questions 5 to 12)

Project Maximum Marks 70 marks

Question 1. Identification of four risks faced by Sora Enso

1. Asset and supply chain vulnerabilities: With

operations in more than 35 countries, there are
risks associated with the sourcing, production, and
transportation, issues.
2. Cyber threats: The business needs to prevent
attacks that may cause a loss or impact its products
and assets to the point of business interruption.

3. Geopolitical and regulatory changes: Changes

in the laws e.g. Brexit or any new laws passed which
regulates deforestation or introduces higher tax
rates could have a significant impact.

4. Global warming and extreme events: Packaging

buyers are turning away from plastic, aluminum,
and glass products, which presents the opportunity
but Stora Enso also needs to be mindful of
excessive deforestation. Risk of pandemics should
also be considered.
Question 2. Classification of the four risks being faced by Sora Enso
 RISK IDENTIFIED DOMAIN

Asset and supply chain

vulnerabilities

Question 3. Identification of Stora Enso’s maturity stage and its reasoning

Risk maturity: Optimized ERM

Stora Enso’s risk management process is closely aligned

with the group’s strategy of a commitment to ensure that
the holistic, systematic, and proactive management of
risks and opportunities forms an integral part of our
business performance management together with
carefully designed mitigation actions. Consideration is
given to strategic and operational risks, as well as risks
related to compliance, financial markets, and reporting,
also including issues related to sustainability and the
group’s reputation. Once the risks are identified, they are
duly analysed and evaluated to establish their financial
and non-financial impacts, the likelihood of their
occurrence, and their root causes.

Stora Enso appointed a Senior Vice President of ERM with

sufficient sustainability credentials to manage ERM
development. To coordinate risk management across the
organisation, an internal ERM working group has been
formed. The divisional risk managers and the Senior Vice
President, ERM, are among the members of the working
group. In addition, the ERM function engages in internal
sustainability forums and working groups.
Question 4. Suitable risk management framework and its justification

ISO 31000

The ISO 31000 framework was developed by the

International Organization for Standardization and it
focuses exclusively

on risk

•••••••

management as a part of overall strategic planning and

has the following advantages: Used across the world and
across various industries
Increased employee awareness through participation in
management framework Reduced frequency of risk

Improve trust on stakeholders Foster forward thinking

Improve corporate culture Improve operational success
Question 5. Plotting of risks in the heat map (in the template excel file)

Please attach a screenshot of the "Likelihood - impact table" sheet of the

template
Question 6. Calculation of risk scores

Please attach a screenshot of the "Risk register" sheet of the template

Question 7. Identification of the drivers for the risks

Please attach a screenshot of the "Risk register" sheet of the template

RISKS LIKELIHOOD IMPACT VELOCITY RISK SCORE DRIVER

Risk 1 Data hacking 2 2 High 4 Are the IT systems

equipped to handle
cyber threats?
Risk 2 Use of old technology 4 4 Low 16 Are the machinery
and systems
obsolete? Are they
at par with the
competition?

Risk 3 Declining sales 4 5 Medium 20 What strategies to

be implemented to to
ensure growth of the
business?

Risk 4 New regulations 4 3 High 12 How would the new

regulations impact
the business and
profits?

Risk 5 Consumer preferring 3 1 Low 3 What are the costs

biodegradable plastic associated with
packaging switch to such
alternative and
whether current
offerings are
cheaper?
Question 8. Identification of the risk owners

Please attach a screenshot of the "Risk register" sheet of the template

Question 9. Prioritisation of the risks and justification for the order

PRIORITY RISK JUSTIFICATION

LEVEL

P1 Risk 3
In case of a declining sales, the
profitability and the market
perception of the company would
take a hit and the overall valuation
of the company shall fall.
Additionally, the company shall
have to close-down operations in
some of the factories and lay off
employees to ensure existence.

Hence it is of paramount
importance that the company
innovates and comes up with
 solutions to tackle this issue.

P2 Risk2
Use of old technology would mean
that the assets may not be utilized
efficiently and are performing at
100% capacity. Furthermore, it
could also lead to higher
maintenance cost and risk of
break-down impacting the
production and operations.

P3 Risk 4
It is immensely important to
understand the risk associated with
the changing legislations e.g.
Brexit, tax amendments, etc. and
the impact it may have on the
business and the profitability. Being
a listed company, 100%
compliance on these are
mandatory to ensure good public
perception and avoidance of penal
consequences.
 P4 Risk 5
A potential breach could be
devastating and loss of data but in
the industry of Stora Enzo, it may
not be as pertinent as it would
have for a IT company or a
consultancy firm e.g. Google, PwC,
etc.

P5 Risk 1
May not be a priority as production
cost of biodegradable plastic
packaging is much higher than the
paper packaging and considering
COVID-19, every business is
looking to reduce costs in sourcing.

Question 10. Four aggravating factors for the forest produce industry creating an impact on their revenue generation

Please attach a screenshot of the "Risk register" sheet of the template

Question 11. Four mitigation strategies to reduce the risk posed by the aggravating factors

Please attach a screenshot of the "Risk register" sheet of the template

Question 12. Risks that should be accepted with their justification

Risk 1 and 5 should be accepted.A

Risk 1: Stora Enzo is not in the business of data

confidentiality or the service industry e.g. IT companies or
consultancy firms and hence there isn’t a huge level of
possibility of a data breach. It should, however, ensure
that the trade secrets are properly safeguarded.

Risk 5: Looks a remote possibility and risk score is

extremely low.