Descriptions of mechanisms of internal control and risk management
The purpose of the group’s internal control mechanisms is to ensure that the Company’s operation is in line with the applicable laws and regulations and the Company’s Code of Conduct. As regards the financial reporting process, the purpose of the Group’s internal control mechanisms is to ensure that the financial reports released by the Company have been compiled in accordance with the accounting principles applied by the Company and that they contain essentially correct information on the Group’s financial position, and to ensure that financial reporting is accurate and reliable. The Group has defined group-level policies and instructions for the key operative units specified below in order to ensure efficient and profitable Company operations.
The Group’s business consists of the Passenger Car Tyres, Heavy Tyres, and Vianor business units. The Passenger Car Tyres is further divided into the Americas, Europe, Nordics and Russia and Asia business areas. Heavy Tyres and the Passenger Car Tyres business areas are responsible for their own operations, financial results, risk management, balance sheet and investments, supported by the different service functions. The Group’s sales companies serve as product distribution channels in local markets. The tire retail chain is organized into a sub-group. The tire outlets operating in different countries are part of the sub-group.
Subsidiaries are responsible for their daily operations and administration. They report to the director responsible for the said business area, while the Vianor chain reports to the director of the Vianor business unit.
The Board of Directors is responsible for the functionality of the internal control mechanisms, which are managed by the Company’s management and implemented throughout the organization. Internal control is an integral part of all activities of the Group at all levels. The Company’s operative management bears the main responsibility for operational control. Every supervisor is obliged to ensure sufficient control over the activities belonging to his or her responsibility and to continuously monitor the functionality of the control mechanisms. The Chief Financial Officer is responsible for organizing financial administration and reporting processes and the internal control thereof. The parent company’s Finance and Control unit is responsible for internal and external accounting; its tasks include producing financial information concerning the different areas and ensuring the accuracy of this information.
The preparation process of the consolidated financial statements (IFRS), the related control measures, and the task descriptions and areas of responsibility related to the reporting process are defined. The Company’s Finance and Control unit produces the consolidations and information for the group level and the different areas. Each legal entity within the Group produces its own information in compliance with the instructions provided and in line with local legislation. The Group’s Finance and Control unit is centrally responsible for the interpretation and application of financial reporting standards as well as for monitoring compliance with these standards.
Effective internal control requires sufficient, timely, and reliable information in order for the Company’s management to be able to monitor the achievement of targets and the efficiency of the control mechanisms. This refers to financial information as well as other kinds of information received through IT systems and other internal and external channels. The instructions on financial administration and other matters are shared on the Company’s intranet for all of those who need them, and training is organized for personnel with regard to these instructions when necessary. Communication with the business units is continuous. The Company’s financial performance is internally monitored by means of monthly reporting complemented with updated forecasts. The financial results are communicated to Company personnel immediately after the official stock exchange releases have been published.
The goal of Nokian Tyres’ investor relations is to regularly and consistently provide the stock market with essential, correct, sufficient, and up-to-date information that is subsequently used to determine the share value. The operations are based on equality, openness, and accuracy.
The Group has adopted a risk management policy, approved by the Board of Directors, which supports the achievement of strategic goals and ensures continuity of business. The Group’s risk management policy focuses on managing both the risks pertaining to business opportunities and the risks affecting the achievement of the Group’s goals in the changing operating environment.
The risks are classified as strategic, operational, financial and hazard risks. Strategic risks are related to customer relationships, competitors’ actions, political and legislative risks, reputation, country risks, brand, product development, climate change and sustainability risks and investments. Operational risks arise as a consequence of shortcomings or failures in the Company’s internal processes, actions by its personnel or systems, contractual risks, risk of non-compliance, or external events, such as unforeseen changes in the operating environment, cyber and information security, management of the supply chain, or changes in raw material prices. Financial risks are related to fluctuations in interest rate and currency markets, liquidity and refinancing, and counterparty and credit risks. Hazard risks arise from shortcomings or failures in employee safety or environmental management systems.
The most significant risks related to Nokian Tyres’ business are the country risks related to the Russian business environment and other risks of change within the operating environment, risks related to products and product development, production outage risks, currency and credit risks, and tax risks. Due to the Company’s product strategy, interruption risks that are related to marketing and logistics may also have a significant impact on peak season sales. The risk analysis conducted in 2019 also focused special attention on corporate social responsibility risks, the most significant of which are related to the Company reputation and product quality. Analyses and projects related to information security, data protection and customer information were a special focus area.
The risk management process aims to identify and evaluate the risks, and to plan and implement the practical measures and continuous monitoring for each risk. Among others, such measures may include avoiding the risk, reducing it in different ways or transferring the risk through insurance policies or agreements. Control functions and measures are verification or back-up procedures applied in order to reduce the risks and ensure the completion of the risk management measures.
Responsibility for identifying, evaluating and to large extent, managing risks is delegated to business units, business areas and support functions. Treasury is responsible for developing and maintaining risk management processes, methods and tools. Assisted by the Audit Committee, the Company’s Board of Directors monitors and assesses the efficiency of the Company’s risk management mechanisms and monitors the assessment and management of risks related to the Company’s strategy and functions. The Audit Committee monitors that the risk management actions are in line with the risk management policy. Issues raising in risk analysis are noted in development of processes, compliance and control, and in Internal Audit planning. The Company’s Board of Directors discusses the most significant risks annually in connection with the strategic process.