Internal control and internal audit
Overview of internal control
Successful business requires continuous development and monitoring of the Group’s operations, processes and procedures. Internal control is an essential part of the corporate governance and management of the Group. The Company has defined the operating principles for internal control. The Board of Directors and the CEO are responsible for adequate internal control. The Audit Committee of the Board of Directors is monitoring the effectiveness and efficiency of the internal control systems and the correctness of the financial reporting.
Internal control is a process aiming at providing reasonable assurance on achievement of Group’s strategic and financial objectives. The responsibility for arranging the internal controls belongs to the executive management of the Group and is being carried out by the whole organization. The aim of internal control is to ensure reliability of financial reporting, effectiveness and efficiency of operations as well as compliance with laws and regulations.
Control of financial reporting assures that financial statements are prepared in a reliable manner. The aim is also to ensure that all financial reports published and other financial information disclosed by the Company provide a fair view on the Group’s financial situation.
Control of operations is aiming to ensure effectiveness and efficiency of operations and achievement of the Group’s strategic and financial objectives.
Control of compliance ensures that the Group follows applicable laws and regulations.
Foundation of all Group’s activities lies with Huhtamaki values and principles providing discipline and structure for the operations formalized in policies and guidelines on integrity, ethical behavior and management of personnel. Allocation of authorities and responsibilities as well as segregation of duties allow efficient and proper decision-making procedures.
Group policies, standards and guidelines are deployed in all business segments and business units. Policies, standards and guidelines on financial, human resources, corporate responsibility, environmental, legal and compliance as well as risk management related matters have been issued in the Group. In addition to the Group policies, there are more specific local policies in the business segments and their business units.
The Global finance function and the network of business segment and business unit controllers are supporting and coordinating the financial management and financial control of operations in the Group. The Group’s financial reporting guidelines and standards are applicable throughout the financial reporting process of the Group. The interpretation and application of accounting standards are centralized in the Global finance function which maintains the financial reporting guidelines and standards and takes care of communicating such throughout the Group. The Global finance function also supervises the compliance with such guidelines and standards. Supervision of reporting and budgeting processes is based on the Group’s reporting standards which are determined and updated by the Global finance function. The reporting standards are uniformly applied in the whole Group and a unified Group reporting system is used.
The Group’s strategic direction, objectives and related actions are deployed and communicated throughout the Group. Key performance indicators and annual targets are agreed, approved and communicated as part of the annual planning process. Achievements are followed monthly and quarterly in business review meetings that are held with line management in all business segments and business units.
Key operational performance indicators are monitored continuously. Key process controls aim at identifying risks as well as designing preventive and detective controls. Corrective actions are implemented and monitored by business segment and business unit management. These activities need to be in compliance with Group policies and standards. Internal controls related to quality, safety and environmental processes and procedures are audited both internally and by external service providers.
The Group is applying Lean Six Sigma process in all business segments to identify and implement continuous improvement projects.
Group-wide policies, for example on corporate governance for subsidiaries, competition compliance, data privacy, contracts and agreements, management of claims, disputes and proceedings as well as insider matters have been issued. Compliance with the policies is facilitated through communication and training. The Group has a Global compliance function. Internal audit also covers the compliance with policies.
Overview of internal audit
The objective of the internal audit is to improve the effectiveness of supervising obligation of the Board of Directors. Internal audit aims at ensuring that the Group’s operations are efficient, information is adequate and reliable and that set policies and procedures are properly followed by the organization.
The Group has an internal audit function, and in 2017 internal audit field work has been managed in cooperation with Deloitte Oy. The Code of Ethics and other standards and guidelines issued by the Institute of Internal Auditors are complied with in internal audit activities. In 2017 internal audits have been conducted in various Group and business segment level processes as well as in business units on a monthly basis according to an approved annual internal audit plan.
Global internal audit function evaluates independently and systematically Group’s management and governance systems as well as the effectiveness, efficiency and appropriateness of the Group’s business processes and risk management. The internal audit function provides development recommendations for the aforementioned systems and processes in the internal audit reports. The main purpose of these activities is to assure achievement of strategic and financial objectives of the Group.
The Audit Committee of the Board approves the annual internal audit plan. Audit engagements are included in the plan in accordance with the Group’s strategic objectives, assessed risks, focus areas defined by the Board and the executive management of the Group on a rotation basis. The internal audit function reports to the Audit Committee. Additionally, the CEO, the CFO, the Group General Counsel, the Head of Compliance and management of the business segment and business unit where the audit has been conducted are informed of the results of the audit. Achievement of actions related to internal audit recommendations are followed by segment management and internal auditor. Results of these internal audit follow-ups are reported to the Audit Committee of the Board.
Internal audit pre-material, documentation and data are collected before internal audit field work. During the field work further findings are recorded at site. Internal audit reports include key findings, conclusions and recommendations for control improvements. The management of the audit target prepares an action plan to mitigate risks and develop controls to improve recommended audit issues. The implementation of the action plans is followed up regularly by the line management and the Group internal audit manager.