Risk Management and Internal Control

Internal control procedures and main features of risk management systems

Internal Control

The purpose of internal control is to ensure that reporting in the Altia Group is reliable and compliant, and that internal principles, policies and guidelines are followed. Internal control measures cover all Group levels and functions. Information systems are of vital importance for effective internal control. The financial performance of the Group is monitored monthly in the Executive Management Team and in the management teams of the business areas’. Each business area must ensure effective control of its own operations. The business areas and the Group Finance organization are responsible for the financial reporting processes. The Audit Committee assesses the financial reporting processes. In addition, the financial situation of the Group is also monitored in the meetings of the Audit Committee and the Board of Directors. The Audit Committee and the Board of Directors review the interim reports and financial statements before their approval and publication.

Risk Management

The objective of risk management in the Altia Group is to support the implementation of the strategy, the identification of risks and methods for reducing the probability and impacts of risks, as well as ensuring business continuity. Risks may arise from internal or external events. Altia Plc’s Board of Directors has approved the Group Risk Management Policy. The Policy describes the objectives, principles and responsibilities of risk management in Altia Group and also the principles of reporting. Accordingly, the Risk Steering Group supports and co-ordinates risk management as part of the Group’s planning and steering processes. It also reports the key risks to the management and the Audit Committee. The most significant risks and uncertainties are assessed annually in the Board of Directors’ Report. In the Altia Group, the business areas are responsible for risk related to their operations and their identification, prevention and key mitigation means. The Group Treasury manages the financial risks according to the hedging principles defined in the Treasury Policy. The key financial risks of the Group are described in Note 4.1. Financial Risk Management to the financial statements. The Group Treasury is also responsible for administering the global insurance programs.