Corporate governance

Risk management

Risk management and internal control

The task of internal is to ensure that the company’s operations are efficient and effective, that the information produced is reliable and that regulations and operating principles are complied with. Internal control is the responsibility of the Board of Directors and operational management. Internal control is implemented through a reporting system created for the company.

In their work, external auditors audit the internal control supervision. In addition to Finland, the auditors audit the accounts in subsidiaries in Germany and Japan.

Internal audit

The task of internal audit is to assess the appropriateness of the company’s internal control, risk management and operations. The purpose of internal audit is to ensure the functioning of these areas at the most critical points.

It has not been considered appropriate for internal audit to create its own organization, but the activities are mainly carried out by financial administration personnel. If independence, which is an important part of internal auditing, is compromised, the services of the auditing firm elected by the Annual General Meeting or another auditing firm are used. The CFO reports on the audit findings to the Board and the CEO in accordance with the agreed schedule.

In subsidiaries, internal audit is performed by the parent company’s financial administration personnel. There are no independence issues in these respects.

Risk management

The goal of risk management is to comprehensively identify operational risks and ensure that risks are properly managed when making business decisions. The company’s risk management ensures business continuity. Risk management also safeguards the company’s brand and ensures compliance with laws and regulations. Risk management does not have its own organization, but related matters are handled in accordance with the division of responsibilities defined by the organization.