During 2009, the Group formalised the existing processes for risk management and internal control of financial reporting based on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework.
The Supervisory Board and the Executive Board have overall responsibility for the Group’s control environment. The Audit Committee appointed by the Supervisory Board is responsible for monitoring the internal control system related to the financial reporting process on an ongoing basis.
The Supervisory Board approves a number of policies and procedures in key areas related to financial reporting, including the Code of Conduct, Finance and Legal Policy, Risk Management Policy, Treasury Policy and Business Ethics Policy. These policies and procedures apply to all subsidiaries and similar requirements are set out in collaboration with the partners of the joint ventures.
The risk assessment process related to financial reporting is approved by the Audit Committee on an annual basis. The financial reporting risks related to significant accounts in the consolidated financial statements are identified based on a top-down, riskbased approach. Based on the risk assessment, the Group has established minimum requirements for the conduct and documentation of IT and manual control activities to mitigate identified significant financial reporting risks. As part of this process, the accounting information reported by all of the companies in the Group is reviewed both by controllers with regional links and in-depth knowledge of the individual companies, and by accounting experts. The most important companies in the Group also have their own controllers with extensive commercial and/or accounting knowledge and insight.
The Group has established information and communication systems to ensure that accounting and internal control compliance are established, including finance manual, internal control requirements, and controller manual.
The Audit Committee charter outlines its roles and responsibilities related to supervision and monitoring of the risk management and internal control system related to financial reporting. The monitoring is performed on the basis of periodical reporting from the finance organisation, internal and external audit.