Internal Controls Over Financial Reporting
The Company´s external financial reporting process, internal control and risk management systems are briefly described in this section. The main focus is on financial accounting and related controls.
Financial Reporting Organization
The financial management of the Company is responsible for organizing the accounting, money transactions and other daily financial operations of the companies belonging to it as well as organizing the internal reporting that supports the business.
The tasks of the Company´s financial administration consist of, inter alia, monthly consolidation of the Group entity, preparation of quarterly financial reports and consolidated financial statements, management and investment of monetary assets of the Group, management of liabilities, protection against exchange risk, and transfer pricing. The finance function of the Company implements operative supervision under the CFO who reports any supervisory findings to the Audit Committee. The tasks and responsibilities of the accounting function of the parent company and each subsidiary are included in the job descriptions of the teams and employees..
Financial Reporting Systems
Consolidated financial statements are prepared by using the chosen consolidation tool. The accounting of the Group´s subsidiaries is done by using the local accounting systems from which the actual figures are reported either manually or by automatic transfer to the group consolidation system. The accounting system in use includes general ledger accounting, accounts payables and accounts receivables. Current assets and payroll accounting is organized through various programs or purchased as an outsourced service. Purchase invoices are circulated through electronic invoice processing system. Global forecasts and budgets are prepared by using the forecast and reporting program.
The Company´s internal control mechanisms are based on policies, instructions, limited process descriptions, authorization matrix, financial reporting review meetings, and segregation of key accounting duties.
Compliance processes are in place at all levels of the organization to ensure that all applicable laws, regulations, internal policies and ethical values, including sustainability, are adhered to. The management and businesses are responsible for following up developments in legislation and regulations in their respective areas and communicating them to the organization. The members of the Management Group are responsible for setting up adequate compliance controls and compliance related training in their units. CLO of the Company coordinates the appropriateness and compliance of the compliance processes.
Roles and Responsibilities Regarding Risk Management and Internal Control
The key roles and responsibilities regarding the Company´s internal control and risk management are defined as follows:
Board of Directors
The Board of Directors is ultimately responsible for the administration and the proper organization of the operations of the Company. According to good corporate governance, the Board also ensures that the Company has duly endorsed the corporate values applied to its operations. The Board approves the internal control, risk management and corporate governance policies. The Board establishes the risk-taking level and risk bearing capacity of the Company and re-evaluates them on a regular basis as part of the strategy and goal setting of the Company. The Board reports to the shareholders of the Company.
Audit Committee is responsible for the following internal control related duties:
- to monitor the reporting process of financial statements;
- to supervise the financial reporting process;
- to monitor the efficiency of the company´s internal control, internal audit, if applicable, and risk management systems;
- to review the description of the main features of the internal control and risk management systems pertaining to the financial reporting process, which is included in the company´s corporate governance statement; and
- to monitor the statutory audit of the financial statements and consolidated financial statements.
More detailed descriptions how the Audit Committee is fulfilling its monitoring role are defined in the Committee´s annual plan. The Audit Committee reports to the Board of Directors of the Company.
Chief Executive Officer
CEO is in charge of the day-to-day management of the Company in accordance with the instructions and orders given by the Board. The CEO sets the ground for the internal control environment by providing leadership and direction to senior managers and reviewing the way they are controlling the business. The CEO is in charge of the risk management process of the Company and its continuous development, allocation of resources to the work, review of risk management policies as well as defining the principles of operation and overall process. The CEO reports to the Board on risk management as part of the monthly reporting. The CEO and the Management Group, which operates under the CEO, are responsible for the management of risks endangering the fulfillment of objectives set for the Company.
The members of the Management Group are responsible for internal control implementation in their responsibility areas. More specific internal control policies and procedures are established within the principles set by the Board and CEO. Additionally, the management of the subgroup and the Group Management are responsible for implementing risk management practices in planning cycle and daily operations, and ensure the adherence of:
- internal policies; and
- ethical values
in their designated responsibility areas.
- ensures a setup of adequate control activities for product and service areas in cooperation with the business management;
- follows the adequacy and effectiveness of control activities; and
- ensures that external reporting is correct, timely and in compliance with regulations.
Finance function does not have a separate internal control function. CFO reports any supervisory findings to the Audit Committee.
CLO ensures that the Group´s corporate governance practices comply with the law and that legal matters of the Group are handled appropriately, in particular the contractual risks relating to business operations.
The Company has no specific internal audit organization. This is taken into account in the content and scope of the annual audit plan. On the one hand, external auditing focuses on specific areas in turn to be audited, and on the other hand, on separately agreed priority areas.