Main page  »  Aspo »  Management »  Corporate Governance »  Internal Control

Kuvapaikka - Imageplace

Internal Control, Financial Reporting, Internal Audit and Risk Management


Internal Control

Internal control in Aspo contains inbuilt controls in business processes, the management system in the Group and extensive economic reporting that covers the whole Group. Internal control is an essential part of risk, operational and company management.

The target of internal control is achieving sufficient reliability with regard to the following issues:

-          profitability and efficiency of operations
-          reliability and integrity of economic and operative information
-          compliance with legislation, regulations and contracts
-          securing assets

The Board of Directors and the CEO are responsible for arranging the control both in the Group and the business units. The CEO is responsible to the Board of Directors, and the Board to the shareholders. The chain of responsibility goes through the whole organization and every member of the personnel is liable for the control of his/her area of responsibility to the superior. The controller of each Group company is responsible for ensuring the compliance with legislation and the Group’s policies and procedures. The controllers report to the business unit management and to the Group CFO. The CFO reports the findings to the CEO and the Board of Directors. The internal control function assists the Aspo Group executives in monitoring. The target is to give the Board of Directors sufficient confidence concerning the validity of the internal control.

Financial Reporting

The control of the financial reporting is based on monitoring the business processes. The information for financial reporting is created as business processes progress. The responsibility for correct information is shared by all participants in the process. The financial reporting process is decentralized.

The financial statements of the Group are compiled according to the IFRS standards, those of the parent company and Finnish subsidiaries according to the FAS standards. Each separate company complies with the legislature of the country where it is located, but reports based on the internal accounting regulations by Aspo. Separate companies may have their own accounting framework, but all information is consolidated on basis of common framework to the business area level, where their reliability is assessed. The information is then forwarded to the Group level where the financial reports are consolidated, verified, and assessed on monthly basis. At each phase the unit responsible for the quality and generation of information will assess its reliability. The Group level inspection and balancing mechanisms are used both monthly and quarterly basis.

The systems required for financial reporting are decentralized and used according to the principles of internal control of the Aspo Group. Achieving the set targets is followed on monthly basis with the reporting system. In addition to actual and comparison figures, it provides up-to-date forecasts. The reports are provided to the Aspo Board of Directors monthly. The Board of Directors assesses the Group’s position and future based on the provided information. The Board of Directors is responsible for the contents and publication of the financial statement.

In 2009, the reporting systems have been updated and partly integrated in order to improve the level of internal control.

Besides the internal control, the reliability of reporting and processes are assessed by an independent, external audit corporation.

Internal Auditing

The purpose of internal auditing is to support evaluation and confirmation of the Group to verify efficiency of risk management, control, leadership and administration. Internal auditing assists the Board of Directors and organization in achieving the Group targets and in ensuring and developing the control system.

The Board of Directors approves the principles of internal auditing and controls. The Group CFO is responsible for the internal auditing, and reports the findings to the CEO and the Board of Directors. Internal audit is organized corresponding to the size of the Group. Externally purchased services with special skills will be used for demanding assessments. The target is to accomplish two or three risk-based audits annually. The audits are based on risk assessment as defined in the risk analyses of individual business units. The objects of the assessment and auditing process are profitability and efficiency of activities, reliability of financial and activity reporting, compliance issues and securing the assets.

Risk Management

The target of risk management is to ensure the fulfilment of Group strategy, development of financial result, shareholder value, dividend payment capability and business continuity. The business unit management has the responsibility for risk management. The business unit management defines the necessary actions, ensures their realization and evaluates the actions as a part of their normal operations guidance. The Group CFO coordinates the risk management and reports to the Group CEO.

Each business area has a separate risk management program and a corresponding business continuity plan. Business risks and their management are dealt with in the executive teams of the business units. The functions common to the whole Group will attend that sufficient risk assessment and reporting procedures are incorporated into the processes they are responsible for. For certain risks, the risk management principles and key contents are defined in Group level policies and instructions. The Group management is responsible for the Group level insurance policies.

The risk management is essentially based on the aforementioned procedures of internal controls, where the chain of responsibility is extended throughout the Group. The most important factors in business risk management are a profound understanding of the business and command of the tools, which are used for daily business operations and their controlling. Characteristic risks to each business area are identified in the business units, assessed in the business unit management teams, and reported to the executive teams and to the Aspo Audit Committee. The Group CEO acts as the chairman of the Boards of Group companies.

Risks are continuously assessed and their managing is discussed in the business unit executive teams. Risk assessments are updated according to the Aspo management policy and the most noteworthy findings are presented in the quarterly issued interim reports. Larger projects always include a separate risk analysis. The most significant risks for the Group are assessed once a year and the results are presented in the annual report.

For more information on financial risks, the principles of financial risk management and administrative model, see Notes to the consolidated financial statements, page 74.

See also Risk management in 2009.


« Back