Internal control

Control environment

Control operations are embedded in the activities of Suominen’s organization. Controlling is executed in connection with the steering of business processes, supported by comprehensive reporting.

Suominen’s control environment is based on instructions, the business culture and the way of working adopted by the Company’s managers and employees. In cascading the principles in the organization, honesty, transparency and working in teams are integral elements of establishing high ethical standards throughout the Company.

The foundation of the internal control process is based on the Company’s Code of Conduct, values, policies and other directives and instructions. The responsibility structure of the Company is based on authority inherent in the positions and work descriptions, segregation of duties and the “four-eyes” and “one-over” decision-making principles. Effective internal control requires that duties are properly allocated to employees and potential conflicts of interests are identified and eliminated. A satisfactory control environment is ensured through internal analyses and evaluations of key processes. Nominated Process Owners are responsible for ensuring that efficient internal process controls are defined and implemented across the organization.

The ICT function ensures that the security checks of ICT systems throughout the Group are functioning and conducted at a sufficient level.

Control activities

Internal control activities are in place to, among other things, verify that the Company’s financial reports provide a true and fair view of the Company’s financial position. It is the duty of the Board of Directors and the President & CEO to organize the internal control activities. Each member of the Board of Directors receives a monthly report on the Company’s result and financial position.

In practice, control activities are conducted in the meetings of the Board of Directors and the management teams, where the results of the activities are reviewed. The Company’s Finance function and the Group’s controller network support and coordinate the financial management and control of the activities of the entire Group.

Internal control at Suominen has been decentralized across global functions, who monitor compliance with the operating guidelines approved by the Board concerning their areas of responsibility. In addition to the Group-level guidance, control measures are also taken at the business area and plant level. Control measures include both general and more detailed control procedures aimed at preventing, revealing and correcting errors and deviations.

In day-to-day business operations, several control activities are exercised to prevent potential errors and deviations in financial reporting. Moreover, control activities are in place to help reveal and correct the identified errors. Suominen categorizes its control activities into three categories. Documented instructions help the organization to standardize the monitoring of tasks. Continuous and regular reporting conveying feedback on the performance of global functions and each Group company ensures that instructions and defined processes are followed. In critical processes, specific authorizations are needed in the work flow, either for security or for verification needs.

The need for separate evaluations, as well as their scope and frequency, is defined by assessing risks and the effectiveness of ongoing monitoring procedures. Information security and related control activities play a key role when the features of ICT systems are being defined and applied.

Information and communication

The Company’s Financial Manual, policies approved by the Board and other directives and instructions relating to financial reporting are updated and communicated on a regular basis by the management to all affected employees and are also available in the Company’s intranet. In addition, a standard reporting package is used by the business areas and the subsidiaries. Group management and business area management conduct monthly reviews that include an analysis of performance metrics and indicators assisting management to better understand the underlying business performance.

Follow-up

Ongoing responsibility for follow-up rests with the business area management and controller functions.

Regular inspections by quality auditors or customer audit personnel cover also the internal controls of supply chain processes.

The Company’s Finance function monitors the operations and processes of the subsidiaries and the accuracy of external and internal financial reporting.