Internal control
Internal Control
Internal control ensures that the Company’s business objectives can be achieved. Through efficient control, deviations from objectives can be prevented or detected as early as possible, so that corrective measures can be taken. The purpose of internal control is to ensure the profitability, efficiency, continuity and freedom from disruptions of operations and that the Group’s financial and operating reporting is reliable and compliant, both externally and internally, and that internal principles, policies and guidelines are followed. Further, internal control ensures compliance with laws and regulations. Internal control measures cover all Group levels and functions. Information systems are of vital importance for effective internal control.
The planning of the control measures begins with the definition of business objectives and the identification and assessment of the risks that threaten the objectives. Control measures are targeted based on risks, and control measures are selected as appropriate to keep the risks under control.
The Board of Directors and the CEO are responsible for organising internal control. The CEO sets the ground for the internal control environment (‘tone at the top’) by providing leadership and direction to the executive management, and by reviewing the way they manage and control the business. The CEO is responsible for managing the business and administration in accordance with the applicable laws and regulations, and the direction of the Board of Directors.
The CEO is accountable for establishing sufficient internal control processes in the organisation. The CEO is assisted by the CFO and Purmo Group operative management in these duties. The business functions and the Group finance organisation are responsible for the financial reporting processes. The Audit Committee and the Board of Directors assess the financial reporting processes and monitor the financial situation of the Group. The Audit Committee and the Board review the interim and half-year reports and financial statements before their approval and publication.
Risk Management
The primary objective of risk management in Purmo Group is to support the Company’s strategy execution, continuity of operations and realisation of business objectives by anticipating any risks involved in the Company’s operations and managing them in a proactive manner. Enterprise risk management emphasises the role of corporate culture and is an integrated part of operations, planning, and decision-making in Purmo Group. Risk is defined as an uncertain event, caused by external or internal factors, which may be either a threat or an opportunity. The Board of Directors has approved the Enterprise Risk Management Policy, which defines the framework, processes, governance and responsibilities of risk management in Purmo Group.
The Board of Directors and the Audit Committee monitor and are responsible for ensuring that Purmo Group’s risk management process functions are comprehensive. The Board defines the risk appetite and tolerance, according to the current conditions.
The Company’s operative management is responsible for achieving the set objectives and controlling, managing and mitigating risks that threaten them. The operative management is also responsible for the risk management work, and for ensuring the performance of the risk management process and the availability of sufficient resources. The COO is responsible for instructions and advice to the operations and functions concerning enterprise risk management, and for monitoring the practical implementation of the process. Risk management assessments are coordinated by the COO together with the Head of Enterprise Risk Management, who supports the management, operative business functions and other supportive functions in the risk management work. The Head of Enterprise Risk Management reports key risks to the Board of Directors on an annual basis. The Board discusses Purmo Group’s most significant risks and uncertainties and reports them to the market annually in the Board’s Report. In addition, the Company describes the material short-term risks and uncertainties in interim reports and half- year reports. In Purmo Group, the business functions are responsible for risks related to their operations and their identification, assessment and mitigation means. The Company’s internal audit is responsible for developing a risk-based audit plan and conducting the audit procedures based on the plan and reports, as an independent function, directly to the Board and Audit Committee.