Internal control
The purpose of internal auditing is to ensure that the company operates efficiently and profitably, information is reliable, and all regulations and operating principles are observed. The company’s Board of Directors monitors and evaluates the efficiency of the company’s internal supervision with the assistance of the Audit Committee. Internal auditing helps the Board fulfil its control duties by ensuring that the company’s control measures have been planned and implemented in an appropriate manner.
Taking into account the scale and industry of the business as well as the size of the organisation, the company has decided to not establish a separate function for internal auditing but have the company’s financial controller manage the internal audit.
Objectives, duties and reporting of internal auditing add
Internal auditing helps the Board of Directors fulfil its control duties and supports Wetteri companies and the management in achieving the set objectives by providing a systematic approach to the evaluation and development of the efficiency of risk management, control, management and administrative processes.
The purpose of an internal audit is to:
- ensure that the administrative processes are appropriate and profitable
- improve the efficiency of different company functions
- ensure the accuracy of financial information and reporting
- ensure observance with law, regulations and agreements
- improve data security and data privacy
- prevent misconduct
- promote responsibility
In addition, the internal audit conductor is responsible for organising and managing the company’s whistleblowing channel.
As part of the internal audit, an annual action plan is prepared for the Audit Committee’s approval. The audit is conducted in a risk-based manner and in cooperation with the company’s other control functions (risk management, auditors, compliance), targeting company functions and units, which have been estimated crucial for the achievement of the objectives set for the company activities.
The audit results are reported to the Group CEO, CFO, and the management and persons in charge of the function or unit concerned. The auditor is informed of the audit reports. A summary report covering all audits conducted, the key observations and recommendations, and the management’s action plans and implementation thereof is prepared for the Audit Committee annually. A summary report of internal audit activities is prepared for the Board of Directors annually.
Risks and risk management add
Risk management aims to ensure that risks affecting the company's business are identified in advance, managed to prevent their occurrence, and any realized risks are detected, their impact minimized and corrected, and future occurrences avoided.
Risk management responsibilities add
| Board | The Board is responsible for the management, organization, and adequacy of risk management and approves the principles of risk management. |
| Audit Committee | The Audit Committee assesses the adequacy and appropriateness of risk management and key risk areas, and makes proposals to the Board in this regard. |
| Chief Financial Officer | The Chief Financial Officer is responsible for defining and implementing risk management principles, as well as preparing and executing the action plan and reporting to the Audit Committee and the Board. The CFO is also responsible for the annual risk assessment, development, and coordination of the risk management process, and key insurance solutions. |
| CEO and Other Management | The CEO and other management are responsible for ensuring that risks are considered in planning processes, identified, anticipated, managed, and, if necessary, reported in the agreed manner. |
| Segments and Units | Segments and units identify and assess the relevant risks of their respective responsibilities in their planning processes, prepare for them, take necessary preventive measures, and report on risks in the agreed manner. |
Aim of risk management add
The company's aim is to ensure that risks are identified in advance through risk management, thereby preventing their occurrence. Risk management is fundamentally linked to the company's normal business planning and management. It is part of daily decision-making, operational monitoring, and internal control, promoting and ensuring the achievement of set objectives.
The primary aim of risk management is to identify and assess risks, threats, and opportunities that may impact both the implementation of the strategy and the achievement of short- and long-term goals. These risks are primarily the company's operational risks. A separate risk assessment is also included in significant investment proposals.
Identified risks and their management are reported to management and the board annually. The key elements of the company's risk management include implementing a comprehensive risk management process that supports the entire business, protecting assets and ensuring business continuity, ensuring security, and its continuous development.
Quicklinks
© 2026 Wetteri Oyj
Privacy policy