Main Features of the Internal Control and Risk Management Systems Pertaining to the Financial Reporting Process
Internal control seeks to ensure the company’s compliance with applicable laws, regulations, Code of Conduct and with other recommendations, as well as the reliability of financial and operational reporting. Furthermore, internal control seeks to safeguard the company’s assets and to ensure overall effectiveness and efficiency of operations to meet strategic, operational and financial targets. Internal control practices are aligned with the risk management process. The goal of the risk management is to support strategy and achievement of targets by anticipating and managing potential business threats and opportunities.
Vaisala’s operating model of internal control and risk management related to financial reporting aims to provide sufficient assurance regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, accepted accounting principles (IFRS) and other requirements for listed companies. The principal components of internal control are control environment, risk assessment, control activities, communications and monitoring.
The Board of Directors has the overall responsibility for the internal control of financial reporting. The Board of Directors has established a written charter that clarifies its responsibilities and regulates the internal distribution of work of the Board of Directors and its committees. The Board of Directors has appointed the Audit Committee whose task is to ensure that established principles for financial reporting, risk management and internal control are followed by, and to enable appropriate external audit. The President and CEO is responsible for organizing an effective control environment and ongoing work on internal control as regards financial reporting. The internal audit reports all relevant issues to the Audit Committee and the President and CEO.
Internal audit focuses on developing and enhancing control related to financial report ing by proactively concentrating on internal control environment and by monitoring effectiveness of the control. Most important internal steering instruments for financial reporting comprise the Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, Disclosure Policy, accounting policies and other reporting instructions.
Risk assessment as regards financial reporting aims to identify and evaluate most significant threats at the levels of Vaisala reporting segments, functions and processes. As a result of risk assessment, the company defines control targets through which it seeks to ensure that the fundamental requirements place on financial reporting are fulfilled. Information on the development of essential risk areas as well as plans and measures to mitigate the risks are communicated regularly to the Audit Committee.
The President and CEO is operationally responsible for internal controls. Internal control related to financial activities as well as to control of the business and the management has been integrated into Vaisala’s business processes. The company has defined and documented significant internal control activities related to its financial statements reporting process as part of business processes. Approval mechanisms, access rights, segregation of duties, authorizations, verifications, reconciliations and follow-up of financial reporting are essential internal activities. All business units have their own defined controller functions whose representatives participate in planning and evaluating the unit’s performance. They ensure that monthly and quarterly financial reporting follows the company’s policies and instructions and that all financial reporting is delivered on time. The management follows-up achievement of targets through monthly management reporting routines. The Chief Financial Officer regularly reports the results of the internal control work and efficiency of the control activities the Audit Committee.
Vaisala seeks to ensure that the company’s internal and external communication is open, transparent, accurate and timely. The Disclosure Policy defines how and when information should be given and by whom it is given. It also defines the accuracy and comprehensiveness of the information in order to fulfill the communication obligations. Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, accounting policies, and reporting instructions as well as Disclosure Policy and Insider Policy are available on the company’s intranet.
The Board of Directors, the Audit Committee, the President and CEO, the Management Group and internal audit monitor effectiveness of internal control related to financial reporting. The monitoring includes follow up of monthly financial reports, review of the rolling estimates and plans, as well as reports from internal audit and auditors. Internal audit assesses the effectiveness of operations and adequacy of risk management and reports the risks and weaknesses related to the internal control processes. Internal audit compiles an annual audit plan and reports the status of the plan and findings regularly to the Audit Committee and the Management Group. Furthermore, the Chief Financial Officer, the General Counsel, internal audit and auditor coordinate audit planning and monitoring at least twice a year.
General Development Measures in Internal Control and Risk Management in 2017
In 2017, internal audit focused on risk management, material flow process, HR and compensation process, IT security policy as well as on travel expense reports. As a result of the findings in the audit of risk management, the company clarified and complemented the Risk Management Policy and renewed risk management processes in order to develop coverage and reporting. Other audits generated development measures in order to harmonize and enhance processes as well as improve internal controls. Development of internal controls focused on improvement of transparency as well as quality and accuracy of performance in inventory, credit risk and fixed assets processes in particular.
Corporate Governance Statement 2017