Risk Management and Internal Control

Internal control procedures and main features of risk management systems.

Internal Control

Internal control ensures that the Company’s business objectives can be achieved. Through efficient control, deviations from objectives can be prevented or detected as early as possible, so that corrective measures can be taken.

The purpose of internal control is to ensure the profitability, efficiency, continuity and freedom from disruptions of operations and that the Group’s financial and operating reporting both externally and internally is reliable and compliant, and that internal principles, policies and guidelines are followed. Further, the internal control ensures compliance with laws and agreements. Internal control measures cover all Group levels and functions. Information systems are of vital importance for effective internal control.

The planning of the control measures begins with the definition of business objectives and the identification and assessment of the risks that threaten the objectives. Control measures are targeted based on risks, and control measures are selected as appropriate so as to keep the risks under control.

The Board and the CEO are responsible for organising internal control. The financial performance of the Group is monitored monthly in the Executive Management Team and in the management teams of the business areas. Each business area must ensure effective control of its own operations. The business areas and the Group Finance organization are responsible for the financial reporting processes. The Audit Committee assesses the financial reporting processes. In addition, the financial situation of the Group is also monitored in the meetings of the Audit Committee and the Board. The Audit Committee and the Board review the interim reports and financial statements before their approval and publication.

Risk Management

The objective of risk management in the Group is to support the implementation of the strategy, the identification of risks and methods for reducing the probability and impacts of risks, as well as ensuring business continuity. Risks may arise from internal or external events. The Board has approved the Group Risk Management Policy, which describes the objectives, principles and responsibilities of risk management in the Group and also the principles of reporting. Accordingly, the Risk Steering Group supports and co-ordinates risk management as part of the Group’s planning and steering processes. It also regularly reports the key risks to the management and the Audit Committee. The Board discusses the Group’s most significant risks and uncertainties and reports them to the market annually in the Board’s Report. In addition, the Company describes the material short-term risks and uncertainties in half-yearly reports and interim reports. In the Group, the business areas are responsible for risks related to their operations and their identification, prevention and key mitigation means. The Group Treasury manages the financial risks according to the hedging principles defined in the Treasury Policy. The Company’s Internal Audit annually evaluates the efficiency of the Company’s risk management system.