Control environment
Elisa's control environment is based on the company's values, Code of Conduct and supplementary policies, guidelines and practices, as well as goal-oriented management. Elisa's key processes have been documented, and they are both controlled and developed systematically.
Annual business and strategy planning processes and targets, as well as rolling monthly financial forecasts, represent a key element in Elisa's business and performance management. Financial results are assessed against the forecast, the annual plan, the previous year’s results and the strategic plan.
Targets are set for the Elisa Group and for each unit, and individual targets are specified in semi-annual appraisals based on the scorecard and performance-based bonus system.
Risk assessment
Risk assessment is an
integral part of Elisa's planning process. The purpose of risk
assessment is to identify and analyse risks that could affect the
achievement of specified targets and to identify measures to reduce
those risks.
The key risks associated with the accuracy of
financial reporting have been identified in a process-specific risk
analysis. Risk assessment also covers risks related to misuse and the
resulting financial losses, as well as the misappropriation of the
company's other assets.
Controls
Control measures consist of automatic and manual reconciliation, control
and instructions integrated into the processes, with the objective of
ensuring the accuracy of financial reporting and the management of the
risks involved. The reporting control mechanism processes have been
documented. Key control mechanisms also include access rights management
of information systems, authorisation, and the controlled and tested
implementation of information system changes.
The financial
development of business operations is constantly monitored on a unit
basis. Financial management discusses any exceptional items and
recognitions at its meetings and investigates the causes and reasons for
any changes in the rolling monthly forecasts. Financial reporting is
also ensured by comprehensive and analytical reporting of operative
metrics, drivers and key figures, and continuous development of the
reporting.
Auditing
The Board of Directors’ Audit Committee is tasked with supervising the proper organisation of the company’s accounting and financial administration, internal and financial auditing, and risk management. Elisa's Board of Directors reviews and approves the interim reports, half year financial statement and financial statement releases. Elisa’s Board of Directors and Executive Board monitor the Group’s and the business units’ results and performance on a monthly basis.
Elisa's Finance unit is responsible for the internal auditing of the
financial reporting and continuously evaluates the functionality of
controls. In addition, Elisa’s internal auditing function controls the
reliability of financial reporting within the framework of its annual
audit plan.
Risk management
The company classifies risks into strategic, operational, insurable and financial risks. Insurable risks are identified, and insurance is taken out through an external insurance broker to deal with these risks. The insurance broker assists the company when the amount and likelihood of insurable risks are estimated.
Financial communication and training
Key instructions, policies and procedures are available to the personnel on the company's intranet and through other shared media. In addition, regular information and training are provided to the financial organisation, particularly regarding any changes in accounting, reporting and disclosure requirements.
Elisa's valid Disclosure Policy is available on the company's website at elisa.com.
Internal auditing
The purpose of internal auditing is to estimate the appropriateness and profitability of the company's internal control system and risk management, as well as the management and administration processes. Internal auditing supports the development of the organisation and improves the management of the supervision obligation of the Board of Directors.
Internal auditing is also intended to support the organisation in achieving its goals by evaluating and investigating its functions and by monitoring compliance with corporate regulations. For this purpose, internal auditing produces analyses, assessments, recommendations and information for use by the company’s senior management. Reports on completed audits are submitted to the CEO and the management of the unit audited, as well as to the Audit Committee on regular basis.
Internal auditing is based on international internal auditing standards (IIA). Internal auditing is independent of the rest of the organisation. The starting point for internal auditing is business management, and the work is coordinated with financial auditing. An annual auditing plan and auditing report are presented to the Board of Directors’ Audit Committee. Internal auditing may also carry out separately agreed audits on specific issues at the request of the Board of Directors and Elisa’s Executive Board.