Risk management and control
BackThe objective of the internal auditing and risk management systems associated with Elisa’s financial reporting process is to obtain reasonable assurance that the company’s financial statements and financial reporting are reliable, and that they have been prepared in compliance with the laws, regulations and generally accepted accounting principles, as well as with other regulations applicable to public listed companies. Internal auditing and risk management procedures are integrated into the company’s operations and processes. Elisa’s internal auditing can be described using the international COSO framework.
Control environment
Elisa’s control environment is based on the company’s values, goal-oriented management, and on the described and monitored processes, practices, policies and guidelines. Elisa’s financial administration is responsible for the internal auditing of financial reporting.
Annual business and strategy planning processes and target-setting, as well as rolling monthly financial forecasts, represent a key element in Elisa’s business and performance management. Financial results are assessed against the forecast, the annual plan, the previous year’s results, and the strategic plan.
Targets are set for the Elisa Group and for each unit, and individual targets are specified in semi-annual appraisal based on the scorecard and performance-based bonus system. Individual targets and objectives are set in appraisals and target-setting discussions, and results and operations are assessed particularly from the value perspective.
Risk assessment
Risk assessment is an integral part of Elisa’s planning process. The purpose of risk assessment is to identify and analyze risks that could affect the achievement of specified targets, and to identify measures to reduce risks.
The key risks associated with the accuracy of financial reporting have been identified in a process-specific risk analysis. Risk assessment also covers the risks related to misuse and the resulting financial losses, as well as the misappropriation of the company's other assets.
Controls
Control measures consist of automatic and manual reconciliations, control and instructions integrated into the processes with the objective of ensuring the accuracy of financial reporting and the management of the risks involved. The reporting control mechanism processes have been documented. Key control mechanisms also include information system access rights management, authorizations, and the controlled and tested implementation of information system changes.
The financial development of business operations is constantly monitored on a unit basis. Financial management discusses any exceptional items and recognitions in its meetings and investigates the causes and reasons for any changes in the rolling monthly forecasts.
Control
The Board of Directors’ Committee for Auditing is tasked with supervising the proper organization of the company’s accounting and financial administration, internal and financial auditing and risk management. The Board of Directors reviews and approves interim reports and financial statements bulletins in its regular meetings prior to publication. Elisa’s Board of Directors and Executive Board monitor the Group’s and the business units’ results and performance on a monthly basis. Elisa’s financial administration continuously assesses its own controls for functionality and sufficiency. In addition, Elisa’s internal auditing function controls the reliability of financial reporting within the framework of its annual audit plan.
Risk management
Risk management is part of Elisa’s internal control system. It aims to ensure that risks affecting the company’s business are identified, influenced and monitored. The company classifies risks into strategic, operational, accidental and financial risks.
Strategic and operational risks:
The telecommunications industry is under intense competition in Elisa’s main market areas, which may have an impact on Elisa’s business. The telecommunications industry is subject to heavy regulation. Elisa and its businesses are monitored and regulated by several public authorities. This regulation also affects the price level of some products and services offered by Elisa.
The rapid developments in telecommunications technology may have a significant impact on Elisa’s business.
Elisa’s main market is Finland, where the number of mobile phones per inhabitant is among the highest in the world, and growth in subscriptions is thus limited. Furthermore, the volume of phone traffic in Elisa’s fixed network has decreased in the past few years. These factors may limit the opportunities for growth.
Accident risks:
The company’s core operations are covered by insurance against damage and interruptions caused by accidents. Accident risks also include litigations and claims.
Financial risks:
In order to manage interest rate risk, the Group’s loans and investments are diversified in fixed- and variable-rate instruments. Interest rate swaps can be used to manage interest rate risk.
As most of Elisa's operations and cash flow are denominated in Euros, the exchange rate risk is minor.
The objective of liquidity risk management is to ensure the Group’s financing in all circumstances. Elisa has cash reserves, committed credit facilities and a sustainable cash flow to cover its foreseeable financing needs.
Liquid assets are invested within confirmed limits to investment targets with a good credit rating. Credit risk concentrations in accounts receivable are minor as the customer base is wide.
A detailed description of the financial risk management can be found in note 34 of the Annual Report 2010.
The insurable risks are identified and insurance is taken out to deal with these risks. Elisa uses and external insurance broker to establish the probability of the risk and the value of the insurance.
Internal auditing
The purpose of internal auditing is to assist the organization in achieving its goals by evaluating and investigating its functions and by monitoring compliance with corporate regulations. For this purpose, internal auditing produces analyses, assessments, recommendations and information for use by the company’s senior management. Reports on completed audits are submitted to the CEO and the management of the unit audited, and to the Committee for Auditing, when necessary. International internal auditing standards (IIA) form the foundation for internal auditing.
Internal auditing is independent of the rest of the organization. The starting point for internal auditing is business management and the work is coordinated with financial auditing. An annual auditing plan and auditing report are presented to the Board of Directors’ Committee for Auditing. Internal auditing may also carry out separately agreed audits on specific issues at the request of the Board of Directors and Elisa’s Executive Board.