Internal control

The purpose of internal auditing is to ensure that VVO's operations comply with current legislation and regulations and the company's operating principles, and also that the company's financial and business reporting is reliable. Internal auditing also seeks to safeguard VVO's assets and ensure that its operations are efficient and reliable, enabling the attainment of its strategic goals.

The internal auditing and risk management operating model included in financial reporting is designed so as to gain sufficiently dependable information on the reliability of financial reporting and to ensure that the financial statements are drawn up according to current legislation and regulations.

The VVO internal auditing system is based on the framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Organisation of internal auditing is the responsibility of the Board of Directors and the CEO. Responsibility for carrying out internal auditing, however, is shared by the entire organisation: each individual VVO employee is responsible to his/her supervisor for internal auditing in his/her area of responsibility.

Auditing environment

Principal responsibility for internal auditing of financial reporting rests with the Board of Directors. The working order of the Board of Directors outlines the responsibilities of the Board and the division of duties within the Board and among its committees. The principal task of the Audit Committee appointed by the Board of Directors is to ensure that the principles outlined for financial reporting, risk management and internal auditing are complied with and that appropriate contact is kept with the company’s auditors. It is the duty of the CEO to maintain an organisation structure where responsibility, authority and reporting relationships are clearly and comprehensively defined in writing, and to ensure that the internal auditing environment is adequately resourced.

Financial reporting is governed by VVO operating principles, HR policy, financing policy, information security policy, accounting principles and reporting instructions.

Risk management

Risk management at VVO is based on the risk management policy adopted by the Board of Directors. Risk management forms part of the company’s internal auditing, its purpose being to ensure that the company’s business goals are attained. Responsibility for providing for risk management rests with the Board of Directors. Risk management is based on risk assessments carried out in connection with the strategy and annual planning processes, which involve identifying the most notable risks, evaluating their likelihood and potential impacts, and agreeing on means to manage them. Changes in the most significant risks in the business environment and business operations are evaluated regularly and reported to the Board of Directors in the quarterly interim reporting. The Group's legal counsel is responsible for the risk management processes.

Auditing measures

The VVO financial and operational reporting process complies with the Group operating instructions and valid process descriptions. The financial management of VVO is responsible for the content of the reporting process and for compliance with instructions. The quality of reporting is ensured through process control measures. These include reconciliation of accounts, system-generated controls, and inspections and other measures undertaken by the management or others. Control functions have designated managers responsible for their sufficiency and efficiency of execution.

Auditing of the reporting and budgeting processes is based on unified VVO reporting principles, drawn up and maintained by the financial management of VVO.