Risk management and risks

Purpose and objectives of risk management at Terveystalo

Risk management is part of Terveystalo’s management system. The purpose of the risk management is to ensure the fulfilment of promises to customers, patient and occupational safety, top quality services, financial performance, business continuity, a good company image and corporate social responsibility.

Risk management is an integral part of the planning processes as well as the monitoring and reporting routines. It is implemented in the daily management and activities at all levels of the organization and must be consistent and commensurable. It is important to understand the causes and consequences of risks and to ensure that the risk management measures are correct and properly targeted.

Goals of the risk management:

  • Ensuring business continuity
  • Ensuring the achievement of strategic and operative objectives
  • Managing risks associated with financial transactions
  • Supporting decision-making
  • Ensuring top quality care and patient safety
  • Ensuring the employees’ expertise and occupational safety
  • Avoiding operational risks and risks of damage and minimizing the damages if a risk is realized
  • Improving risk awareness within the organization
  • Identifying the opportunities associated with risk-taking, improving risk tolerance
  • Identifying development opportunities within the organization
  • Gaining the trust of external and internal stakeholders


We strive to proactively identify, analyze and manage major risks. Risk management is an integral part of management, which contributes to strategic development and helps managers make informed choices, puts measures in priority order, takes into account opportunities, uncertainties and their effects and distinguishes between alternative approaches.

Common policies, codes of conduct, manuals and process descriptions with detailed instructions are described in Terveystalo's operating system. These ensure the consistency of activities and correct routines at critical points in the processes and prevent unwanted events.

The activities carried out according to the operating system are monitored and evaluated through the organization's reporting systems.

Risk management responsibilities

Responsible party Range of responsibility
Terveystalo’s Board of Directors Responsible for risk management and its adequacy.
CEO Is responsible for organizing the group's risk management and approves the risk management policy.
Strategy Forum Supports the CEO in implementing the risk management system, monitoring operational risks, assessing risks and implementing measures related to risks.
Chief Medical Officer Responsible for managing medical and patient safety risks and for the self-assessment plan.
Chief Financial Officer Responsible for managing economic and financial risks. Responsible for risk management as director of risk management in addition to his own role.
Directors of business activities and customer relationships Responsible for managing business-related risks, making use of opportunities, ensuring operational quality and implementing the self-assessment plan within their own fields of responsibility.
HR Manager Responsible for good management practices, legal responsibility for matters relating to human resources and legal affairs.
Communications and Marketing Manager Responsible for risks associated with the company's reputation.
Director, digital services and information management Responsible for ensuring the functionality of telecommunications networks and systems.


Each risk has an owner and a responsible person. Every Terveystalo employee is responsible for identifying risks and taking preventive measures in their own daily work.

Risk classification

We divide risks into four main groups. All of these groups may contain both internal and external risks and possibilities.

Terveystalo's risk map


Strategic risks

  • Prevent the organization from reaching its strategic goals. They are often related to external factors and changes that may endanger e.g. profit targets and affect e.g. the operational environment, market situation, demand, legislation or reputation management.

Economic and human resources risks

  • Related to internal and external economic and financial agreements, commitments and responsibilities
  • Related to the availability of personnel and their qualifications, maintenance of skills and professional development, as well as occupational safety.

Process risks

  • Are the results of daily tasks within the organization. Caused by inadequate or ineffective internal processes, personnel or systems or external factors.

Patient safety risks

  • May result in unexpected events that may cause adverse events or liability for damages.

Risk appetite and tolerance

Risk appetite is the amount of risk that Terveystalo is prepared to take to achieve its objectives within a set time. Risk tolerance is the amount of financial resources (e.g. gross sales, operational EBITDA, equity ratio) against which risks can be taken.

The relation between the risk-taking and the risk tolerance must be monitored regularly. It is assessed particularly in connection with the handling of the strategy and when decisions are made on business projects or investments that are significant from the group’s point of view. Key figures describing e.g. the cash flow and the group’s capital adequacy ratios are used in the assessment.

Riskinottoa suhteessa riskinkantokykyyn tulee seurata säännöllisesti. Erityisesti sitä arvioidaan strategiakäsittelyn yhteydessä sekä päätettäessä konsernin kannalta merkittävistä liiketoimintahankkeista tai investoinneista. Arvioinnissa käytetään mm. liiketoiminnan kassavirtaa ja konsernin vakavaraisuutta kuvaavia tunnuslukuja.

Definition of acceptable risks

When risks are assessed, one must evaluate the seriousness of the consequences of the risk, which must not pose a significant risk to Terveystalo's operations or continuity.

Unacceptable risks are

  • illegal activities or practices
  • severe endangering of a customer’s or employee’s health
  • financial losses that significantly affect the company’s results
  • serious health, safety, information safety, incident or accident risks relating to premises, equipment or systems
  • loss of reputation or image that causes significant loss of customer confidence

Risk management process

Risks are assessed at all levels of the Terveystalo organization. Terveystalo identifies risks using e.g. performance indicators, market statistics, effectiveness information, customer feedback, register data, inspection reports and inquiries from authorities, occupational safety risk surveys, incident information, audit results and competitor information.

The magnitude of the identified risks can be assessed based on the likelihood that the risk is realized and the severity of the consequences placed on a scale from 1 (lowest) to 5 (highest). A set of risk assessment criteria is used for assessing the magnitude of the risk. The risk assessments are recorded in the electronic tool Paja.

Risk assessment year clock


Risk management priorities in 2016–2017

The main priority of 2016–2017 is to ensure that personnel on all levels of the organization learn the risk management process and that it becomes a natural part of the company's management system and good management practices.

The goal is that a systematic assessment and analysis of risks and opportunities, definition of measures and monitoring of effects in accordance with the year clock become part of the management structures.