Investors > Corporate Governance > Internal control and risk management
Boreo's internal control ensures that the company operates efficiently, financial and other data are reliable, and the company complies by appropriate laws, regulations and operating principles. With the help of the Audit Committee, the company’s Board of Directors is responsible for monitoring and assessing the effectiveness of internal control. The Audit Committee defines, and the Board of Directors approves, the operating principles of internal control. The goals, principles, organization, responsibilities, and practices of internal control are defined in the policy for internal control laid down by the Board of Directors.
The internal audit evaluates the applicability and relevance of internal control. Because the company has no separate internal control organization, the responsibility for internal control at operational level has been distributed between various organization levels. The group executive management team, line management and the company's support functions are, for their part, responsible for the efficiency of internal control. In addition, the company’s inspection plan for external audits takes into consideration that the company has no separate internal control function.
The aim of risk management is to identify, evaluate and monitor the risks related to the company's business operations. Implementation and utilization of Boreo’s risk management policy and principles prevent risks, support in achieving the desired overall risk level, and help ensure undisturbed operations.
Boreo’s risk management policy defines the goals, principles, roles, responsibilities, and practices of risk management. The company’s risk management policy is developed so that it is uniform with international risk management frameworks and standards like the ISO 31000 standard (Risk management — Guidelines). The aim is that risk management is an integral part of strategy work, internal processes and business management.
The aim of risk management is to ensure that the company can achieve its strategic objectives. Systematic identification, analyzing, evaluation, monitoring and reporting of risks are part of the group's and its units’ business.
The Board of Directors decides on the overall risk level of the group and is responsible for arranging efficient risk management and internal control. The Audit Committee has supervision responsibility of risk management and reports to the Board of Directors at least once a year on the sufficiency of risk management. Boreo’s executive management team is responsible for ensuring that risk management and internal control are planned, implemented, and monitored. The executive management team carries out a semi-annual risk assessment that is reported to the Board of Directors. The CFO is responsible for risk management activities and practical implementation.
The standards, processes and structures used by the group that are constantly developed create a base for systematic implementation of risk management in the organization.
Boreo’s risks are divided into four categories: strategic risks, operational risks, financial risks, and governance and ethics (compliance). The company reports on key risks and uncertainty factors in the Report of the Board of Directors. The company also describes them in its regular financial reporting.