Internal control, risk management and internal audit
Fingrid's internal control is a permanent component of the company's operations and deals with all those operating methods and procedures whose objective it is to ensure
- effective and profitable operations that are in line with the company's strategy,
- the reliability and integrity of the company's financial and management information,
- that assets are protected,
- that applicable legislation, guidelines, regulations, agreements and the company's own governance and operating guidelines are complied with, and
- a high level of risk management.
Risk management is planned as a whole with the objective of comprehensively identifying, assessing, monitoring and safeguarding the company's operations, the environment, personnel and assets from various threats and risks. Due to the nature of the company's basic mission, risks are also assessed from the perspective of society in general.
Continuity management is a part of risk management. Its objective is to improve the organisation's capacity to prepare and to react in the best possible way should risks occur, and to ensure the continuity of operations in such situations.
Arrangement of internal control and risk management and distribution of responsibility
The company's Board is responsible for organising internal control and risk management, and it approves the principles of internal control and risk management on an annual basis. The board decides on the company's strategic risks and related management procedures as part of the company's strategy and action plan, and monitors their occurrence. The Board decides on the operating model for the company's internal audit. The board regularly receives internal audit and financial audit reports, as well as a status update at least once a year on the
strategic risks and continuity threats relating to the company's operations and their management and realisation.
Assisted by the executive management group, the President & CEO is responsible for executing and steering the company's governance, decision-making procedures, control and risk management, and for the assessment of strategic risks and continuity threats at the company level, and their related risk management.
The heads of functions are responsible for the practical implementation of the governance, decision-making procedures, controls and risk-management for their areas of responsibility, as well as for the reporting of deviations and the sufficiency of more detailed guidelines. Directors appointed in charge of the threats to continuity management are responsible for drawing up and maintaining continuity management plans and guidelines, and for arranging sufficient training and practice.
The CFO is responsible for arranging procedures, controls and monitoring at the company level as required by the harmonised operating methods of internal control and risk management. The company's general counsel is responsible for assuring the legality and regulation compliance of essential contracts and internal guidelines, as well as for the procedures these require. Each Fingrid employee is obligated to identify and report any risks or control deficiencies she or he observes and to carry out the agreed risk management procedures.
Fingrid's Board of Directors is primarily responsible for the specification of the principles for internal control and risk management related to financial reporting, and the Board of Directors makes sure that these principles are followed in the company. The Board of Directors reviews and accepts the interim reports, annual review and financial statement. The audit committee assists the Board of Directors in this by monitoring the efficiency of internal control, internal audit and risk management systems of the company.
The finance department of the Group is responsible for developing the financial reporting process through means such as monitoring the development needs of controls related to financial reporting, by supervising the sufficiency and efficiency of these controls, and by making sure that external reporting is correct and up to date and that the regulations pertaining to reporting are followed.
The company's financial auditor and internal auditor carry out inspections relating to financial reporting in accordance with the plan approved by the board.
Further information on internal control, risk management and the foremost risks
and factors of uncertainty is available on the company's annual review and Financial Statements.