ENTERPRISE risk management, internal control and audit

ENTERPRISE Risk management

Nokian Tyres has an Enterprise Risk Management (ERM) Policy, approved by the Board of Directors, that defines the framework for ERM and promotes risk awareness and proper management of risks in the Nokian Tyres Group. The management of financial risks is defined on the Treasury Policy approved by the Board. 

The purpose of the Enterprise Risk Management is to ensure that Nokian Tyres’ management and the Board of Directors have sufficient information in decision making, both in strategy-setting and performance-driving, of risks that could have impact on creating, preserving, and realizing value of Nokian Tyres Group.

The Nokian Tyres Group ERM framework is based on the COSO framework and SFS-ISO 31000 standard and the Finnish Corporate Governance Code for listed companies.

The Group ERM framework is organized into five interrelated components:

  1. Governance and Culture
  2. Strategy and Objective-Setting
  3. Performance and Risk Assessment
  4. Review and Revision
  5. Information, Communication and Reporting.

Risk management governance

Nokian Tyres’ Board, assisted by the Audit Committee, oversees the Group’s overall enterprise risk management, provides oversight of the strategy, and carries out governance responsibilities to support management in achieving strategy and business objectives under the direction of the Board.

The President and CEO and the Group Management Team hold overall responsibility for the risk management in the Group. The ERM is not a separate function but integrated into existing business processes and practices at all organization levels. Each Business Unit/Area and function is responsible for maintaining sufficient and systematic risk assessment and reporting on the own responsibility area. The line management is operationally accountable for managing the most relevant risks as part of its daily activities and each employee is encouraged to identify, report and manage the risks within their area of responsibility.

The Group creates and supports a risk-aware culture, which pertains to ethical values, desired behaviors, and understanding of risk in the business.  As a part of onboarding there are compulsory risk management related eLearning courses in the company intranet for new employees e.g., on information security, Code of Conduct, trade secrets, insider information and sustainability.

Treasury and Risk Management in Finance coordinates the overall ERM framework and process, supports the businesses in implementation and performs specified risk management tasks e.g. the Group risk review. Treasury and Risk Management is responsible for improving and maintaining the methods, tools, and reporting associated with the ERM.

The ERM is part of the general management and internal control system. The integrated management system complies with the requirements of international standards. All operative factories are certified to ISO 9001 (quality), ISO 14001 (environment), and ISO 45001 (safety) standards. The Group is committed to UN Global Compact framework for responsible and sustainable business practices.

Internal Audit is an outsourced service reporting to the Board and providing independent assurance on the effectiveness of risk management and compliance processes.

Main principles

The ERM provides a structured framework to proactively manage risks, protect reputation and business continuity, and enhance decision-making processes. Its holistic approach considers both financial and non-financial risks.

Main principles of the ERM in Nokian Tyres are:

  • Holistic approach
    • The ERM considers risks across all parts of an organization, recognizing their interconnectedness. Each BA/BU and function is encouraged to identify the risks specific to one BA/BU or function and the interconnectedness of such.
  • Strategic alignment
    • The ERM aligns with organizational strategy and enhancing decision-making processes.
  • Risk culture
    • The ERM promotes a strong risk-aware culture within the organization.
  • Reputation safeguard
    • The ERM safeguards the organization’s reputation and ensures legal compliance.
  • Business continuity
    • The ERM contributes to business continuity even in the unforeseen challenges.

Risk process

In Nokian Tyres, risk is defined as an uncertain event and its consequences, caused by an external or internal factors, which may be either a threat or an opportunity.

Nokian Tyres categorizes risks into

  • Non-financial risks, including Strategic, operational and hazard risks
  • Financial risks.

Strategic risks are related to customer relationships, competitors’ actions, political and legislative risks, reputation, country risks, brand, product development, climate change and sustainability risks. Operational risks arise from shortcomings or failures in the company’s internal processes, actions by its personnel, system malfunctions, contractual issues, non-compliance, or external events, such as unforeseen changes in the operating environment, cyber and information security , or management of the supply chain,.

