Risk management

The Debt Office works with two main types of risks: financial and operational risks. Systematic work is done continuously to chart, address, monitor and follow up these risks. 

Risk management is crucial since the costs of managing the central government debt, the management of central government payment systems and the pricing of guarantees and credits depend in part on the ability to assess and handle risks. In addition, risks arise continuously in the Debt Office's activities on account of its own actions and decisions. 

The objective of risk management is for the Debt Office to have good internal control through effective and appropriate risk management in accordance with market practice and good management of security and continuity issues.

Identifying risks

A first step in risk management is to identify which types of risk arise in Debt Office activities. The Debt Office works with two main types of risks:  

  • Financial risks: risks linked to management of the central government debt, central government payment systems and central government loans and guarantees.
  • Operational risk: risks on account of internal processes that are not fit for purpose or that fail or of human error, faulty systems or external events. Security-related risks are part of operational risks.

 The Debt Office's risk map illustrates the risks managed. The risk map is also shown in the Finiancial and Risk Policy, which also contains definitions of the risks.

Managing and controlling risks

To manage and control risks the Debt Office works with uniform methods and models, internal policy documents and a well-defined division of responsibilities.

Responsibility

The Board is ultimately responsible for limiting, monitoring and following up risks in Debt Office activities and for these activities being conducted under good internal control. Each year the Board adopts a financial and risk policy and receives regular reports about the current level of risk.

Each department is responsible for its own risk level and risk management within its own activities. The Risk Unit is responsible for independent cross-agency control and for the comprehensive reporting made to senior management and the Board. Internal Auditing, which reports direct to the Board, evaluates overall risk management.