Internal Control

The Board of Directors is responsible for ensuring that the Group’s internal control and risk management are sufficient relative to the scope of the Group’s business and that their supervision is appropriate.

The Board of Directors supervises that the CEO manages the company’s operative business and administration in accordance with the instructions and orders issued by the Board of Directors. The Board of Directors assesses the Group’s financial reports, division-specific reviews and material changes in business operations to ensure that risk management is sufficient. In addition, the Board’s Audit Committee evaluates the sufficiency and effectiveness of internal control and risk management.

The Board of Directors’ Audit Committee is tasked with monitoring the effectiveness of Vapo’s internal control, internal auditing and the company’s risk management systems. Vapo has defined operating principles for internal control and the key controls of processes. The CEO and CFO are responsible for the practical organisation of internal control.

Internal control applies to the entire organisation and its management. Effective internal control supports the achievement of strategic objectives and improves the steering of business operations. The aim of internal control is to give the Board of Directors and acting management adequate assurance of the realisation of the following objectives:

  • the effectiveness and appropriateness of operations;
  • the achievement of targets and profitability;
  • the reliability and completeness of financial reporting and other reporting;
  • the safeguarding of assets;
  • compliance with operating principles, plans, guidelines, laws and regulations to prevent errors and misconduct, for example.

Internal control constitutes an essential part of the Group’s operations on all levels of the organisation, and is conducted on all organisational levels and in all operations. The methods of internal control include internal guidelines, reporting, various ICT systems and standard practices pertaining to the Group’s business functions. These help to ensure that the management’s instructions are followed and that any risks to the achievement of the Group’s objectives are responded to in the appropriate manner. Regular control activities include management audits and audits concerning the measurement of operations, the performance of measurements suitable for each sector, physical control, monitoring compliance with agreed approval limits and operational principles and any deviations therefrom, a system of approvals and authorisations, as well as various assurance and integration arrangements.

Operations are managed and monitored on a monthly basis, primarily by business area. Reviewing the current financial period and rolling monthly forecasts is an essential component of the control and monitoring process.

Control activities are led at the Group level by the Group Management Team and at the business level by the management of divisions, profit centres and business functions. The implementation of control is the responsibility of business controllers assigned to business areas and profit centres operating under the CFO who, together with the managing directors and operational management, see to business transactions being entered in the systems in a timely manner and reported appropriately and efficiently, complying with the separately issued Group guidelines on the content of internal control and reporting.