Mechanisms of internal control, internal audit and risk management

The purpose of the Group’s internal control mechanisms is to ensure that the financial reports released by the company contain essentially correct information on the Group’s financial position. The group has defined group-level instructions and policies for the key operative units specified below in order to ensure efficient and profitable Company operations.

The business activities of the Group are divided into two areas: the manufacturing business and the tyre retail chain. The manufacturing business consists of business units, which are Passenger Car Tyres, Heavy Tyres (the Nokian Heavy Tyres business unit was incorporated as an independent company as of January 1, 2006), and Other Business. Each business unit is responsible for its business area and its financial performance, risk management, balance sheet and investments, supported by the different service functions. The Group’s sales companies are a part of the sales function and serve as product distribution channels in local markets. The tyre retail chain is organized into a sub-group. Its parent company is Vianor Holding Oy, fully owned by the parent company Nokian Tyres plc. The tyre outlets operating in different countries are part of the sub-group.

The Managing Directors of the company’s subsidiaries are responsible for the daily operations and administration of their companies. They report to the company’s Vice President responsible for Sales, while the Managing Directors of the Vianor chain report to the director of the Vianor business unit.

The Board of Directors is responsible for the functionality of the internal control mechanisms, which are managed by the company management and implemented throughout the organization. Internal control is not a separate function; it is an integral part of all activities of the Group at all levels. Operative company management bears the main responsibility for operational control. Every supervisor is obliged to ensure sufficient control over the activities belonging to his or her responsibility and to continuously monitor the functionality of the control mechanisms. The Vice President responsible for finance and control is responsible for organizing financial administration and reporting processes and the internal control thereof. The parent company’s Finance and Control unit is responsible for internal and external accounting; its tasks also include producing financial information concerning the business areas and ensuring the accuracy of this information.

The preparation process of the consolidated financial statements (IFRS), the related control measures, and the task descriptions and areas of responsibility related to the reporting process are defined. The Company’s Finance and Control unit is in charge of consolidating the business areas’ figures to produce Group-level financial information. Each legally separate Group company produces its own information in compliance with the instructions provided and in line with local legislation. The revenue and operating profit of the Group and business units are analyzed and the consolidated profit is compared with the management’s assessment of business development and the information received from operative systems. The Group’s Finance and Control unit is centrally responsible for the interpretation and application of financial reporting standards as well as for monitoring compliance with these standards.

Effective internal control requires sufficient, timely, and reliable information in order for the Company management to be able to monitor the achievement of targets and the efficiency of the control mechanisms. This refers to financial information as well as other kinds of information received through IT systems and other internal and external channels. The instructions on financial administration and other matters are shared on the Company’s intranet for all of those who need them, and training is organized for personnel with regard to these instructions when necessary. Communication with the business units is continuous. The Company’s financial performance is internally monitored by means of monthly reporting complemented with rolling forecasts. The financial results are communicated to Company personnel immediately after the official stock exchange releases have been published.

Communications

The goal of Nokian Tyres’ investor relations is to regularly and consistently provide the stock market with essential, correct, sufficient, and up-to-date information that is subsequently used to determine the share value. The operations are based on equality, openness, accuracy, and good service.

Risk management

The Group has adopted a risk management policy, approved by the Board of Directors, which supports the achievement of strategic goals and ensures continuity of business. The Group’s risk management policy focuses on managing both the risks pertaining to business opportunities and the risks affecting the achievement of the Group’s goals in the changing operating environment.

The risks are classified as strategic, operational, financial, and hazard risks. Strategic risks are related to customer relationships, competitors’ actions, political risks, country risks, brand, R&D, and investments. Operational risks arise as a consequence of shortcomings or failures in the Company’s internal processes, actions by its personnel or systems, or external events, such as legislative changes, unpredictable rulings by judicial systems or authorities, or changes in raw material prices. Financial risks are related to fluctuations in interest rate and currency markets, refinancing, and counterparty and receivables risks. Hazard risks may lead to injuries, property damage, production outages, environmental impacts, or liabilities to third parties The most significant risks related to Nokian Tyres’ business are the country risks related to the Russian business environment,  reputation risks, tax risks (especially in Finland), product and R&D risks, production outage risks, currency and receivable risks, risks related to Corporate Governance, and information security and data administration risks. Due to the company’s product strategy, interruption risks that are related to marketing and logistics may especially have a significant impact on peak season sales. The risk analysis performed in 2016 paid special attention to risks within the area of corporate social responsibility, the most significant of which were the risks related to reputation and product quality.

The risk management process aims to identify and evaluate the risks, and to plan and implement the practical measures for each risk. Among other things, such measures may include avoiding the risk, reducing it in different ways, or transferring the risk through insurance or agreements. Control functions and actions are control or back-up procedures applied to reduce risks and ensure the completion of risk management measures.

Risk management is not allocated to a separate organization; its tasks follow the general distribution of responsibilities adopted elsewhere in the organization and its business activities. The company’s Board of Directors discusses the most significant risks annually in connection with the strategic process.