The task of internal control is to ensure that the company’s operations are efficient and effective, that the information produced is reliable and that regulations and operating principles are complied with. Internal control is the responsibility of the Board of Directors and operational management. Internal control is implemented through a reporting system created for the company.
In their work, the external auditors perform an audit of internal control. In addition to Finland, the auditors audit the accounts in subsidiaries in Germany and Japan.
The task of internal audit is to assess the appropriateness of the company’s internal control, risk management and operations. The purpose of internal audit is to ensure the functioning of these areas at the most critical points.
It has not been considered appropriate for internal audit to create its own organization, but the activities are mainly carried out by financial management staff. If independence, which is an important part of internal auditing, is compromised, the services of an audit firm elected by the Annual General Meeting or another audit firm are used. The CFO reports on the audit findings to the Board and the CEO in accordance with the agreed schedule.
In subsidiaries, internal audit is performed by the parent company’s financial administration personnel. There are no independence issues in these respects.
The goal of risk management is to comprehensively identify operational risks and ensure that risks are properly managed when making business decisions. The company’s risk management ensures business continuity. Risk management also safeguards the company’s brand and ensures compliance with laws and regulations. Risk management does not have its own organization, but related matters are handled in accordance with the division of responsibilities defined by the organization.