Internal control and internal audit

Last updated: February 27, 2024

Overview of internal control

Successful business requires continuous development and monitoring of the Group’s operations, processes and procedures. Internal control is an essential part of the corporate governance and management of the Group. The Company has defined the operating principles for internal control. The Board and the President and CEO are responsible for adequate internal control. The Audit Committee is monitoring the effectiveness and efficiency of the internal control systems and the correctness of the financial reporting.

Internal control is a process aiming at providing reasonable assurance on achievement of Group’s strategic and financial objectives. The responsibility for arranging the internal controls belongs to the executive management of the Group and is being carried out by the whole organization. The aim of internal control is to ensure reliability of financial reporting, effectiveness and efficiency of operations as well as compliance with laws and regulations.

Control of financial reporting assures that financial statements are prepared in a reliable manner. The aim is also to ensure that all financial reports published and other financial information disclosed by the Company provide a fair view on the Group’s financial situation. Control of operations is aiming to ensure effectiveness and efficiency of operations and achievement of the Group’s strategic and financial objectives.

Control of compliance ensures that the Group follows applicable laws and regulations.

Foundation of all Group’s activities lies with Huhtamaki values – Care, Dare, Deliver – forming the core of the culture and way of working as well as providing discipline and structure for the operations formalized in the Huhtamaki Code of Conduct, policies, instructions and guidelines. Allocation of authorities and responsibilities as well as segregation of duties allow efficient and proper decision-making procedures.

Group policies, standards and guidelines are deployed in the Group functions and in all business segments and business units. Policies, standards and guidelines on, e.g., financial, human resources, corporate responsibility, environmental, legal and compliance as well as risk management related matters have been issued in the Group. In addition to the Group policies, there are more specific local policies in the business segments and their business units.

Reliability of financial reporting add_circle_outline

The Global finance function and the network of business segment and business unit controllers are supporting and coordinating the financial management and financial control of operations in the Group. The Group’s financial reporting guidelines and standards are applicable throughout the financial reporting process of the Group. The interpretation and application of accounting standards are centralized in the Global finance function which maintains the financial reporting guidelines and standards and takes care of communicating such throughout the Group. The Global finance function also supervises the compliance with such guidelines and standards. Supervision of reporting and budgeting processes is based on the Group’s reporting standards which are determined and updated by the Global finance function. The reporting standards are uniformly applied in the whole Group and a unified Group reporting system is used.

Effectiveness and efficiency of operations add_circle_outline

The Group’s strategic direction, objectives and related actions are deployed and communicated throughout the Group. Key performance indicators and annual targets are agreed, approved and communicated as part of the annual planning process. Achievements are followed monthly and quarterly in business review meetings that are held with line management in all business segments and business units.

Key operational performance indicators are monitored continuously. Key process controls aim at identifying risks as well as designing preventive and detective controls. Corrective actions are implemented and monitored by business segment and business unit management. These activities need to be in compliance with Group policies and standards. Internal controls related to quality, safety and environmental processes and procedures are audited both internally and by external service providers.

The Group is applying World Class Operations process in all business segments to identify and implement continuous improvement projects.

Compliance with laws and regulations add_circle_outline

Group-wide policies, for example on anti-corruption, corporate governance, competition compliance, data privacy, trade sanctions compliance, information security, contracts and agreements, management of claims, disputes and proceedings as well as insider matters have been issued. Compliance with the policies is facilitated through communicat ion and training. The Group has a Global compliance function. Internal audit also covers the compliance with policies.

Overview of internal audit

The objective of the internal audit is to improve the effectiveness of supervising obligation of the Board. Internal audit aims at ensuring that the Group’s operations are efficient, information is adequate and reliable and that set policies and procedures are properly followed by the organization.

The Group has an internal audit function, and in 2023 internal audit f ield work has been partially managed in cooperation with Deloitte Oy. The Code of Ethics and other standards and guidelines issued by the Institute of Internal Auditors are complied with in internal audit activities.

In 2023 internal audits have been conducted in various Group and business segment level processes as well as in business units on a monthly basis according to an approved annual internal audit plan.

Global internal audit function evaluates independently and systematically Group’s management and governance systems as well as the effectiveness, efficiency and appropriateness of the Group’s business processes and risk management. The internal audit function provides development recommendations for the aforementioned internal controls, systems and processes in the internal audit reports. The main purpose of these activities is to assure achievement of strategic and f inancial objectives of the Group.

The Audit Committee approves the annual internal audit plan. Audit engagements are included in the plan in accordance with the Group’s strategic objectives, assessed risks, focus areas defined by the Board and the executive management of the Group on a rotation basis. The internal audit function reports to the Audit Committee. Additionally, the President and CEO, the CFO, the Group General Counsel, the Compliance Counsel, other representatives of relevant Global functions as well as the management of the business segment and business unit where the audit has been conducted are informed of the results of the audit. Achievement of actions related to internal audit recommendations are followed by segment management and internal auditor. Results of these internal audit follow-ups are reported to the Audit Committee.

Internal audit pre-material, documentation and data are collected before internal audit field work. During the field work further findings are recorded at site. Internal audit reports include key findings, conclusions and recommendations for control improvements. The management of the audit target prepares an action plan to mitigate risks and develop controls to improve recommended audit issues. The implementation of the action plans is followed up regularly by the line management and the Group internal audit manager.