Risk Management

Enterprise Risk Management Framework

WillScot Mobile Mini is dedicated to enterprise risk management practices encompassing all levels of our organization. Our framework allows us to constantly uncover and identify risks across the enterprise, see them clearly and manage them decisively.

Our Approach

Our Enterprise Risk Management (ERM) framework follows the Institute of Internal Audit and COSO Integrated Framework recommendations.

Board of Directors

The Board of Directors has a key oversight role for ERM.

Audit Committee of the Board of Directors

The Audit Committee of the Board of Directors assists the Board in fulfilling its oversight responsibility by monitoring the company’s risk management framework. The Committee considers a variety of potential risks that may affect the Company, including the competitive and macroeconomic landscape, cybersecurity, environmental health and safety, statutory/regulatory compliance, ESG risks and ability to scale human capital and business systems for future growth.

The Audit Committee conducts semi-annual reviews of the framework with additional items added to the agenda as needed throughout the year. In the semi-annual reviews, the Audit Committee is apprised of the company’s most significant risks, management’s assessment of the risks and planned response to mitigate the risks. The Audit Committee updates the full Board as needed on key issues resulting from these reviews.

ERM Committee

The ERM Committee presents semi-annual updates to the Audit Committee. The ERM Committee is comprised of the Company’s Executive Officers and meets quarterly to review and discuss the Company’s most recent risks and risk mitigation plans. The VP of Enterprise Risk Management facilitates these meetings, and reports to the President/CFO. The ERM Committee assigns rankings to each risk resulting in a prioritized Risk Matrix, which is presented to the Audit Committee.

Business Units & Functional Leaders

Each year the VP of Enterprise Risk Management accumulates and categorizes the enterprise risks throughout the organization. Those included in the annual risk assessment include Directors on the Audit Committee, ERM Executive Committee members, divisional and functional leaders, and the Company’s external auditors. The identified risks are aggregated and fed into the framework. They are reviewed and ranked with the President/CFO and prepared for the ERM Committee. This process is updated each quarter as needed.

ERM Governance and Oversight
Board of Directors
  • Oversight of Enterprise Risk Management (ERM)
Audit Committee of the Board of Directors
  • Identify enterprise risks
  • Monitor risk management framework on behalf of Board of Directors
  • Updated on risks semi-annually at minimum
ERM Committee
(Senior Leadership)
  • Identify, prioritize, and review enterprise risks
  • Review mitigation plans
Business Units & Functional Leaders
  • Identify, assess, and respond to enterprise risks
  • Ensure mitigation plans in place and compliant

Identify, Address, Solve

Our ERM framework allows management to make strategic decisions based on consolidated, timely and relevant risk information. The framework provides a summarized portfolio of strategic risks that transcend the company’s operational risks. In short, the Board and Audit Committee can ensure that management is identifying the most significant risks to the organization and responding appropriately. The Divisional and Functional Leaders are on the front lines of responding to enterprise risks. They ensure that the associated mitigation plans comply with risk tolerance levels agreed upon by the ERM Committee.

Risk Defined

At WillScot Mobile Mini, an enterprise risk is any potential activity or event that could hinder our strategic and business objectives over the next three years, which is aligned with our strategic planning process. Key focus areas for our ERM framework include all Operational, Strategic, IT, Financial & Compliance risks as identified and included in the annual risk assessment and quarterly updates.

Our risk ranking process includes the organization’s risk tolerance levels as approved by the Audit Committee. The process aids in ranking and understanding threats from a variety of different types of risks. The ranking criteria includes severity, likelihood, preparedness, and velocity. This approach ensures that developing risks like climate change are weighted and considered along with near-term risks. In fact, a number of environmental and social factors are included, such as labor law changes, expanding board diversity, and building code and zoning regulations.

Learn More About Our ESG Efforts