Risk Management

Enterprise Risk Management Framework

WillScot Mobile Mini is dedicated to enterprise risk management practices that encompass all levels of our organization. Our framework allows us to constantly uncover and identify new risks across the enterprise, see them clearly and manage them decisively.

Our Approach

Our Enterprise Risk Management (ERM) framework follows the Institute of Internal Audit and COSO Integrated Framework recommendations.

Board of Directors

The Board of Directors has a key oversight role for ERM.

Audit Committee of the Board of Directors

The Audit Committee of the Board of Directors assists the Board in fulfilling its oversight responsibility by monitoring the company’s risk management framework. The Committee considers a variety of potential risks that may affect the Company, including the competitive and macroeconomic landscape, cybersecurity, environmental health and safety, statutory/regulatory compliance, ESG risks and ability to scale human capital and business systems for future growth.

Review of the framework is on the Audit Committee calendar for semi-annual reviews but can be added to the agenda as needed throughout the year. In the semi-annual reviews, the Audit Committee is apprised of the company’s most significant risks, management’s assessment of the risks and the planned response to mitigate the risks. The Audit Committee updates the full Board as needed on key issues that result from these reviews.

ERM Committee

The ERM Committee presents semi-annual updates to the Audit Committee. The ERM Committee is comprised of the Company’s Executive Officers and meets quarterly to review and discuss the Company’s most recent risks and action plans developed to mitigate each risk. These meetings are facilitated by the VP of Enterprise Risk Management, who reports to the General Counsel and Corporate Secretary. In these meetings the ERM Committee assigns rankings to each risk resulting in a prioritized Risk Matrix, which is presented to the Audit Committee.

Business Units & Functional Leaders

The VP of Enterprise Risk Management conducts a formal process each year to accumulate and categorize the enterprise risks throughout the organization. Those included in the annual risk assessment include Directors on the Audit Committee, ERM Executive Committee members, divisional and functional leaders, and the Company’s external auditors. The risks identified are aggregated and fed into the framework. They are then reviewed and ranked with the General Counsel and Corporate Secretary and prepared for the ERM Committee. This process is updated each quarter as needed.

ERM Governance and Oversight
Board of Directors
  • Oversight of Enterprise Risk Management (ERM)
Audit Committee of the Board of Directors
  • Identify enterprise risks
  • Monitor risk management framework on behalf of Board of Directors
  • Updated on risks semi-annually at minimum
ERM Committee
(Senior Leadership)
  • Identify, prioritize and review enterprise risks
  • Review mitigation plans
Business Units & Functional Leaders
  • Identify, assess and respond to enterprise risks
  • Ensure mitigation plans in place and compliant

Identify, Address, Solve

Our ERM framework allows management to make strategic decisions based on consolidated, timely and relevant risk information. The framework provides a summarized portfolio view of strategic risks that transcend the company’s operational risks. In short, the Board and Audit Committee can ensure that management is identifying the most significant risks to the organization and responding appropriately. The Divisional and Functional Leaders are on the front lines of responding to enterprise risks. They ensure that the associated mitigation plans comply with risk tolerance  levels agreed to by the ERM Committee.

Risk Defined

At WillScot Mobile Mini, an enterprise risk is any potential activity or event that could hinder our strategic and business objectives over the next three years, which is aligned with our strategic planning process. Key focus areas for our ERM framework include all Operational, Strategic, IT, Financial & Compliance risks as identified and included in the annual risk assessment and quarterly updates.

Our risk ranking process includes the organization’s risk tolerance levels as approved by the Audit Committee. The process aids in ranking and understanding threats from a variety of different types of risks. The ranking criteria includes severity, likelihood, preparedness and velocity. This approach ensures that slowly developing risks like climate change are weighted and considered along with near-term risks. In fact, a number of environmental and social factors are included, such as truck fleet emissions, labor law changes, diversity, and building code and zoning regulations.

Learn More About Our Sustainability Efforts