Risk management and internal control

The purpose of risk management is to promote the achievement of the Group’s goals.

Financial targets and guidance
Riskienhallinta

Risk management

Risk management aims to proactively identify and manage potential problems and to identify and seize business opportunities. Risk management supports the development and implementation of Aspo Plc’s strategy.

The purpose of risk management is that:

  • Aspo Plc has an effective risk management control model, and related processes integrated into its business management.
  • Managers have access to high-quality and up-to-date information about business risks and their control measures, providing support for decision-making.
  • The probability of the materialization of risks and unexpected events and their impacts on financial performance and reputation can be reduced effectively.
  • Risk management measures and selected control measures are based on Aspo Plc’s willingness to take risks and ability to tolerate risks.
  • Cooperation in risk management is effective between Aspo Plc’s different businesses.

The managers of the Group and its businesses are responsible for risk management. They are also responsible for determining sufficient measures and their implementation, and for monitoring and ensuring that the measures are implemented as part of the daily management of operations.

Risk management is coordinated by SVP, Legal and Sustainability, who reports to the CEO.

The Audit Committee monitors the effectiveness of the risk management systems and deals with risk management processes, plans and reports. Each business has a separate risk management program. Business risks and their management are discussed regularly by the management teams of the
businesses. The Group’s shared functions ensure that sufficient risk assessment and reporting procedures are incorporated into the processes they are responsible for. The Group’s administration is responsible for Group-level insurance plans. 

Characteristic risks in each business area are identified in the business units, assessed in the business units’ management teams, and reported to the subsidiaries’ Boards of Directors and, if necessary, also to Aspo Plc’s Board of Directors or the Audit Committee.

Risks are continuously assessed, and their management is discussed in the business units’ management teams. Risk assessments are updated in accordance with Aspo Plc’s management policy, and the most noteworthy findings are presented in the quarterly interim reports. Financial risks, their management principles and the related organizations are presented in the notes to the financial statements.

Risks and near-term uncertainties

Board of Directors' Report 2024

The main uncertainties in Aspo’s financial performance are related to the demand for maritime transport and to some extent also to the development of market prices and the volume and price development of the products sold by Telko and Leipurin. These conditions are affected by general economic developments. In 2023 and 2024, economic growth in Europe has been very low. In particular, industrial production has been low or even declining. Low consumer and industrial confidence and high geopolitical uncertainty have negatively impacted investment activity and reduced the demand for industrial and consumer products and services. Delay or further deterioration of the recovery of economic activity may have a negative impact on the profitability of Aspo’s business operations.

Geopolitical tensions, such as Russia’s ongoing war in Ukraine, increased security threats in the Baltic Sea, conflicts in the Middle East and trade tensions between major economies, continue to cause great uncertainty in the operating environment and may undermine overall economic growth, affect energy prices and interrupt shipping, and lead to increased costs, disrupt supply chains and change trade flows. The prolongation and possible expansion of geopolitical tensions may have a negative impact on business operations in Aspo’s market areas.

Increasing global tensions can worsen the operating conditions in all business operations. In line with its strategy, Aspo aims to increase its profit through investments in environmentally friendly vessels and through acquisitions. The future profitability of these investments involves uncertainty. Implementing the strategy, combined with the currently relatively high financing costs, can reduce the free cash flow and weaken the balance sheet and solvency.

Changes in environmental legislation and uncertainty in the schedule of the green transition may affect the competitiveness of Aspo’s business operations, as well as the competitiveness of Aspo’s key principals and customers. This may negatively impact Aspo’s business volumes and margins.

Aspo’s operations depend on the availability of IT systems and network services. Lack of services can cause disruptions to business operations. Recent geopolitical tensions have increased the threat of cyberattacks. Because the estimates concerning the future presented in this annual report are based on the current situation, they involve risks and other uncertainties that may cause actual future outcomes to differ from the estimates.

Internal control

The objective of Aspo Plc’s internal control is to ensure the profitability and efficiency of operations, reliable financial reporting, and compliance with the applicable laws and regulations and the agreed practices and operating principles. Aspo Plc’s internal control includes the control integrated into the business processes, the Group’s management system, and financial reporting covering the entire Group. Internal control is an integral part of the company’s management, risk management and administration.

The aim of internal control is to create sufficient certainty of goals and objectives being reached in terms of the following:

  • Operational profitability and efficiency and capital management
  • Reliability and integrity of financial and operational information 
  • Compliance with laws, regulations and agreements, as well as ethical principles and social responsibility
  • Safeguarding and responsible management of assets and brands

The responsibility to arrange internal control lies with the Board of Directors and the CEO both at Group level and in the different businesses. The internal audit function supports the Group and business management in their internal control responsibility, and the aim is to provide Aspo Plc’s Board of Directors with sufficient certainty of the effectiveness of internal control. The Audit Committee monitors the operations and effectiveness of the company’s internal control at its meetings and reviews the plans and reports of internal control.

Financial reporting

The control of financial reporting is based on monitoring business processes. The information for financial reporting is created as business processes progress, and the responsibility for accurate information is shared by all participants in the process. The financial reporting process is decentralized and it is monitored by the Audit Committee.

Consolidated financial statements are prepared in accordance with the IFRS standards as adopted by the EU. The financial statements of the parent company and the Finnish subsidiaries are prepared in accordance with the Finnish Accounting Standards. Each separate company complies with the legislation of the country the company is located in, but reports the information in accordance with Aspo’s internal accounting guidelines. Separate companies may have their own chart of accounts, but all information is consolidated based on a common chart of accounts to the unit level, where its reliability is assessed before the information is transferred to Group level.

Aspo Group’s financial information is verified and assessed on a monthly basis. In each phase, the unit responsible for the quality and generation of information will assess its reliability. The Group-level monitoring and reconciliation mechanisms are used on a monthly basis.

The systems required for financial reporting are decentralized and used in accordance with the principles of internal control. The achievement of the set targets is monitored on a monthly basis within the Group’s consolidation and reporting system. In addition to actual and comparison figures, the system provides up-to-date forecasts. The reports are provided for Aspo’s Board of Directors monthly. The Board of Directors assesses the Group’s position and future based on the information provided.

In addition to the Audit Committee, the reliability of reporting and processes is assessed by an independent external audit firm.

Internal audit

Internal audit assists the Board of Directors in its control responsibility by, amongst other things, assessing the level of internal control maintained to achieve Aspo Plc’s operational targets. Internal audit supports the organization by assessing and verifying the effectiveness of business processes and risk management, as well as management and administration.

The operating principles for internal audit are approved as a part of the internal control principles provided by the Board of Directors. The Group’s SVP, Legal and Sustainability, is responsible for the coordination of internal audit activities, and internal audit findings are reported to the CEO, the Audit Committee and the Board of Directors. Internal audit is organized corresponding to the size of the Group. Additional resources and special expertise are acquired if necessary.

Audits are based on risk assessment. The target of the assurance work and assessment include the profitability and effectiveness of operations, the reliability of financial and operational reporting, compliance with laws, and the safeguarding of assets. Written audit reports are prepared and distributed to the Group’s CEO, the senior management of the audited business, and the management of the audited operation or unit. Internal audit prepares a summary report on conducted audits, the most significant findings and agreed measures at least quarterly for the Audit Committee of Aspo Plc’s Board of Directors. The Audit Committee monitors the operations and effectiveness of the company’s internal audit at its meetings and reviews the plans and reports of internal audit.

With the regulatory changes in sustainability reporting, Aspo will integrate sustainability reporting as part of its risk management and internal audit processes in the next few years.

Quick links

Updated: 04.02.2026