risk management, internal control and audit
The Group has adopted a risk management policy, approved by the Board of Directors, which supports the achievement of strategic goals and ensures continuity of business. The Group’s risk management policy focuses on managing both the risks pertaining to business opportunities and the risks affecting the achievement of the Group’s goals in the changing operating environment.
The risks are classified as strategic, operational, financial and hazard risks. Strategic risks are related to customer relationships, competitors’ actions, political and legislative risks, reputation, country risks, brand, product development, climate change and sustainability risks and investments. Operational risks arise as a consequence of shortcomings or failures in the Company’s internal processes, actions by its personnel or systems, contractual risks, risk of non-compliance, or external events, such as unforeseen changes in the operating environment, cyber and information security, management of the supply chain, or changes in raw material prices. Financial risks are related to fluctuations in interest rate and currency markets, liquidity and refinancing, and counterparty and credit risks. Hazard risks arise from property loss or business interruption, shortcomings or failures in employee safety or environmental management systems.
The most significant risks are the risks related to consumer confidence and macroeconomic and geopolitical conditions. Political uncertainties may cause serious disruption and additional trade barriers and affect the company’s sales and credit risk. The tire market is evolving to meet changing consumer needs. Failure to innovate and develop new products and services or to adapt to the changes in the sales channel or new technologies could have an adverse effect on the financial performance. Unexpected production or delivery breaks at production facilities or interruptions in logistics could have a significant impact on peak season sales. The risk analysis conducted in 2020 also focused special attention on corporate social responsibility risks, the most significant of which are related to the Company reputation, product quality and change in consumer behavior. Analyses and projects related to information security, data protection and customer information were a special focus area.
The risk management process aims to identify and evaluate the risks, and to plan and implement the practical measures and continuous monitoring for each risk. Among others, such measures may include avoiding the risk, reducing it in different ways or transferring the risk through insurance policies or agreements. Control functions and measures are verification or back-up procedures applied to reduce the risks and ensure the completion of the risk management measures.
Responsibility for identifying, evaluating and to large extent, managing risks is delegated to business units, business areas and functions. Treasury is responsible for developing and maintaining risk management processes, methods and tools. Assisted by the Audit Committee, the Company’s Board of Directors monitors and assesses the efficiency of the Company’s risk management mechanisms and monitors the assessment and management of risks related to the Company’s strategy and operations. The Audit Committee monitors that the risk management actions are in line with the risk management policy. Issues raising in risk analysis are noted in the development of processes, compliance and control, and in Internal Audit planning. The Company’s Board of Directors discusses the most significant risks annually.
The purpose of the Group’s internal control mechanisms is to ensure that the Company’s operation is in line with the applicable laws and regulations and the Company’s Code of Conduct. As regards the financial reporting process, the purpose of the Group’s internal control mechanisms is to ensure that the financial reports released by the Company have been compiled in accordance with the accounting principles applied by the Company and that they contain essentially correct information on the Group’s financial position, and to ensure that financial reporting is accurate and reliable. The Group has defined group-level policies and instructions for the key operative units specified below in order to ensure efficient and profitable Company operations.
The Group’s business consists of Passenger Car Tyres, Heavy Tyres, and Vianor business units. Passenger Car Tyres is further divided into the following business areas: Nordics, Other Europe, North America, Russia and Asia. Heavy Tyres and Passenger Car Tyres business units are responsible for their own operations, financial results, risk management, balance sheet and investments, supported by different functions. The Group’s sales companies serve as product distribution channels in local markets.
Subsidiaries are responsible for their daily operations and administration. They report to the director responsible for the said business area, while the Vianor chain reports to the director of the Vianor business unit.
The Board of Directors is responsible for the functionality of the internal control mechanisms, which are managed by the Company’s management and implemented throughout the organization. Internal control is an integral part of all activities of the Group at all levels. The Company’s operative management bears the main responsibility for operational control. Every supervisor is obliged to ensure sufficient control over the activities belonging to his or her responsibility and to continuously monitor the functionality of the control mechanisms. The Chief Financial Officer is responsible for organizing financial administration and reporting processes and the internal control thereof. The parent company’s Finance function is responsible for internal and external accounting; its tasks include, among others, producing financial information concerning the different areas and ensuring the accuracy of this information.
