Controls

Main features of the internal control and risk management systems pertaining to the financial reporting process.

The internal control mechanism seeks to ensure the company's compliance with applicable EU laws, regulations and our operating principles as well as the reliability of financial and operational reporting. Furthermore, the internal control mechanism seeks to safeguard the company’s assets and to ensure overall effectiveness and efficiency of operations to meet Metso’s strategic, operational and financial targets. Internal control practices are aligned with Metso’s risk management process. The goal of risk management is to support Metso’s strategy and the achievement of objectives by anticipating and managing potential business threats and opportunities.

Metso’s operating model of internal control and risk management related to financial reporting is designed to provide sufficient assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with applicable laws and regulations, generally accepted accounting principles (IFRS) and other requirements for listed companies. The control standards are regularly updated to be in line with the Committee of Sponsoring Organizations (COSO) framework and the company’s business control environment.

Control environment

The Board of Directors bears the overall responsibility for the internal control over financial reporting. The Board has established a written formal working order that clarifies the Board’s responsibilities and regulates the Board’s and its committees’ internal distribution of work. The Audit Committee’s task is to ensure that established principles for financial reporting, risk management and internal control are adhered to. The President and CEO is responsible for maintaining an effective control environment and for the ongoing work on internal control regarding financial reporting. The Internal Audit function reports all relevant issues to the Audit Committee and the President and CEO. The function focuses on developing and enhancing internal control over the financial reporting in Metso by proactively concentrating on the internal control environment and by monitoring the effectiveness of the internal control. Our internal steering instruments for financial reporting primarily comprise Metso’s Code of Conduct, Internal Control Policy, Internal Control Standards, Treasury Policy and our accounting policies and reporting instructions, which define the accounting and reporting rules, and Metso’s definition of processes and minimum requirements for internal control over financial reporting.

Risk assessment

Metso’s risk assessment as regards financial reporting aims to identify and evaluate the most significant threats affecting the financial reporting at the Group, reporting segment, unit, function and process levels. The assessment of risk includes, for example, risks related to fraud and unlawful activities, as well as the risk of loss or misappropriation of assets. The risk assessment results in control targets through which we seek to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on the development of essential risk areas and the activities executed and planned in these areas as well as the measures to mitigate them are communicated regularly to the Audit Committee.

Control activities

We have established an internal Metso Compliance Program to ensure the correctness and credibility of our financial reporting and compliance with our governance principles in all our units. Its purpose is to create a coherent control environment at Metso by implementing proper internal control principles for different business processes and to share internal control related best practices. Our control standards define the basic level for internal controls that all units must achieve. Our Internal Audit function, assisted by trained Metso testers from different parts of our organization, is responsible for the testing of the units. Unlike with the SOX system, independent auditors do not issue a separate statement on the functionality of our internal controls, although in their work they do widely utilize the documentation created in conjunction with the Metso Compliance Program.

Our Internal Control Standards are designed to ensure that local management in every Metso unit designs and effectively implements the most important monitoring procedures related to selected key financial and business administration processes in all Metso units. This is complemented with proper segregation of key duties and management oversight controls in the organizations. Properly established internal control mechanisms safeguard us also from possible misconduct. Internal Control Standards list the control standards for selected business processes, which are sales and project business, procurement, payroll, inventory, treasury, financial reporting, fixed assets and IT systems. For each of these processes, the tasks that must be segregated are also listed. The units document the control activities in use for each of their respective key business processes. In Metso’s Compliance Program, the effectiveness of the monitoring procedures are assessed and tested. The program also requires the correction of any shortcomings.

Information and communication

In order to secure an effective and efficient internal control environment, we seek to ensure that Metso’s internal and external communication is open, transparent, accurate and timely. Information regarding internal steering instruments for financial reporting, such as accounting principles, financial reporting instructions and the disclosure policy, are available on Metso’s intranet. We arrange training for our personnel regarding internal control issues and tools. Metso’s CFO and the head of Internal Audit report the results of the internal control work as a standing item on the agenda of the Audit Committee. The results of the Audit Committee’s work in the form of observations, recommendations, and proposed decisions and measures are reported to the Board after every Audit Committee meeting.

Monitoring

The effectiveness of internal control related to financial reporting is monitored by the Board of Directors, the Audit Committee, the CEO, Group management, internal audit, and the management of the reporting segments and Group companies. Monitoring includes the follow up of monthly financial reports, review of the rolling estimates and plans, as well as reports from Internal Audit and quarterly reports by independent auditors. Our Internal Audit annually assesses the effectiveness of Metso’s operations and the adequacy of risk management and reports the risks and weaknesses related to the internal control processes. Internal Audit compiles an annual audit plan, the status and findings of which it regularly reports to Metso management, auditors and the Audit Committee. Furthermore, our Internal Audit and independent auditor meet regularly to coordinate the monitoring efforts.