Risk management
The objective of Etteplan Oyj’s internal control and risk management is to ensure that the Company’s operations are efficient and profitable, its information is reliable, and it complies with appropriate regulations and operating principles. The objectives also include identification, assessment, and monitoring of risks related to business operations.
Etteplan’s internal control process in controlled by the Finnish Companies Act, the Securities Markets Act, and other laws and regulations applicable to the operations of the Company, the rules and recommendations of Nasdaq Helsinki Ltd. as well as the Corporate Governance Code for Finnish listed companies. External control is implemented by the Company’s auditors and the authorities.
Internal control in Etteplan covers financial reporting and other monitoring. The function of internal control is to ensure that the Company achieves the goals and objectives set for it as well as uses its resources economically and appropriately. Internal control also aims to ensure, among other things, correct and reliable financial and other information, compliance with external regulations and internal guidelines and policies as well as sufficient security of operations and information. Furthermore, internal control aims to ensure the organization of adequate and appropriate IT and manual systems to support the operations of the Company.
In Etteplan, internal control is executed by the Board of Directors, management and the Company’s entire personnel. Internal control is divided into 1) proactive control, 2) day-to-day control, and 3) subsequent control. Proactive control consists of specification of corporate values and general operational principles. Day-to-day control includes operational steering and monitoring and thereto related operational systems and work instructions. Subsequent control comprises management evaluations and inspections, comparisons, and verifications with the aim of ensuring that the goals are met and the agreed operational principles are followed.
Risk management is an integral part of Etteplan’s business management and internal control framework. The function of risk management is to anticipate future risks, to ensure that targets are reached and to secure operations in changing conditions. The objective is to ensure that the Company’s operations are efficient and profitable, that the information produced is reliable, and that the Company complies with the appropriate regulations and operating principles.
The key measures of Etteplan’s risk management are comprehensive risk identification, focusing on the biggest risks and ways to manage them, securing the continuity of business operations, limiting adverse business impacts, and utilizing opportunities. Etteplan’s risk management consists of coordinated measures aiming to identify, evaluate, manage and control all major risk areas of the Group in a systematic and proactive manner.
Etteplan’s risk management process is led by the Group President and CEO together with the Management Group member responsible for risk management. The Management Group monitors the significant risks of the business units and supervises the development of the Group’s risk management system and practices.
The business managers have the primary responsibility for risk management. Managers are responsible for risk management in their business areas in compliance with the Group’s risk management guidelines.
Managers report on the major risks of their business area to the Management Group as part of the monthly business reporting. The Group’s financial administration monitors and assesses operational and financial risks and takes measures to hedge against them in cooperation with the Board of Directors, the Management Group, and operative management.
The Board of Directors supervises risk management and approves the risk management guidelines of the Group. Risk management actions and the most relevant Group level risks are reported to the Board of Directors and its Audit Committee.
Reviews concerning financing risks are presented in the notes to the consolidated financial statements as a part of the Financial Report 2024.
Etteplan Group does not have separate internal audit function. The Board can engage external advisors to perform evaluations relating to control environment or other activities.
Description of the main features of the internal control and risk management systems pertaining to the financial reporting process
Etteplan prepares consolidated financial statements and interim and half year financial reports in accordance with the International Financial Reporting Standards, as adopted by EU, the Securities Markets Acts as well as the appropriate Financial Supervision Authority Standards and Nasdaq Helsinki Ltd’s rules. The Report of the Board of Directors of Etteplan and parent company financial statements are prepared in accordance with Finnish Accounting Act and the opinions and guidelines of the Finnish Accounting Board.
Etteplan Group observes Group level accounting principles and instructions, which are applied in all Group companies and according to which the Group's financial reporting is prepared. Together with reporting calendar and schedules, accounting principles, and instructions form the framework for timely and correct Group reporting. Etteplan’s business operations are in all material respects located in Finland, Sweden, China, the Netherlands, Poland, Germany, Denmark, and the USA. All countries have local accounting and financial reporting organizations reporting to the Group using centralized ERP. Internal control and risk management systems and practices as described in the following section are designed to ensure that the financial reports as disclosed by the Company give essentially correct information about the Company finances.
Etteplan has a common Group consolidation system to which subsidiaries report their accounting data from centralized ERP. The correctness of the data is controlled by the Group’s financial administration as well as the financial organizations in the operating countries and service areas. The Group’s centralized financial administration prepares consolidated and published financial reports.
Internal control over financial reporting
Proper arrangement and monitoring of internal control is the responsibility of the local management in accordance with the Group framework. Etteplan Board of Directors has approved operating principles of internal control, which have been prepared in accordance with recommendation 24 of the Finnish Corporate Governance Code. Operating principles include the main features of risk management process, summary of risks, control objectives, and common control points for financial reporting as well as roles and responsibilities in executing and monitoring internal control in Etteplan.
Internal controls over financial reporting process at the country and Group level are reviewed and updated annually. Etteplan’s finance organization has analyzed process risks and defined control objectives for external financial reporting process. Existing control points in the process have been documented. These control points include, for example, reconciliations, authorizations, analysis, and segregation of key accounting duties. The work has been led by the Group CFO.
According to its annual clock, the Management Group has monthly meetings where also financial performance and financial reporting are analyzed. Prior to these meetings, financial reports have been analyzed on business group level to detect any irregularities or errors. Group level financial reports are prepared for Etteplan Audit Committee and the Board of Directors on a monthly basis. Audit Committee reviews and the Board of Directors reviews and approves interim and half year financial reports, annual results report, and financial statements.
Etteplan does not have separate internal audit function. The Audit Committee and/or the Board of Directors can engage external advisors to perform evaluations relating to control environment or other activities.