EN
FI

Risk Management and Internal Control

The general governance principles lay the foundation for Tokmanni Group’s business operations. To guarantee the appropriate operation of the governance model, Tokmanni Group’s Board of Directors has defined a set of principles for internal control. The company’s internal control system is based on these principles. The purpose of the internal control system is to ensure that the company’s operations are appropriate and efficient, that its financial and operational reporting is reliable and that regulations and the Code of Conduct are followed.

Internal control covers all organisational levels and is an essential part of all of Tokmanni Group’s business operations. Tokmanni Group’s values, Code of Conduct, Group-level policies, accounting principles, operating guidelines, processes, practices and organisational structures help the management and ultimately the Board of Directors ensure that Tokmanni achieves its targets, that its business operations are managed ethically and in compliance with all applicable laws and regulations, that its assets are managed responsibly and that its financial reporting is appropriate.

Internal control

Internal control is an essential part of Tokmanni Group’s governance and management system, in which Tokmanni Group Corporation’s Board of Directors, management and personnel participate. The purpose of internal control is to ensure the achievement of Group’s goals. Tokmanni’s internal auditor is responsible for internal auditing within the Group. Administratively, the unit reports to the CFO. However, in matters related to internal auditing, the auditor reports to the Finance and Audit Committee. The purpose of internal auditing is to monitor and ensure that the company’s business operations are efficiently managed and profitable, that its risk management is at a sufficient level and that its internal and external reporting is accurate and appropriate.

Internal control helps Tokmanni Group comply with good governance practices, provides the Group’s management with an independent perspective on examining its operations and helps the company achieve its targets by providing a systematic and disciplined approach to assessing and enhancing the efficiency of risk management, monitoring and governance processes.

The operating principles and key procedures for internal controlling are defined in the operating guidelines confirmed by the Finance and Audit Committee (internal principles of auditing). The internal control unit prepares a three-year plan that is implemented in line with a separately approved annual plan. In accordance with the plan, the internal control unit also independently carries out audits on different parts of the company. In addition, it may conduct special audits and stipulated audits in cooperation with auditors and external experts.

Principles for related party transactions

Tokmanni Group has deemed the following people to be executives obligated to disclose their business transactions that involve Tokmanni’s financial instruments: members of the Board of Directors, CO, Deputy CEO and CFO of Tokmanni Group. The people listed above must also determine their related parties (individuals and companies).

Tokmanni Group reports related party transactions in note to the financial statements. In addition, the Group evaluates and monitors transactions between the Group and its related parties in order to ensure that possible conflicts of interest are taken into account in decision making. The disqualification provisions of the Finnish Limited Liability Companies Act are observed in decision making. In 2023, the company had no related party transactions which would be material and in addition, in conflict with ordinary business or ordinary market terms.

Tokmanni Group Corporation’s insider register is maintained by the company’s financial department. The company’s Investor Relations is responsible for the timely disclosure of business transactions carried out by executives and their related parties in compliance with regulations.

Auditing

The company has one auditor. The auditor must be an auditing firm authorised by the Finland Chamber of Commerce. The Annual General Meeting appoints the auditor for the financial year in progress at the time. The auditor’s term of office runs until the end of the Annual General Meeting immediately following the meeting during which they were appointed. The auditor is responsible for auditing the consolidated financial statements and the parent company’s financial statements, accounting and governance. The auditor submits a statutory auditor’s report on the financial statements to the company’s shareholders. In addition, the auditor regularly reports to the Board of Directors.

The Board of Directors presents a proposal on the company’s auditor to the Annual General Meeting. Tokmanni Group’s Finance and Audit Committee monitors the company’s financial reporting and prepares matters for the Board that concern, among other things, Group’s financial reporting and auditing.

In addition to general qualification requirements, the auditor must meet specific statutory requirements concerning independence in order to ensure reliable and independent auditing.

The auditor submits a statutory auditor’s report on the financial statements to the Tokmanni Group Corporations’s shareholders and reports regularly on its observations to the Audit Committee of Tokmanni Group’s Board of Directors.

The 2023 Annual General Meeting elected firm of authorised public accountants PricewaterhouseCoopers Oy as Tokmanni Group’s auditor. The company’s principal auditor is Ylva Eriksson, APA. The auditor is compensated in accordance with a reasonable invoice.

Control related to financial reporting

With regard to financial reporting, the purpose of internal control is to ensure that the reporting is reliable and complies with widely accepted accounting principles, as well as the applicable laws and regulations and internal reporting principles. Tokmanni Group’s financial reporting framework is based on Group-level guidelines and financial processes and on a common reporting platform. This framework is supported by company values, integrity and high ethical principles, as well as regular training and the exchange of information at meetings concerning financial processes.

The overall responsibility for the internal control of the whole Group rests with the Board of Directors. The Board evaluates business performance. The Board has appointed a Finance and Audit Committee, which regularly monitors compliance with the principles of financial reporting, as well as the accuracy of the financial reporting, as part of its duties. On a monthly basis, the CEO and the members of the Executive Group report on financial development and outlook for the period in progress.

The financial function maintains common guidelines for financial reporting, serves as the owner of financial processes and monitors reporting platforms in a centralised manner. The financial department is responsible for the application and interpretation of the accounting principles concerning financial statements. These principles are recorded in Tokmanni Group Corporation’s accounting manual.

