1.11 Internal control and risk management
Fingrid’s internal control is a permanent component of the company’s operations and addresses all those operating methods and procedures whose objective it is to ensure
effective and profitable operations that are in line with the company’s strategy,
the reliability and integrity of the company’s financial and management information,
that the company’s assets are protected,
that applicable legislation, guidelines, regulations, agreements and the company’s own
governance and operating guidelines are complied with, and
a high standard of risk management.
Risk management is planned as a whole, with the objective of comprehensively identifying, assessing, monitoring and safeguarding the company’s operations, the environment, personnel and assets from various threats and risks.
Continuity management is a part of risk management. Its objective is to improve the organisation’s capacity to prepare and to react in the best possible way should risks occur, and to ensure the continuity of operations in such situations.
Further information on internal control, risk management and the foremost risks and factors of uncertainty is available on the company's website.
Board of Directors
The company’s Board of Directors is responsible for organising internal control and risk management, and it approves the principles of internal control and risk management every two years or more often, if required. The Board defines the company’s strategic risks and related management procedures as part of the company’s strategy and action plan, and monitors their implementation. The Board decides on the operating model for the company’s internal audit. The Board regularly receives internal audit and financial audit reports as well as a status update at least once a year on the strategic risks and continuity threats relating to the company’s operations and their management and realisation.
Line management and other organisation
Assisted by the Executive Management Group, the President & CEO is responsible for executing and steering the company’s governance, decision-making procedures, control and risk management, and for the assessment of strategic risks and continuity threats at the company level, and their related risk management.
The heads of functions are responsible for the practical implementation of the governance, decision-making procedures, controls and risk management for their areas of responsibility, as well as for the reporting of deviations and the sufficiency of detailed guidelines. Directors appointed to be in charge of threats to continuity management are responsible for drawing up and maintaining continuity management plans and guidelines, and for arranging sufficient training and practice.
The CFO is responsible for arranging procedures, controls and monitoring at the company level as required by the harmonised operating methods of internal control and risk management. The company’s general counsel is responsible at the company level for assuring the legality and regulation compliance of essential contracts and internal guidelines, taking into account the company’s interests, as well as for the procedures these require. Each Fingrid employee is obligated to identify and report any risks or control deficiencies she or he observes and to carry out the agreed risk management procedures.
An authorised public accounting company selected by the general meeting acts as auditor for the company. The company’s financial auditor inspects the accounting, financial statements and financial administration for each financial period and provides the AGM with reports required by accounting legislation or otherwise stipulated in legislation. The financial auditor reports on his or her work, observations and recommendations for the Board of Directors and may also carry out other verification-related tasks commissioned by the Board or management.
The Board of Directors decides on the operating model for the company’s internal audit. The internal audit acts on the basis of plans processed by the audit committee and approved by the Board. Audit results are reported to the object of inspection, the President & CEO, the audit committee and the Board. Upon decision of the Board, an internal audit outsourced to an authorised public accounting company acts within the company. From an administrative perspective, the internal audit is subordinate to the President & CEO. The internal audit provides a systematic approach to the assessment and development of the efficacy of the company’s risk management, monitoring, management and administrative processes and ensures their sufficiency and functionality as an independent party. The internal audit has the authority to carry out reviews and to access all information that is essential to the audit. Fingrid’s internal audit carries out risk-based auditing on the company’s various processes.