Risk management and internal control

The Board of Directors of Loihde Plc has confirmed the principles of risk management, internal control and internal audit that the Group shall comply with.

Risk management

The aim of Loihde’s risk management is to support the implementation of the strategy and the achievement of the targets as well as to promote business continuity by reducing business vulnerability and protecting functions that are critical to business operations.

Risk management is an integral part of Loihde’s daily business management. The Board of Directors and operational management of each Group company ensures that risk management is taken into account in the company’s business operations, on both a strategic and operational level. The organising of risk management in practice is lead on a strategic and Group level by Loihde Plc’s EVP Business Development and on an operational level by the person in charge of the company’s risk management. The actual risk management is performed by every employee and supervisor in the company in their day-to-day work.

Risks are identified and assessed with the help of strategy risk mapping in connection with strategy, with the help of project risk assessment in connection with projects and in connection with annual structural risk mapping. When identifying risks, a comprehensive view of the internal and external environment of the Group, the business area and the unit and possible events that could affect the reaching of the targets is formed.

In the annual risk assessment, risks are assessed based on the probability of fulfilment and the impact they would have.

From the point of view of reaching the targets, risks seen as particularly significant are defined as key risks and these are examined and approved annually by Loihde’s Board of Directors, and the resources and actions of risk management are primarily aimed at these. For key risks, a risk owner is appointed. The key risk owner plans and organises adequate actions for controlling the risk and is responsible for the implementation and reporting of these.

The most significant risks

The most significant risks and uncertainties that affect the operations of the Loihde Group are described in the company’s financial statements and the report of the Board of Directors.

Internal control

Internal control is a part of Loihde’s risk management system. It is the duty of internal control to adequately ensure the accuracy of processes and control risks that can have a negative effect on the accuracy of financial reporting or business functionality and efficiency or that can be linked to compliance with external laws and internal operating principles and guidelines.

The internal control procedures include, for example, policies and guidelines, risk identification and control measures to reduce risks, as well as the ensuring of the functionality of the controls.

The person most responsible for the Group’s internal control is the CEO of Loihde Plc and on a business or company level the Chief Business Officer or Managing Director of the company. They take responsibility for that there are adequate internal control procedures to control risks and prevent adverse events. Operational management is responsible for risks and controls relating to them as well as for implementing corrective measures relating to controls.

The management with the above-mentioned responsibilities and the entire personnel constitute the so-called first line of defence of internal control. The second line of defence is the financial organisation of the Group and its subsidiaries. Internal control, auditors and supervisory authorities function independently as independent organisations constituting the third line of defence.

The Audit Committee supervises the internal control and the development and implementation of internal audit by authorisation of the Board of Directors. The CFO reports to the Audit Committee at least annually about the implementation of internal control and the results of internal audits.

Internal audit

Internal audit is a function that is intended to verify the fulfilment of the management and control environment and to recommend the development of the control environment on the basis of the conducted audits. Loihde does not have a separate function for internal audit. The Board of Directors assesses the need for internal audit annually and decides on the tasks needed for internal audit and the organising of these based on the assessment. The Board of Directors can use external help for implementing audits.

Transactions of related parties

In accordance with the IAS 24 standard, Loihde assesses and follows transactions made by its defined related parties. The company’s related parties consist of its subsidiaries and the Board of Directors, the CEO and the Group’s Leadership Team, as well as the family members of these and legal entities over which the mentioned persons exercise a controlling interest. Loihde maintains a list of parties that belong to the company’s related parties and regularly follows, handles and assesses transactions made with its related parties in accordance with principles and regulation approved by the Board of Directors.

The company’s financial management follows and supervises transactions of related parties as a part of the company’s normal reporting and supervisory praxis and reports transactions of related parties to the Audit Committee on a regular basis. The company’s Board of Directors decides on transactions of related parties that are not part of the company’s normal business or that are not carried out under ordinary terms of trade. Members of the company’s Board of Directors and Leadership Team and persons and parties that belong to their related parties are obligated to report potential transactions of related parties to the company. Transactions of related parties that have been made under different terms than the normal terms of trade are reported in the appendices of the financial statements.