Nightingale’s risk management is based on the Risk Management Policy adopted by the company’s Board of Directors.

The purpose of internal control and risk management is to ensure that Nightingale’s operations are effective, that financial and other information is reliable, and that Nightingale complies with the relevant regulations and operating principles.

Nightingale’s Board of Directors is primarily responsible for Nightingale’s risk management. The Board confirms the principles and responsibilities of risk management, the risk limits of Nightingale and other general guidelines according to which the risk management and internal audit are organised.

The Board is responsible for ensuring that Nightingale’s internal control and risk management are sufficient relative to the scope of Nightingale’s business and that their supervision is appropriate.

The Board supervises that the CEO manages the company’s operative business and administration in accordance with the instructions and orders issued by the Board. The Board assesses Nightingale’s financial reports and material changes in business operations to ensure that risk management is sufficient.

The aim of internal control is to give the Board and acting management adequate assurance of the realisation of the following objectives:

• the effectiveness and appropriateness of operations;
• the achievement of targets and profitability;
• the reliability and completeness of financial reporting and other reporting;
• the safeguarding of assets;
• compliance with operating principles, plans, guidelines, laws and regulations to prevent errors and misconduct, for example.

Internal control is a process applied by the Board of Directors, Management Team and personnel of Nightingale. Control activities are the policies and internal control procedures with documented control points that help ensure that management directives are carried out. They help to ensure that necessary actions are taken to address risks that endanger the achievement of Nightingale's objectives.

Nightingale manages risks related to four main categories:

1. Strategic risks are uncertainties related to the operating environment and ability to leverage changes in the environment or to prepare for them. Strategic risks include risks related to e.g. operating model, business development and expansion, market environment, customer expectations and competitors.
2. Operational risks are circumstances or events which can prevent or hinder the attainment of objectives or cause damage to people, property, business, information or any other operations of the company.
3. Financial risk management takes into consideration Nightingale’s financial position and reporting, e.g. performance reporting, investments, credit losses and foreign currencies and any risks related to on-time accuracy.
4. Compliance risks are risks related to exposure to legal claims, penalties and other losses the company might face if it fails to act in accordance with laws and regulations.

Risk management is part of Nightingale’s strategic and operative planning, daily decision-making processes and internal control systems. Risk management contains all actions connected to setting up targets, identifying risks, measuring, reviewing, handling, reporting, monitoring and mitigating risks.