Mechanisms of internal control, internal audit and risk management

The purpose of the Group’s internal control mechanisms is to ensure that the financial reports released by the company contain essentially correct information on the Group’s financial position. The Group has defined Group-level instructions and policies for the key operative units specified below in order to ensure efficient and profitable operations.

The business activities of the Nokian Tyres Group are divided into two areas: the manufacturing business and the tyre chain. The manufacturing business consists of profit centers, which are Passenger Car Tyres, Heavy Tyres (the Nokian Heavy Tyres profit center was incorporated as an independent company as of January 1, 2006), and Other Business. Each profit center is responsible for its business area and its financial performance, risk management, balance sheet, and investments, supported by the different service functions. The Group’s sales companies are a part of the sales function and serve as product distribution channels in local markets. The tyre chain is organized into a separate sub-group, whose parent company is Vianor Holding Oy, fully owned by the parent company Nokian Tyres plc. The tyre outlets operating in different countries are part of the sub-group.

The Managing Directors of the company’s subsidiaries are responsible for the daily operations and administration of their companies. They report to the company’s Vice President responsible for Sales, while the Managing Directors of the Vianor chain report to the director of the Vianor profit center.

The Board of Directors is responsible for the functionality of the internal control mechanisms, which are managed by the company management and implemented throughout the organization. Internal control is not a separate function; it is an integral part of all activities of the Group at all levels. Operative company management bears the main responsibility for operational control. Every supervisor is obliged to ensure sufficient control over the activities belonging to his or her responsibility and to continuously monitor the functionality of the control mechanisms. The Vice President responsible for finance and control is responsible for organizing financial administration and reporting processes and the internal control thereof. The parent company’s Finance and Control unit is responsible for internal and external accounting; its tasks also include producing financial information concerning the business areas and ensuring the accuracy of this information.

The preparation process of the consolidated financial statements (IFRS), the related control measures, as well as the task descriptions and areas of responsibility related to the reporting process are as defined. The parent company’s Finance and Control unit is in charge of consolidating the business areas’ figures to produce Group-level financial information. Under the supervision of the parent company’s Finance and Control unit, each legally separate Group company produces its own information in compliance with the instructions provided and in line with local legislation. The revenue and operating profit of the Group and business units are analyzed, and the consolidated profit is compared with the management’s assessment of business development and information received on operative systems. The Group Finance and Control unit is centrally responsible for the interpretation and application of financial reporting standards, and also for monitoring compliance with these standards.

Effective internal control requires sufficient, timely, and reliable information in order for the company management to be able to monitor the achievement of targets and the efficiency of the control mechanisms. This refers to financial information, as well as other kinds of information received through IT systems and other internal and external channels. The instructions on financial administration and other matters are shared on the intranet for all those who need them, and training is organised to personnel with regard to these instructions when necessary. There is continuous communication with the business units. The company’s financial performance is internally monitored by means of monthly reporting complemented with rolling forecasts. The financial results are communicated to company personnel immediately after the official stock exchange releases have been published.

Internal Auditing in Nokian Tyres Group carries out assessments and audits on the efficiency of risk management, internal control, and governance processes. Internal Auditing is an independent and objective function whose aims is to help the organization to achieve its targets. The Internal Audit function in the Group is managed by the Internal Auditor (CAE), who works under the Board of Directors and the President and CEO. The Internal Audit function of the Group is planned to be conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.

In 2015, the internal audit focused among other things on assessing the operation and risks of various country organizations, compliance with corporate governance instructions, corporate social responsibility, data security, and some misconduct risks. External estimator conducted the assessment of the Group’s internal audit during the Spring. The Internal Audit function has primarily reported to the Audit Committee. The Internal Audit function in Vianor focuses on guiding the outlets and ensuring conformity to the Vianor activity system. It reports to the Internal Auditor of the Group and the Managing Directors of the country units.

Risk management

The Group has adopted a risk management policy, approved by the Board of Directors, which supports the achievement of strategic goals and ensures continuity of business. The Group’s risk management policy focuses on managing both the risks pertaining to business opportunities and the risks affecting the achievement of the Group’s goals in the changing operating environment.

The risks are classified as strategic, operational, financial, and hazard risks. Strategic risks are related to customer relationships, competitors’ actions, political risks, country risks, brand, R&D, and investments. Operational risks arise as a consequence of shortcomings or failures in the company’s internal processes, actions by its personnel or systems, or external events, such as legislative changes, unpredictable rulings by judicial systems or authorities, or changes in raw material prices. Financial risks (Note 29) are related to fluctuations in interest rates and currency markets, refinancing, and counterparty risks. Hazard risks are risks that may lead to injuries, property damage, production outages, environmental impacts, or liabilities to third parties.

The most significant risks related to Nokian Tyres’ business are the country risks related to the Russian business environment, reputation risks, product and R&D risks, production outage risks, currency risks, and governance and data administration risks. Due to the company’s product strategy, interruption risks that are related to marketing and logistics may have a significant impact especially on peak season sales.

The risk management process aims to identify and evaluate the risks and to plan and implement practical measures for each risks. Among other things, such measures may include avoiding the risk, reducing it in different ways or transferring the risk through insurance or agreements. Control functions and actions are control or back-up procedures applied to reduce risks and ensure the completion of risk management measures.

Risk management is not assigned to a separate organization; its tasks follow the general distribution of responsibilities adopted elsewhere in the organization and its business activities. The company’s Board of Directors discusses the risks annually in connection with the strategic process.