The preparation process of the consolidated financial statements (IFRS), the related control measures, and the task descriptions and areas of responsibility related to the reporting process are defined. The Company’s Finance function produces the consolidations and information for the Group level and the different areas. Each legal entity within the Group produces its own information in compliance with the instructions provided and in line with local legislation. The Group’s Finance function is centrally responsible for the interpretation and application of financial reporting standards as well as for monitoring compliance with these standards.
Effective internal control requires sufficient, timely, and reliable information in order for the Company’s management to be able to monitor the achievement of targets and the efficiency of the control mechanisms. This refers to financial information as well as other kinds of information received through IT systems and other internal and external channels. The instructions on financial administration and other matters are shared on the Company’s intranet, and training is organized for personnel with regard to these instructions when necessary. Communication with the business units is continuous. The Company’s financial performance is internally monitored by means of monthly reporting complemented with updated forecasts. The financial results are communicated to Company personnel immediately after the official stock exchange releases have been published.
The Group’s internal audit systematically carries out assessments and audits on the efficiency of risk management, internal control, and corporate governance processes. Internal audit is an independent and objective function whose aim is to help the organization to achieve its goals. The principles for internal audit have been confirmed in the internal audit’s charter approved by the Board of Directors.
The Group’s Internal Audit function is managed by the Chief Audit Executive (CAE), who works under the Board of Directors. The focus areas for internal audit are approved by the Board of Directors each year. The audit assignments are based on the key strategic focus areas of the Company’s operations and the risks involved. The operation of Internal Audit covers all business activities, functions and processes within the Nokian Tyres Group. The CAE reports on their findings and the agreed further actions to the Audit Committee, the Board of Directors, the President and CEO, the Chief Financial Officer and the management of the Company. The Company’s Board of Directors follows and monitors the efficiency of the Internal Audit.
In 2020, Internal Audit focused on assessing, among other things, the operations and risks of various business areas and country organizations, corporate governance arrangements, risk management, corporate sustainability and information security matters as well as specific misconduct risks and cases and the management of the COVID-19 pandemic in the Group. The Internal Audit function at Vianor focuses on guiding the retail outlets and ensuring conformity to the Vianor activity management system, and reports to the CAE and to the country managers
Focus areas for internal control are described annually in Nokian Tyres’ Corporate Governance Statements.
related party transactions
The Company has procedures in place to identify and define its related parties and assesses and monitors related party transactions to ensure that all conflicts of interest and the Company’s decision-making process are appropriately taken into account. The Audit Committee monitors and assesses how agreements and other legal acts between the Company and its related parties meet the requirements of ordinary activities and arm’s length terms in accordance with applicable laws and regulations. The Group’s financial management monitors and supervises related party transactions as part of the Company’s normal reporting and monitoring procedures and reports to the Audit Committee on regular basis.
The Company only has related party transactions that are a part of normal business, and the information regarding them is provided in the annual report and the notes to the financial statements. The decision-making processes have furthermore been structured in order to avoid conflict of interests. In case the Company would have any transactions that are not part of the Company’s ordinary course of business or are not implemented under arm’s length terms, such transactions shall be handled by the Audit Committee and approved by the Board and provided in the Financial Review and the notes to the financial statements
The auditor has an important role as a controlling body appointed by the shareholders. The audits give shareholders an independent opinion on how the financial statements and report by the Board of Directors of the Company have been drawn up and the accounting and administration of the Company have been managed. The auditor elected at the Annual General Meeting of 2020 is KPMG Oy Ab, authorized public accountants, with Lasse Holopainen, Authorized Public Accountant, acting as the Chief Auditor. The auditor’s term of office lasts until the end of the following Annual General Meeting. In addition to his duties under the valid regulations, he reports all audit findings to the Group’s management.
The Group’s audit fees in 2020 amounted to EUR 602,486 (2019: 451,290). The fees paid to the authorized public accountants for other services totaled EUR 222,158 (2019: 1,146,556).