KEY ELEMENTS OF INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS RELATED TO FINANCIAL REPORTING PROCESSES
In accordance with the Limited Liability Companies Act, the Board of Directors ensures that accounting and asset management are properly controlled. The President and CEO ensures that company accounting is in compliance with the legislation and asset management is handled reliably. Group management ensures that applicable legislation and decisions made by the Board are observed in everyday Group operations and that the Group’s risk management is handled in a suitable manner.
Internal control and internal auditing
Internal control is an integral part of the Group's corporate governance system. The Destia Board of Directors and its Audit Committee supervise and control the efficiency of the internal control process, internal auditing and risk management at the highest level. The practical implementation and daily management of internal control are the responsibility of the Group’s operative management. Internal control is part of the daily operations and is based on Destia’s values, processes, practices, specifications and guidelines as well as its financial reporting system. Internal control is an integral part of Destia’s business processes as well as the steering and supervision of business operations. The objective of internal control is to ensure the reliability of Group financial reporting, the efficiency and perfor-mance of operations, and compliance with applicable legislation and other regulations. It is also to ensure that Destia's asset management is handled in a reliable manner.
Destia has specified an internal control frame of reference, which is based on the internationally ap-proved COSO internal control model.
Destia has a set of ethical guidelines, which were approved by its Board of Directors at the beginning of 2010. The Group’s set of internal decision-making and approval guidelines is clearly defined, and is part of Destia Group’s Charter. The operating models and processes described in the Destia operat-ing system contain guidelines related to business operations. The organizational structure of Destia is supporting internal control. Destia’s centralized functions are implementing controls within their responsibility areas. Destia’s personnel have role based descriptions describing responsibilities in more details. Internal control point of view has also been taken into account when differentiating roles and defining their responsibilities.
Control measures are specified for business processes, which are controlled by the process stakeholders and operative management. In addition to this, proactive automatic control measures are also included in Group systems.
The Group’s finance department is primarily responsible for the financial reporting control process.. Control is enhanced by business-specific control responsibilities. Alongside laws and other regula-tions, generally accepted accounting principles and other company related directives are observed in financial reporting. The objective is to ensure that the Group's financial reporting is done in a reliable manner and that the Company's published financial reports provide essential, accurate information on the financial situation of the Group. For the purpose of financial reporting, Destia has an operative reporting system, according to which comprehensive data on the Group’s financial status and its development is generated on a monthly basis for use by management. Information is delivered on a regular basis to Destia’s Board of Directors and its Audit Committee, as well as to the operative management of the operational business units.
The Group's financial management and operational controls are supported and co-ordinated by the Group's financial administration and Controller function. Guidelines for financial reporting are com-plied with in the Group financial reporting process. Destia financial reporting process is comprised of internal and external accounting. Internal accounting focuses on the monitoring, forecasting and analysis of Group result development, while external accounting and reporting is based on Destia's application of EU-approved IFRS accounting standards. The Annual Report and Group parent company financial statements are prepared in accordance with the Finnish Accounting Act as well as Accounting Standards Board guidelines and statements.
There is an independent internal audit at Destia, reporting to the President and CEO and Audit Committee. The Board of Directors has approved the internal audit charter. Destia’s internal audit function assists the management in implementing and developing the internal control process, in addition to supporting the organisation in achieving its objectives. The internal audit function adheres to international professional standards and operates in co-operation with auditors.
Risk management is an essential part of the Group's corporate governance. The objective of Destia’s risk management is to prevent factors which, if realised, would endanger the achievement of business goals, as well as to strengthen elements that have a supportive impact on business operations. As the highest-level party responsible for risk management, Destia’s Board of Directors has approved the risk management policy. Assisted by Destia’s Management Team, the President and CEO is respon-sible for the Group’s risk management as a whole and monitors the same.
Risk management is included as part of Destia’s strategy process. The major risks related to strategy implementation are identified and evaluated as part of the strategy work. Responsibilities and measures are assigned to major risks in order to control them. The risk chart, which includes risk management actions and responsibilities, is handled by the Company’s Board of Directors once a year. Destia’s risk chart is re-evaluated based on identified changes and reported to the Audit Committee once every six months. Changes in the risk chart are reported to the Board of Directors.
Operational business unit directors identify the risks encountered in their respective business operations as well as plan and mitigate them. The operational business units report their most significant risks to the President and CEO as part of the monthly reporting.
Project managers are responsible for the risk management of their projects’ tendering and implementation phase in accordance with project management procedures. Project-based risk management covers all key phases of the project. In each phase, risks are identified, their significance is assessed, and measures, responsibilities and schedules are agreed upon. The impact of risks on the achievement of financial objectives is addressed on a monthly basis in connection with project reporting. Management of Destia’s financing risks is outlined in a Finance Policy separately approved by the Board of Directors. A summary of measures taken to protect the Company against financing risks is prepared on a quarterly basis. In accordance with the finance policies, management of the Group’s financing risks comprehends protective measures against risks involving liquidity, currency, interest, counterparties, credit and commodities. Destia classifies risks as market and operating environment risks, operational risks and damage risks as well as economical and financial risks.