Internal control

The main objective of internal controls at Suominen is to ensure reliable financial reporting and compliance with applicable laws, regulations, and internal policies and principles. Moreover, internal controls aim to ensure the efficiency of the company’s processes and that its assets are appropriately safeguarded.

Control environment

Internal controls are embedded in the activities of Suominen’s organization. Controlling is executed in connection with the steering of business processes, supported by comprehensive reporting.

The foundation of the internal control processes is based on the company’s Code of Conduct, corporate culture and values, policies, guidelines and instructions, and the ways of working adopted by the company’s management and employees. The responsibility structure of the company is based on authority inherent in the positions and work descriptions, segregation of duties and the “four-eyes” and “one-over” decision-making principles. Effective internal control requires that duties are properly allocated to employees and potential conflicts of interests are identified and eliminated. In cascading the principles within the organization, honesty, transparency and working in teams are integral elements of establishing high ethical standards throughout the company. A satisfactory control environment is ensured through internal analyses and evaluations of key processes.

Nominated process owners are responsible for ensuring that efficient internal process controls are defined and implemented across the organization.

The ICT function ensures that the security checks of ICT systems throughout the Suominen Group are functioning and conducted at a sufficient level.

Control activities

Internal control activities are in place, among other things, to verify that the company’s financial reports provide a true and fair view of the company’s financial position. It is the duty of the Board of Directors and the CEO to organize the internal control activities. 

In practice, control activities are conducted in the meetings of the Board and management teams, where results of the company’s operations and activities are reviewed. The company’s Finance function and the Group’s controller network support and coordinate the financial management and control of the activities of the entire Suominen Group.

Internal control at Suominen has been decentralized across global functions that monitor compliance with the operating guidelines concerning their areas of responsibility approved by the Board. In addition to the Group-level guidance, control measures are also taken at the business area and plant level. Control measures include both general and more detailed control procedures aimed at preventing, revealing and correcting errors and deviations.

In day-to-day business operations, several control activities are exercised in order to prevent potential errors and deviations in financial reporting and to help reveal and correct any identified deviations or errors. Suominen categorizes its control activities into three categories. Documented instructions help the organization standardize the monitoring of tasks. Continuous and regular reporting providing feedback on the performance of the global functions and each Group company ensures that instructions and defined processes are followed. In critical processes, specific authorizations are implemented in the workflow for security and verification purposes. 

The need for separate evaluations, as well as their scope and frequency, is determined by assessing the risks and effectiveness of ongoing control and monitoring processes. Information security and relating control activities play a key role when features of ICT systems are being defined and applied.

Information and communication

The company’s Financial Manual, policies approved by the Board of Directors and other guidelines and instructions relating to financial reporting are updated and communicated on a regular basis by the management to all relevant employees, and these are also available on the company’s intranet. In addition, a standard reporting package is used by the business areas and Group companies. 

Group management and business area management conduct monthly reviews that include an analysis of the defined performance metrics and indicators, which enable the management to better understand the underlying performance of the company. The Board members receive a monthly report on the company’s result and financial position.

Monitoring

The Audit Committee is responsible for monitoring the efficiency of the company’s internal controls. Global function and business area management and controller functions are responsible for the ongoing monitoring of control activities. The company’s Finance function monitors the operations and processes of the Group companies and the accuracy of external and internal financial reporting.

Regular inspections by quality auditors and customer audit personnel also cover the internal controls of key business processes.

Updated on March 14, 2024