In addition to financial information, the reporting covers key financial indicators in terms of the Group’s business operations. The Group’s financial result and future outlook are evaluated on a monthly basis.

Communications

To ensure an efficient and well-functioning internal control environment, Tokmanni Group seeks to ensure the adequacy, openness, transparency, accuracy and timeliness of its internal and external communications. Information about internal tools for financial reporting – such as the accounting principles and the guidelines and disclosure policy concerning financial reporting – is available on Tokmanni’s intranet. Tokmanni Group provides its employees with the necessary training on matters related to internal control and the use of internal control tools. In so doing, company clearly communicates to its employees that the responsibilities related to internal control are taken seriously.

Employees can communicate suspected misconduct via a whistle blower channel that secures anonymous reporting or directly to the Compliance function.

Tokmanni’s CFO and the person in charge of internal auditing regularly report to the Finance and Audit Committee on the results of the work related to internal control. Possible observations, recommendations and proposed decisions and measures arising from the work of the Finance and Audit Committee are reported to the Board of Directors after each committee meeting.

Monitoring

The functionality of internal control, risk management and reporting systems is monitored continuously as part of the company’s day-to-day management of Tokmanni Group. The Group’s financial department monitors the functionality and reliability of the reporting processes across the Group. The financial reporting processes also fall within the internal audit unit’s sphere of monitoring.

Risks and risk management

Risk management is part of Tokmanni Group’s management system and internal control. The purpose of Tokmanni Group’s risk management is to support the company’s values and strategy and the continuity of its business operations by anticipating and managing any risks associated with its operations. The goal is to assess risks systematically to promote thorough planning and decision-making.

Risk management at Tokmanni Group has the following targets:

  • Stressing the importance of risk awareness and proactive risk management;
  • Maintaining the company’s competitiveness and gaining a competitive edge;
  • Ensuring sufficient risk management at Group level in line with risk tolerance and risk appetite;
  • Managing risks as part of business operations, planning and decision-making in line with predetermined duties and responsibilities.

Risk management includes all parts of the organisation and all risk types, from strategic to operational. Risk management supports the management and the Board in order to ensure that the company can implement its strategy efficiently. Tokmanni Group Corporation operates in line with the risk management policy approved by the Board of Directors.

Risks are assessed regularly and reported to the CEO, the Executive Group, the Financial and Audit Committee and the Board of Directors in accordance with Tokmanni Group’s risk management policy. Risks that may affect Group are divided into strategic, operational, financial and hazard risks.

Strategic risks threaten the Group’s achievement of its strategic targets. These risks are typically related to e.g. changes in the operating environment, competitors’ actions and the planning and organisation of the Group’s business operations.

Operational risks are related to losses arising from the deficiency or failure of internal processes, personnel resources or systems. These risks typically concern operational decision-making, the allocation of resources, the quality of operational processes or products, the functionality of information systems, agreements and compliance with laws and regulations, as well as employees’ knowledge and skills.

Financial risks include liquidity and credit risks and market risks, which include currency and interest rate risks, for example.

Hazard risks cause damage to people, property or the environment. They arise from external or internal events, such as accidents, safety failures or natural phenomena.

Risks and uncertainty factors that were considered to be significant in 2022 are described in detail in the 2023 Financial Statement on the company’s website.

Key practices of the Compliance function

Compliance is tasked with assisting senior management, executive management and other business operations in the management of risks associated with regulatory non-compliance, supervising regulatory compliance and, for its part, developing internal control further.

Compliance risk is the risk of legal or administrative penalties, financial losses or loss of reputation as a result of a failure of the company to comply with laws, regulations or other administrative provisions applicable to its activities. Tokmanni’s compliance risk management ensures that operations comply with legislation and the company’s own requirements. Tokmanni expects all its staff to comply with the company’s Code of Conduct and its principles and unit-specific guidelines. The Code of Conduct and guidelines cover a wide range of compliance issues, including the prohibition of corruption and bribery, issues regarding labour, occupational health and safety, and human rights issues.

The CFO is responsible for the company’s compliance operations and reports directly to the CEO and also regularly informs the Board of Directors. The CFO is supported by Tokmanni’s Compliance team, which is composed of the Head of Sustainability, the Manager of Security and Real Estate, the Vice President, Sales and Supply Chain and the HR Manager.

The Compliance team convenes every two months, but urgent matters are dealt with without delay. The team handles notifications concerning financial misconduct received via the whistleblowing channel or otherwise and actions that violate the Tokmanni Code of Conduct, and imposes potential sanctions. All notifications of violations are processed confidentially as required by data protection legislation. Tokmanni will take appropriate action based on the notifications.

The Compliance team aims to prevent the materialisation of compliance risks. For this purpose, the Compliance team shall, for example:

  • prepare and maintain guidelines on key matters related to practices (Tokmanni Code of Conduct and principles),
  • advise and train the staff in matters related to practices,
  • support business units in planning development measures that promote internal control and compliance risk management,
  • keep senior management and executive management informed of upcoming regulatory changes and monitor the business’s preparation for regulatory changes,
  • report to the company’s CEO on issued recommendations and the results of control and other observations related to compliance risks.

 

Page last updated: 12.04.2024