Internal Control and Internal Audit
The objectives of the internal control and risk management are to ensure that:
- the Board and management receive sufficient and reliable information about the company's financial position, risks impacting on the future performance and the implementation of strategy
- the company's external reports are essentially correct, comprehensive and timely
- laws and regulations are followed.
According to the Finnish Companies Act and Recommendation of the Finnish Corporate Governance Code, the Board is responsible for the proper arrangement of the internal control. The actual internal control is embedded into the responsibilities of each member of the organization. The operational principles of the internal control are:
- control is a duty of all employees
- all significant transactions and meetings including the decisions made are documented
- IT and other support systems are used efficiently and appropriately
- security is arranged properly.
Instructions related to the internal control are gathered into two company confidential documents, the former intended for all and the latter for finance staff. The first document, Policies, defines the company's operating policies:
- representation and approval rights
- HR policies and approval of employee benefits
- pricing, payment term and credit policies
- approval procedures for expenses
- instructions for preparation and handling of agreements
- instructions for IT usage and IT security
- principles of risk management and insurance coverage.
The second document, Finance Manual, includes:
- accounting instructions
- principles and instructions for management reporting and external reporting
- definition of internal controls in bookkeeping and reporting processes including responsibilities.
Due to its size, the company does not have a separate internal auditing organization or employees assigned full-time to this task. Internal auditing is partially outsourced to an audit firm. The main auditing themes are decided in connection with the annual auditing plan.