Risk Management and Control
The Board of Directors of Loihde Plc has confirmed the principles of risk management, internal control and internal audit that the Group shall comply with.
Risk Management
The aim of Loihde’s risk management is to support the implementation of the strategy and the achievement of the targets as well as to promote business continuity by reducing business vulnerability and protecting functions that are critical to business operations.
Risk management is an integral part of Loihde’s daily business management. The Board of Directors of each Group company ensures that risk management is taken into account in the company’s business operations, on both a strategic and an operational level. The organising of risk management in practice is lead by Loihde Plc’s EVP, Business Development on a strategic and Group level and by the person in charge of the company’s risk management on an operational level. Actual risk management is performed by every employee and supervisor in the company in their day-to-day work.
Risks are identified and assessed with the help of strategic risk mapping in connection with strategy, with the help of project risk assessment in connection with projects, and in connection with annual structural risk mapping. When identifying risks, a comprehensive view of the internal and external environment of the Group, the business area, the unit and possible events that could affect the reaching of the targets is formed.
In our annual risk assessment, risks are assessed based on the probability of fulfilment and the impact they would have.
From the point of view of reaching the targets, risks seen as particularly significant are defined as key risks and these are examined and approved annually by Loihde’s Board of Directors, and the resources and actions of risk management are primarily aimed at these. For key risks, a risk owner is appointed. The key risk owner plans and organises adequate actions for controlling the risk and is responsible for their implementation and reporting.
Most Significant Risks
The most significant risks and uncertainties that affect the operations of the Group are described in the Loihde’s Financial Statements and the Report of the Board of Directors
Internal control
Internal control is part of Loihde’s risk management system. The mission of internal control is to adequately ensure the accuracy of processes and control risks that can have a negative effect on the accuracy of financial reporting or business functionality and efficiency or that can be linked to compliance with external laws and internal ways of working and guidelines.
Internal control procedures include, e.g. policies and guidelines, risk identification and control measures to reduce risks, as well as ensuring the functionality of the controls.
The person ultimately responsible for the Group’s internal control is the CEO of Loihde Plc, and on a business or company level the EVP or Managing Director of the company. They take responsibility for that there are adequate internal control procedures to control risks and prevent adverse events. Operational management is responsible for risks and controls relating to risks as well as for implementing corrective measures relating to controls.
Management with the above-mentioned responsibilities and the entire personnel constitute the so-called first line of defence of internal control. The second line of defence is the financial organisation of the Group and its subsidiaries. Internal control, auditors and supervisory authorities function independently as independent organisations constituting the third line of defence.
The Audit Committee supervises the internal control and the development and implementation of internal audit by authorisation of the Board of Directors. The CFO reports to the Audit Committee at least annually about the implementation of internal control and the results of internal audits.
Internal Audit
Internal audit is a function that is intended to verify the fulfilment of the management and control environment and to recommend the development of the control environment on the basis of the conducted audits. Loihde does not have a separate function for internal audit. The Board of Directors assesses the need for internal audit annually and decides on the tasks needed for internal audit and the organising of these based on the assessment. The Board of Directors can use external help for implementing audits.
Transactions of related parties
In accordance with IAS 24, Loihde assesses and follows transactions made by its defined related parties. The company’s related parties consist of its subsidiaries, the Board of Directors, the CEO and the Group’s Leadership Team, as well as the family members of these and legal entities over which the aforementioned persons exercise a controlling interest. Loihde maintains a list of parties that belong to the company’s related parties and regularly follows, processes and assesses transactions made with its related parties in accordance with principles and regulations approved by the Board of Directors.
The company’s financial management follows and supervises transactions of related parties as a part of the company’s normal reporting and supervisory praxis and reports transactions of related parties to the Audit Committee on a regular basis. The company’s Board of Directors decides on transactions of related parties that are not part of the company’s normal business or that are not performed under ordinary terms of trade. Members of the company’s Board of Directors and Leadership Team and persons and parties that belong to their related parties are obligated to report potential transactions of related parties to the company. Transactions of related parties that have been performed under different terms than the normal terms of trade are reported in the appendices of the Financial Statements.