Internal control, risk management and internal audit
The purpose of internal control and risk management is to ensure the effective and successful operation of the company, reliable information and compliance with the relevant regulations and operating principles. Internal control helps improve the effective fulfilment of the Board's supervising obligation.
Operating principles of internal control
To ensure successful business operations, the company must continuously control its operations. The company has defined its operating principles of internal control as follows:
The Board of Directors is responsible for ensuring that the company has defined the operating principles of internal control and that the company regularly monitors the effectiveness of such control. It is the Board's responsibility to supervise the Managing Director and to make sure he runs the company's business operations and administration in accordance with the Board's orders and instructions. The Managing Director is responsible for the practical arrangements associated with internal control and ensures that the company's accounting and asset management control is appropriately organized.
Internal control methods include internal instructions (incl. operating instructions), a reporting system that supports control, and various technical systems related to operations. The company has no specific internal control organization. Special attention is therefore paid to the organization of operations (incl. controller function and the Board work of subsidiaries), operating instructions, employee competence and reporting. The company's financial development is monitored monthly using reports that cover the entire Group.
Organization of risk management
The Group complies with a risk management policy approved, from time to time, by the company's Board of Directors. The objective of risk management is to cover risks related to business operations, property, agreements, competence, currencies, financing and strategy.
Risk management aims to systematically identify and recognize business-related risks and to ensure that risks are appropriately managed and monitored. Another objective of risk management is to help the company meet its strategic objectives and to ensure business continuity. In addition, it helps to ensure the safety of employees, products and services and to fulfil statutory obligations.
In business operations, risks may be assumed that are inherent in the company's strategy and in the measures planned to meet targets. The risk management process is designed to identify and evaluate risks, after which the practical risk management and monitoring measures are planned and implemented. Such measures may include risk avoidance, minimizing risk, or covering the risk through insurance policies or agreements. There is no separate risk management organization. The responsibilities involved are divided in accordance with the business and organizational division described in the section Other Management. Business units, in cooperation with the Group's parent company, are responsible for managing day-to-day business risks. The Group's parent company is responsible for financial risk management and risk insurance.
The key risks identified in connection with a risk analysis once a year are reported to the Board of Directors to enable the planning of proactive measures.
Internal audit
The company has no specific internal audit
organization. This is taken into
account in
the content and scope of the Group's annual audit plan.
External auditing
focuses
on specific areas in turn to be audited on the one hand, and on
separately
agreed
priority areas on the other.