Risk management and internal control

The Board of Directors of Loihde Plc has confirmed the principles of risk management, internal control and internal audit that the Group shall comply with.

Risk management

The aim of Loihde’s risk management is to support the implementation of the strategy and the achievement of the targets as well as to promote business continuity by reducing business vulnerability and protecting functions that are critical to business operations.

Risk management is an integral part of Loihde’s daily business management. The Board of Directors and operational management of each Group company ensures that risk management is taken into account in the company’s business operations, on both a strategic and operational level. The organising of risk management in practice is lead on a strategic and Group level by Loihde Plc’s EVP Strategy and Business Development and on an operational level by the person in charge of the company’s risk management. The actual risk management is performed by every employee and supervisor in the company in their day-to-day work.

Risks are identified and assessed with the help of strategy risk mapping in connection with strategy, with the help of project risk assessment in connection with projects and in connection with annual structural risk mapping. When identifying risks, a comprehensive view of the internal and external environment of the Group, the business area and the unit and possible events that could affect the reaching of the targets is formed.

In the annual risk assessment, risks are assessed based on the probability of fulfilment and the impact they would have.

From the point of view of reaching the targets, risks seen as particularly significant are defined as key risks and these are examined and approved annually by Loihde’s Board of Directors, and the resources and actions of risk management are primarily aimed at these. For key risks, a risk owner is appointed. The key risk owner plans and organises adequate actions for controlling the risk and is responsible for the implementation and reporting of these.

The most significant risks

The most significant risks and uncertainties that affect the operations of the Loihde Group are described in the company’s financial statements and the report of the Board of Directors.

Internal control

Internal control is a part of Loihde’s risk management system. It is the duty of internal control to adequately ensure the accuracy of processes and control risks that can have a negative effect on the accuracy of financial reporting or business functionality and efficiency or that can be linked to compliance with external laws and internal operating principles and guidelines.

The internal control procedures include, for example, policies and guidelines, risk identification and control measures to reduce risks, as well as the ensuring of the functionality of the controls.

The person most responsible for the Group’s internal control is the CEO of Loihde Plc and on a business or company level the Chief Business Officer or Managing Director of the company. They take responsibility for that there are adequate internal control procedures to control risks and prevent adverse events. Operational management is responsible for risks and controls relating to them as well as for implementing corrective measures relating to controls.

The management with the above-mentioned responsibilities and the entire personnel constitute the so-called first line of defence of internal control. The second line of defence is the financial organisation of the Group and its subsidiaries. Internal control, auditors and supervisory authorities function independently as independent organisations constituting the third line of defence.

The Audit Committee supervises the internal control and the development and implementation of internal audit by authorisation of the Board of Directors. The CFO reports to the Audit Committee at least annually about the implementation of internal control and the results of internal audits.

Internal audit

Internal audit is a function that is intended to verify the fulfilment of the management and control environment and to recommend the development of the control environment on the basis of the conducted audits. Loihde does not have a separate function for internal audit. The Board of Directors assesses the need for internal audit annually and decides on the tasks needed for internal audit and the organising of these based on the assessment. The Board of Directors can use external help for implementing audits.