Main features of the internal control and risk management systems pertaining to the financial reporting process.
Our internal control mechanism seeks to ensure compliance with applicable EU laws, regulations and our operating principles as well as the reliability of financial and operational reporting. In addition, it seeks to safeguard our assets and to ensure overall effectiveness and efficiency of operations to meet our strategic, operational and financial targets. Internal control practices are aligned with our risk management process.
Our internal control and risk management operating model related to financial reporting is designed to provide sufficient assurance regarding the reliability of the reporting and the preparation of financial statements in accordance with:
- Applicable laws and regulations
- Generally accepted accounting principles (IFRS)
- Other requirements for listed companies
Our control standards are regularly updated to be in line with the Committee of Sponsoring Organizations (COSO) framework and our business control environment.
Our internal steering instruments for the internal control of financial reporting primarily consist of:
- Metso’s Code of Conduct
- Internal Control Policy and standards
- Treasury Policy
- Our accounting policies and reporting instructions
The Audit Committee is regularly informed about the financial reporting control environment, including:
- Information on the development of fundamental risk areas
- Activities executed and planned for these essential risk areas
- Measures to mitigate risks
Risk management and Internal Control at Metso
Risk assessment regarding financial reporting aims to identify and evaluate the most significant threats at the group, reporting segment, group companies, functions and process levels.
The assessment of risks includes e.g. risks related to fraud and unlawful activities, as well as the risk of loss or misappropriation of assets. Risk assessments result in control targets through which we seek to ensure that the fundamental requirements placed on financial reporting are fulfilled.
Our control activities are based on the corporate standards, policies, guidelines, instructions and our responsible leadership model to ensure that management directives are carried out and that necessary action is taken to address risks related to the achievement of financial reporting objectives. Metso Compliance Program seeks to ensure compliance with our governance principles in all our units as well as the correctness of our financial reporting. The program is designed to create a coherent control environment by implementing proper internal control principles for different business processes and by sharing internal control-related best practices.
Our control standards define the minimum level for internal controls that all units must achieve. All our units are required to perform an annual control self-assessment to ensure they are compliant with the minimum control standards. In addition, our Internal Audit function is responsible for evaluating the operating effectiveness of these controls according to the annual audit plan.
Compliance framework at Metso
Information and communication
To secure an effective and efficient internal control environment, our internal and external communication must be open, transparent, accurate and timely. Accounting policies, financial reporting instructions and the disclosure policy are available on our intranet, and we arrange regular training for our people regarding internal control issues and tools. The Head of Internal Audit reports the results of the internal control work as a standing item on the Audit Committee agenda. The results of the Audit Committee’s work in the form of observations, recommendations, as well as proposed decisions and measures are reported to the Board after every Audit Committee meeting.
The effectiveness of internal control related to financial reporting is monitored by the Board of Directors, the Audit Committee, the President and CEO, Group management, Internal Audit, and the management of the Business Areas and Group companies. Monitoring includes the follow up of monthly financial reports, review of the rolling estimates and plans, as well as reports from internal and external audit.
Internal audit annually assesses the effectiveness of Metso’s operations and the adequacy of risk management and reports the risks and weaknesses related to the internal control processes to the management and the Audit Committee.
Reporting of suspected financial misconduct
Our guidelines on the prevention of financial misconduct define how suspected misconduct should be reported, how it is investigated and how the issue proceeds. All Metso employees are encouraged to report suspected misconduct to their own supervisors, to other management, or, if necessary, directly to Internal Audit. Additionally, our people can report suspicions of financial misconduct confidentially via the Whistleblower channel, which is maintained by an independent party. The report can be submitted in several languages via the Internet, by phone or by email, and anonymously, if necessary. Suspected misconduct is investigated immediately and confidentially. Internal Audit decides on how the matter will be investigated and reports the suspicion to the Audit Committee. The Legal Affairs and HR functions together implement any measures consequential to possible misconduct.
In 2017, we received threereports of suspected financial misconduct via the Whistleblower channel. Additionally, Internal Audit received eight direct contacts. A total of 11 cases were investigated. There were also cases of misconduct revealed in conjunction with internal audits. The cases of misconduct were reviewed by the Audit Committee in line with our guidelines on reporting misconduct. The cases did not have a significant impact on our financial results.