Internal control

Internal control is a process applied by the Board of Directors, management and all Group personnel to ensure that management has reasonable assurance that

  1. operations are effective, efficient and aligned with strategy;
  2. financial reporting and management information is reliable, complete and timely made; and
  3. the Company is in compliance with applicable laws and regulations as well as the Company’s internal policies and ethical values.

Lehto Group’s internal control framework consists of:

  • the internal control, risk management and corporate governance policies and principles set by the Company’s Board of Directors;
  • management overseeing the implementation and application of the policies and principles;
  • the Finance department monitoring the efficiency and effectiveness of the operations and reliability of the financial and management reporting;
  • the Company’s risk management process identifying, assessing and mitigating risks threatening the realisation of the Company’s objectives;
  • compliance procedures making sure that all applicable laws, regulations, internal policies and ethical values are adhered to;
  • effective control environment at all organisational levels including control activities tailored for defined processes and creating minimum requirements for the Group’s business segments and geographical areas;
  • shared ethical values and strong internal control culture among all employees, and
  • internal audit assignments reviewing the effectiveness of the internal controls as needed.

Internal controls over financial reporting

The purpose of internal controls over financial reporting is to ensure the accuracy, reliability, timeliness and appropriateness of financial information. The financial administration organisation implements operative supervision under the CFO who reports any supervisory findings to the Audit Committee. The correctness of financial reporting is ensured through internal instructions, job and process descriptions, authorisation matrices, segregation of obligations and duties related to general ledger accounting, and financial reporting review meetings. Service area-specific performance data is reviewed in the regular meetings of the service areas’ steering groups.

The competences of financial administration personnel are maintained through regular training. Auditors assess the correctness of reporting in connection with, for example, the compilation of Half year financial reports and through their other auditing work performed during the financial year.

Risk management and internal control roles and responsibilities

The Board of Directors is ultimately responsible for the administration of the Company and for the proper organisation of its operations. The Board of Directors approves the policies and guidelines concerning internal control, risk management and corporate governance. The Board establishes the risk-taking level and risk bearing capacity of the Company and re-evaluates them on a regular basis as part of the strategy and goal setting of the Company.

The Audit Committee of the Board is responsible for the following internal control related duties:

  • monitor the reporting process of financial statements;
  • supervise the financial reporting process;
  • monitor the efficiency of the Company’s internal control, internal audit, if applicable, and risk management systems;
  • review the description of the main features of the internal control and risk management systems in relation to the financial reporting process, which is included in the Company’s Corporate Governance Statement; and
  • monitor the statutory audit of the financial statements and consolidated financial statements.

The CEO is in charge of the day-to-day management of the Company in accordance with the instructions and orders issued by the Board of Directors. The CEO reports to the Board on risk management as part of the monthly reporting. The CEO as well as the CFO, COO, HR Director and the subsidiaries’ Managing Directors, who are subordinate to the CEO of the Lehto Group, are in charge of risk management in their own areas of responsibility.

The Chief Financial Officer ensures and controls that the Group’s accounting and financial reporting practices comply with the law and that both internal and external financial reporting is reliable.

The HR Director ensures and controls that the Group’s payroll administration and the administrative procedures related to employment relationships comply with the law and are duly implemented.

The Managing Directors of the Lehto Group’s subsidiaries are responsible for the implementation of internal control in their respective companies.