Main Features of the Internal Control and Risk Management Systems Pertaining to the Financial Reporting Process
Internal control seeks to ensure the company’s compliance with applicable laws, regulations, Code of Conduct, and with other recommendations, as well as the reliability of financial and operational reporting. Furthermore, internal control seeks to safeguard the company’s assets and to ensure overall effectiveness and efficiency of operations to meet strategic, operational, and financial targets. Internal control practices are aligned with the risk management process. The goal of the risk management is to support strategy and achievement of targets by anticipating and managing potential business threats and opportunities.
Vaisala’s operating model of internal control and risk management related to financial reporting aims to provide sufficient assurance regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, accepted accounting principles (IFRS) and other requirements for listed companies. The principal components of internal control are control environment, risk assessment, control activities, communications, and monitoring.
The Board of Directors has the overall responsibility for the internal control of financial reporting. The Board of Directors has established a written charter that clarifies its responsibilities and regulates the internal distribution of work of the Board of Directors and its committees. The Board of Directors has appointed the Audit Committee whose task is to ensure that established principles for financial reporting, risk management, and internal control are followed by, and to enable appropriate external audit. The President and CEO is responsible for organizing an effective control environment and ongoing work on internal control as regards financial reporting. The internal audit reports all relevant issues to the Audit Committee and the President and CEO.
Internal audit focuses on developing and enhancing controls related to financial reporting by proactively assessing on internal control environment and by monitoring effectiveness of the control design. Most important internal steering instruments for financial reporting comprise the Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, Disclosure Policy, accounting policies, and other reporting instructions.
Risk assessment as regards financial reporting aims to identify and evaluate most significant threats at the levels of Vaisala, reporting segments, functions, and processes. As a result of risk assessment, the company defines control targets through which it seeks to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on the development of essential risk areas as well as plans and measures to mitigate the risks are communicated regularly to the Audit Committee.
The President and CEO is operationally responsible for internal controls. Internal control related to financial activities as well as to control of the business and the management has been integrated into Vaisala’s business processes. The company has defined and documented significant internal control activities related to its financial statements reporting process as part of business processes. Approval mechanisms, access rights, segregation of duties, authorizations, verifications, reconciliations, and follow-up of financial reporting are essential internal activities. All business units have
their own defined controller function whose representatives participate in planning and evaluating the unit’s performance. They ensure that monthly and quarterly financial reporting follows the company’s policies and instructions and that all financial reporting is delivered on time. The management follows up achievement of targets through monthly management reporting routines. The Chief Financial Officer regularly reports the results of the internal control work and efficiency of the control activities to the Audit Committee.
Vaisala seeks to ensure that the company’s internal and external communication is open, transparent, accurate, and timely. The Disclosure Policy defines how and when information should be given and by whom it is given. It also defines the accuracy and comprehensiveness of the information in order to fulfil the communication obligations. Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, accounting policies, and reporting instructions as well as Disclosure Policy and Insider Policy are available on the company’s intranet.
The Board of Directors, the Audit Committee, the President and CEO, the Management Group and internal audit monitor the effectiveness of internal control related to financial reporting. The monitoring includes follow up of monthly financial reports, review of the rolling estimates and plans, as well as reports from internal audit and auditors. Internal audit assesses the effectiveness of operations and adequacy of risk management and reports the risks and weaknesses related to the internal control processes. Internal audit compiles an annual audit plan and reports the status of the plan and findings regularly to the Audit Committee and the Management Group. Furthermore, the Chief Financial Officer, the General Counsel, internal audit, and auditor coordinate audit planning and monitoring at least twice a year.
General Development Measures in Internal Control and Risk Management in 2018
In 2018, internal audit focused on sales process, EU’s General Data Protection Regulation (GDPR), demand-supply balancing as well as information security management system. The audit of GDRP confirmed that adoption was comprehensive and adequate. Other audits generated development measures in order to harmonize and enhance processes as well as improve internal controls. Development of internal controls focused on enhancement of control environment in end-to-end processes by analyzing of control points. This development as well as harmonization of control
environment in the acquired companies will continue during 2019.
Corporate Governance Statement 2018