Internal audit and internal control

Internal audit 

Enersense’s internal audit is responsible for the independent assessment and verification function required from listed companies. The function systematically examines and verifies the effectiveness of risk management, monitoring, management and governance.

Key internal audit principles include independence, objectivity and confidentiality. The purpose of internal audit is to provide objective and independent information for the Board of Directors and the management. The focuses of internal audit are aspects that are important in terms of strategy, business operations and operating activities in both the long term and the short term.  Audit operations are based on risk analyses, as well as on risk management and monitoring discussions with the Group’s management.

Enersense’s internal audit has been outsourced to PricewaterhouseCoopers Oy, Authorised Public Accountants. Internal audit operates under the CFO and reports on its findings and recommendations to the Audit Committee. Reports are forwarded to the Board of Directors for discussion.

The audit function covers all the companies and operations of the Enersense Group. The internal audit reports are also provided to the company’s external auditor to ensure the sufficient coverage of audit operations and avoid overlaps. Internal audit prepares an audit plan annually for approval by the Board of Directors.

The management’s action plans and recommendations are prepared based on the key observations made during audits, and these are included in business planning. The management and the Audit Committee systematically monitor their implementation.

Internal control 

The purpose of Enersense’s internal control is to ensure effective performance in accordance with laws, regulations, guidelines and good governance at Enersense, in addition to ensuring the reliability, efficiency and transparency of governance. In addition, the purpose of internal control related to financial reporting is to provide sufficient certainty of the reliability of financial reporting, in addition to ensuring that the financial statements and other financial reporting have been prepared in accordance with the current laws and regulations.

The internal control system covers all the company’s processes, procedures and policies that enable the company to achieve its internal control targets. Enersense’s Code of Conduct and management system lay the foundation for the recognisability and implementation of its control environment and activities. In addition, internal control is carried out through Group-wide decision-making authorisations, as well as through Group-wide procurement, risk management and disclosure policies. Enersense also has an open whistle-blowing channel in place. Information systems are critical to effective internal control.

The Board of Directors is responsible for the organisation of internal control. The Board’s Audit Committee is responsible for monitoring the effectiveness, sufficiency and appropriateness of internal control. The company’s management and all its employees are responsible for implementing internal control.

Enersense’s financial and operational reporting process follows the company’s operating guidelines and process descriptions. The CFO has the principal responsibility for the operational management of the control environment for financial reporting. The quality of reporting is ensured by means of various process control measures, such as matching, system-generated controls and audits and measures performed by the management or other parties. Persons in charge have been assigned for controls to ensure their sufficiency and effective implementation. The monitoring of reporting and budget processes is based on Enersense’s reporting principles, which are prepared and maintained by the financial management department.

The monitoring of financial reporting covers the monitoring of monthly financial and operational reports, the assessment of forecasts, plans and the most significant changes in the business environment and business risks, and the regular review of internal audit reports and external auditors’ reports.