The objective of the internal control and risk management systems
associated with Elisa's financial reporting process is to obtain
reasonable assurance that the company's financial statements and
financial reporting are reliable, that they have been prepared in
compliance with laws, regulations and generally accepted accounting
principles, and that they provide a true and fair view of the financial
situation of the company. Internal control and risk management
procedures are integrated into the company’s operations and processes.
Elisa’s internal control can be described using the international COSO
Elisa's control environment is based on the company's values, Code of
Conduct and supplementary policies, guidelines and practices, as well
as goal-oriented management. Elisa's key processes have been documented,
and they are both controlled and developed systematically.
Annual business and strategy planning processes and targets, as well
as rolling monthly financial forecasts, represent a key element in
Elisa's business and performance management. Financial results are
assessed against the forecast, the annual plan, the previous year’s
results and the strategic plan.
Targets are set for the Elisa Group and for each unit, and individual
targets are specified in semi-annual appraisals based on the scorecard
and performance-based bonus system.
Risk assessment is an
integral part of Elisa's planning process. The purpose of risk
assessment is to identify and analyse risks that could affect the
achievement of specified targets and to identify measures to reduce
The key risks associated with the accuracy of
financial reporting have been identified in a process-specific risk
analysis. Risk assessment also covers risks related to misuse and the
resulting financial losses, as well as the misappropriation of the
company's other assets.
Control measures consist of automatic and manual reconciliation, control
and instructions integrated into the processes, with the objective of
ensuring the accuracy of financial reporting and the management of the
risks involved. The reporting control mechanism processes have been
documented. Key control mechanisms also include access rights management
of information systems, authorisation, and the controlled and tested
implementation of information system changes.
development of business operations is constantly monitored on a unit
basis. Financial management discusses any exceptional items and
recognitions at its meetings and investigates the causes and reasons for
any changes in the rolling monthly forecasts. Financial reporting is
also ensured by comprehensive and analytical reporting of operative
metrics, drivers and key figures, and continuous development of the
The Board of Directors’ Audit Committee is tasked with supervising
the proper organisation of the company’s accounting and financial
administration, internal and financial auditing, and risk management.
Elisa's Board of Directors reviews and approves the interim reports,
half year financial statement and financial statement releases. Elisa’s
Board of Directors and Executive Board monitor the Group’s and the
business units’ results and performance on a monthly basis.
Elisa's Finance unit is responsible for the internal auditing of the
financial reporting and continuously evaluates the functionality of
controls. In addition, Elisa’s internal auditing function controls the
reliability of financial reporting within the framework of its annual
The company classifies risks into strategic, operational, insurable
and financial risks. Insurable risks are identified, and insurance is
taken out through an external insurance broker to deal with these risks.
The insurance broker assists the company when the amount and likelihood
of insurable risks are estimated.
Financial communication and training
Key instructions, policies and procedures are available to the
personnel on the company's intranet and through other shared media. In
addition, regular information and training are provided to the financial
organisation, particularly regarding any changes in accounting,
reporting and disclosure requirements.
Elisa's valid Disclosure Policy is available on the company's website at elisa.com.
The purpose of internal auditing is to estimate the appropriateness
and profitability of the company's internal control system and risk
management, as well as the management and administration processes.
Internal auditing supports the development of the organisation and
improves the management of the supervision obligation of the Board of
Internal auditing is also intended to support the organisation in
achieving its goals by evaluating and investigating its functions and by
monitoring compliance with corporate regulations. For this purpose,
internal auditing produces analyses, assessments, recommendations and
information for use by the company’s senior management. Reports on
completed audits are submitted to the CEO and the management of the unit
audited, as well as to the Audit Committee on regular basis.
Internal auditing is based on international internal auditing
standards (IIA). Internal auditing is independent of the rest of the
organisation. The starting point for internal auditing is business
management, and the work is coordinated with financial auditing. An
annual auditing plan and auditing report are presented to the Board of
Directors’ Audit Committee. Internal auditing may also carry out
separately agreed audits on specific issues at the request of the Board
of Directors and Elisa’s Executive Board.