Risk management

Investors > Corporate Governance > Internal control and risk management

Internal control and risk management

Internal control

Internal control related to financial reporting is part of Boreo Plc's internal control framework. The processes, guidelines and procedures of financial reporting are coordinated and developed at Group level. Boreo Plc compiles its financial reporting in accordance with International Financial Reporting Standards (IFRS), the Securities Markets Act, the Finnish Accounting Act and the guidelines and statements of the Accounting Board, while applying the standards of the Finnish Financial Supervisory Authority and the rules of Nasdaq Helsinki Ltd. The internal control and risk management principles, guidelines, practices and responsibilities related to the company's financial reporting process are designed to ensure that the company's financial reporting is reliable and that financial statements have been prepared in accordance with applicable laws, regulations and company policies. The internal audit evaluates the applicability and relevance of internal control. Because the company currently has no separate internal control organization, the responsibility for internal control has been distributed between various organization levels. The Management Team, line management and the company's support functions are, for their part, responsible for the efficiency of internal control. In addition, the company’s inspection plan for external audits considers that the company has no separate internal control function.

The Board of Directors bears ultimate responsibility for ensuring that internal control related to financial reporting is properly organized. The Board of Directors annually supervises and approves the financial statements, half-yearly report and interim reports. The Audit Committee assists the Board in monitoring the effectiveness of the principles of internal control and risk management. The Audit Committee also monitors the financial statement and financial reporting process to ensure that the financial statements and related information are appropriate and consistent. The Group’s CFO, business support functions and the financial departments of separate companies provide support for this task.

To prevent financial and other abuse, the Group has guidelines for reporting abuse in cooperation with an external service provider. The personnel is also trained to internalize ethical practices. 

Risk management

The aim of risk management is to identify, evaluate and monitor the risks related to the company's business operations. Implementation and utilization of Boreo’s risk management policy and principles prevent risks, support in achieving the desired overall risk level, and help ensure undisturbed operations.

Risk management policy add

Boreo Plc’s risk management policy defines the goals, principles, roles, responsibilities, and practices of risk management. The aim is that risk management is an integral part of strategy work, internal processes and business management.

The Board of Directors decides on the overall risk level of the Group and is responsible for arranging efficient risk management and internal control. The Audit Committee has supervision responsibility of risk management and reports to the Board of Directors at least once a year on the sufficiency of risk management. Boreo Plc’s Management Team is responsible for ensuring that risk management and internal control are planned, implemented, and monitored. The Management Team carries out an annual risk assessment that is reported to the Board of Directors. The CFO is responsible for risk management activities and practical implementation. The company reports key risks and uncertainties in the Board of Directors' report. The company also describes them and reports on the risk management measures they are subject to in its regular financial reporting.

To manage the risks of Boreo Group's financial reporting process, various control measures are set at all levels of the organization. These control measures include, e.g., approval procedures, reconciliations, guidelines and ongoing operational control. Ongoing monitoring activities include, e.g., monitoring of subsidiaries’ monthly financial reports relative to objectives and forecasts, preparing budgets and monitoring their implementation, reviewing new business plans and developing internal financial processes. The risk assessment process of Boreo Plc identifies and analyzes the risks of the financial reporting process and defines the risk management measures.

Key risks add

Boreo’s risks are divided into four categories: strategic risks, operational risks, financial risks, and governance and ethics (compliance). The company reports on key risks and uncertainty factors in the Report of the Board of Directors. The company also describes them in its regular financial reporting.