Risk management
BackDescription of the key features of the internal auditing and risk management systems associated with the financial reporting process
The objective of the internal auditing and risk management systems associated with Elisa’s financial reporting process is to obtain reasonable assurance that the company’s financial statements and financial reporting are reliable, and that they have been prepared in compliance with the laws, regulations and generally accepted accounting principles, as well as with other regulations applicable to public listed companies. Internal auditing and risk management procedures are integrated into the company’s operations and processes. Elisa’s internal auditing can be described using the international COSO framework.
Control environment
Elisa’s control environment is based on the company’s values, goal-oriented management, and on the described and monitored processes, practices, policies and guidelines. Elisa’s financial administration is responsible for the internal auditing of financial reporting.
Annual business and strategy planning processes and target-setting, as well as rolling monthly financial forecasts, represent a key element in Elisa’s business and performance management. Financial results are assessed against the forecast, the annual plan, the previous year’s results, and the strategic plan.
Targets are set for the Elisa Group and for each unit, and individual targets are specified in semi-annual appraisal based on the scorecard and performance-based bonus system. Individual targets and objectives are set in appraisals and target-setting discussions, and results and operations are assessed particularly from the value perspective.
Risk assessment
Risk assessment is an integral part of Elisa’s planning process. The purpose of risk assessment is to identify and analyze risks that could affect the achievement of specified targets, and to identify measures to reduce risks.
The key risks associated with the accuracy of financial reporting have been identified in a process-specific risk analysis. Risk assessment also covers the risks related to misuse and the resulting financial losses, as well as the misappropriation of company assets.
Controls
Control measures consist of automatic and manual reconciliations, control and instructions integrated into the processes with the objective of ensuring the accuracy of financial reporting and the management of the risks involved. The reporting control mechanism processes have been documented. Key control mechanisms also include information system access rights management, authorizations, and the controlled and tested implementation of information system changes.
The financial development of business operations is constantly monitored on a unit basis. Financial management discusses any exceptional items and recognitions in its meetings and investigates the causes and reasons for any changes in the rolling monthly forecasts.
Financial information and communication
External communications
The objective of Elisa’s external communications is to provide timely, equal, transparent and accurate information to all interest groups at the same time. Communications must comply with all the laws, regulations, instructions and other rules applicable to listed companies. Information is communicated with stock exchange and press releases, and in the company’s website. Elisa’s financial information may only be disclosed by the CEO, CFO, Investor Relations Director, and the Group Treasurer. Elisa has a silent period for the two weeks preceding the disclosure of financial performance information.
Internal communications
Key instructions, policies and procedures are available to the personnel in the company’s intranet and in other shared media. Personnel are also informed of the key instructions and changes in various briefings, by e-mail and through everyday supervisory work. Training and guidance on how to comply with the rules and requirements is arranged as necessary. In addition, regular information and training is provided to the financial organization, particularly regarding any changes in accounting, reporting and disclosure requirements.
Control
The Board of Directors’ Committee for Auditing is tasked with supervising the proper organization of the company’s accounting and financial administration, internal and financial auditing and risk management. The Board of Directors reviews and approves interim reports and financial statements bulletins in its regular meetings prior to publication. Elisa’s Board of Directors and Executive Board monitor the Group’s and the business units’ results and performance on a monthly basis. Elisa’s financial administration continuously assesses its own controls for functionality and sufficiency. In addition, Elisa’s internal auditing function controls the reliability of financial reporting within the framework of its annual audit plan.
Risk management
Risk management is described in more detail under sections "Charter of the Board", "Committee for Auditing" and "Description of the key features of the internal auditing and risk management systems associated with the financial reporting process".
The company classifies risks into strategic, operational, insurable and financial risks.
The insurable risks are identified and insurance is taken out to deal with these risks. Elisa uses and external insurance broker to establish the probability of the risk and the value of the insurance.