Internal control, risk management and internal audit

The objective of Etteplan Oyj’s internal control and risk management is to ensure that the Company’s operations are efficient and profitable, its information is reliable, and it complies with appropriate regulations and operating principles. The objectives also include identification, assessment, and monitoring of risks related to business operations. Internal audit helps to improve the efficient fulfilment of the Board’s supervision obligation.

 

Operating principles of internal control

Etteplan’s internal control process in controlled by the Finnish Companies Act, the Securities Markets Act and other laws and regulations applicable to the operations of the company, the rules and recommendations of the Helsinki Stock Exchange as well as Corporate Governance Code for Finnish listed companies. External control is implemented by the company’s auditors and the authorities.

Internal control in Etteplan covers financial reporting and other monitoring. The function of internal control is to ensure that the company achieves the goals and objectives set for it, as well as uses its resources economically and appropriately. Internal control also aims to ensure among other things correct and reliable financial and other information, compliance with external regulations and internal guidelines and policies as well as sufficient security of operations and information. Furthermore, internal control aims to ensure the organization of adequate and appropriate IT and manual systems to support the operations of the company.

In Etteplan internal control is executed by the Board of Directors, management and the company’s entire personnel. Internal control is divided into 1) proactive control, 2) day-to-day control and 3) subsequent control. Proactive control consists of specification of corporate values and general operational principles. Day-to-day control includes operational steering and monitoring and thereto related operational systems and work instructions. Subsequent control comprises management evaluations and inspections, comparisons and verifications with the aim of ensuring that the goals are met and the agreed operational principles are followed.

 

Organization of risk management

Risk management is an integral part of Etteplan’s business management and internal control framework. The function of risk management is to anticipate future risks, to ensure that targets are reached and to secure operations in changing conditions. The objective is to ensure that the company’s operations are efficient and profitable, that the information produced is reliable and that it complies with the appropriate regulations and operating principles.

The key measures of Etteplan risk management are proactive measures, securing operations, limiting adverse impacts and utilizing opportunities. Etteplan risk management consists of coordinated measures aiming to identify, evaluate, manage and control all major risk areas of the Group in a systematic and proactive manner.

Etteplan’s risk management process is led by the Group President and CEO together with the Management Group member responsible for risk management. The Management Group monitors the significant risks of the business units and supervises the development of the Group’s risk management system and practices.

The business managers have the primary responsibility for risk management. Managers are responsible for risk management in their business areas in compliance with the Group’s risk management guidelines. Risk management ensures profit, quality and continuity.

Managers report on the major risks and overall risk status of their business area to the Management Group as part of the monthly business reporting. The Group’s financial administration monitors and assesses operational and financial risks and takes measures to hedge against them in cooperation with the Board of Directors, the Management Group and operative management.

The Board of Directors supervises risk management and approves the risk management guidelines of the Group. Risk management actions and the most relevant Group level risks are reported regularly to the Board of Directors.

Risks and risk management are presented on Company’s website www.etteplan.com and in the Annual report 2016.

Reviews concerning financing risks are presented in the notes to the consolidated financial statements in the Annual Report 2016.

 

 

Internal audit

Etteplan Group does not have separate internal audit function. The Board can engage external advisors to perform evaluations relating to control environment or other activities.

 

Description of the main features of the internal control and risk management systems pertaining to the financial reporting process

Etteplan prepares consolidated financial statements and interim reports in accordance with the International Financial Reporting Standards, as adopted by EU, the Securities Markets Acts as well as the appropriate Financial Supervision Authority Standards and Nasdaq Helsinki Ltd’s rules. The Report of the Board of Directors of Etteplan and parent company financial statements are prepared in accordance with Finnish Accounting Act and the opinions and guidelines of the Finnish Accounting Board.

Etteplan Group observes Group level accounting principles and instructions, which are applied in all Group companies and according to which the Group's financial reporting is prepared. Together with reporting calendar and schedules, accounting principles and instructions form the framework for timely and correct Group reporting. Etteplan’s business operations are in all material respects located in Finland, Sweden, China, the Netherlands and Poland, and all countries have local accounting and financial reporting organizations, systems and reporting to the Group. Internal control and risk management systems and practices as described below are designed to ensure that the financial reports as disclosed by the Company give essentially correct information about the Company finances.

Etteplan has a common Group consolidation system. Accounting data is transferred from the local accounting systems either automatically or manually and correctness is controlled by the Group’s accounting team. Common chart of accounts forms the basis of Group reporting. The Group accounting, consolidation and published financial reports are prepared by the centralized team.

 

Internal control over financial reporting

Proper arrangement and monitoring of internal control is the responsibility of the local management in accordance with the Group framework. Etteplan Board of Directors has approved operating principles of internal control, which have been prepared in accordance with the Code recommendation 48. Operating principles include the main features of risk management process, summary of risks, control objectives and common control points for financial reporting as well as roles and responsibilities in executing and monitoring internal control in Etteplan.

Internal controls over financial reporting process at the country and Group level was a focus area in 2009. Since then the processes have been reviewed and updated annually. Etteplan’s finance organization has analyzed process risks and defined control objectives for external financial reporting process. Existing control points in the process have been documented. These control points include for example reconciliations, authorizations, analysis, and segregation of key accounting duties. The work has been led by the Group CFO.

According to its annual clock, the Management Group has monthly meetings where also financial performance and financial reporting are analyzed. Prior to these meetings, financial reports have been analyzed in the business group level to detect any irregularities or errors. Group level financial reports are prepared to the Etteplan Board on a monthly basis. The Board also reviews and approves interim financial reports, annual results report and financial statements.

Etteplan does not have separate internal audit function. The Board can engage external advisors to perform evaluations relating to control environment or other activities.

Management of Financial Risks