Hazard risks arise from property loss or business interruption, shortcomings or failures in employee safety or environmental risks, crime or cyber-attack.

Financial risks are related to fluctuations in interest rate and currency markets, liquidity and refinancing issues, and counterparty and credit risks as well as commodity prices.

View enterprise risks

The aim in the ERM is to

  • minimize the adverse impacts of strategic, operational, and financial risks,
  • remove or mitigate hazard risks,
  • to take advantage of opportunities.

Ongoing risk management process is to 

  • Identify
    • external and internal risks arise from activities and operating environment of the Group and/or BAs, BUs, and functions.
  • Assess
    • a risk categorized, analyzed, level of risk identified and prioritized as well as available tool selection to manage the risk.
  • Control
    • based on chosen risk appetite and tolerance, level risk is accepted, avoided, reduced, or transferred.
  • Monitor
    • a controlled risk is in on-going monitoring and any external or internal change might require re-identifying, re-assessing, re-controlling of the risk.

Risk assessment is needed always when:

  • creating/updating the strategy,
  • making major decisions about new business cases and investments,
  • making major decisions with high uncertainty.

Risk assessment and reporting

A risk matrix is used to define the level of risk in the Group’s risk assessment. The category of consequence severity against the category of likelihood/probability is used to define the impact of a risk if realized. Both severity and probability are assessed on a 5-point scale. A risk matrix helps prioritize risks and plan mitigation actions. In addition to the risk matrix, the Group analyzes the level of controlling actions.

The Annual Risk Review is integrated into the strategy process. Risks impacting strategy implementation are identified and ranked by severity and probability. Risk owners and mitigation actions/contingency plans are defined for the most important risks.

Key risks

The most significant risks related to Nokian Tyres’ business are those associated with consumer confidence and macroeconomic factors and geopolitical conditions. The tire market is evolving to meet changing consumer needs. Failure to meet performance and safety demands, innovate and develop new products and services, or adapt to the changes in the sales channel or new technologies could have an adverse effect on the financial performance.

Political uncertainties may cause serious disruption, impose additional trade barriers, and affect the company’s sales and credit risk. Unplanned interruptions in critical information systems or network services may cause disruption to the continuity of operations. Any unexpected production or delivery breaks at Nokian Tyres’ production facilities or those of its contract manufacturing partners would have a negative impact on the company’s business. Interruptions in logistics or lack of resources could have a significant impact on production and peak season sales.

Nokian Tyres constantly monitors the market environment, and prepares and updates contingency plans to mitigate major risks. Selected risk, or parts of them, can be transferred to insurance companies.

Nokian Tyres' risk analysis places special emphasis on corporate social responsibility risks. Analyses and projects related to information security and data protection and customer information are continuously a special focus area.

Read more about the risks in latest interim report.


The purpose of the Group’s internal control mechanisms is to ensure that the company’s operation is in line with the applicable laws and regulations and the company’s Code of Conduct. As regards the financial reporting process, the purpose of the Group’s internal control mechanisms is to ensure that the financial reports released by the company have been compiled in accordance with the accounting principles applied by the company and that they contain essentially correct information on the Group’s financial position, and to ensure that financial reporting is accurate and reliable.

Nokian Tyres has defined group-level policies and instructions for the key operative units specified below in order to ensure efficient and profitable company operations:

  • The Group’s business consists of Passenger Car Tyres, Heavy Tyres, and Vianor business units. Passenger Car Tyres is further divided into the following business areas: Nordics, Central Europe and North America.
  • Heavy Tyres and Passenger Car Tyres business units are responsible for their own operations, financial results, risk management, balance sheet and investments, supported by different functions.
  • The Group’s sales companies serve as product distribution channels in local markets.
  • Subsidiaries are responsible for their daily operations and administration. They report to the director responsible for the said business area, while the Vianor chain reports to the director of the Vianor business unit.

Internal control structure and responsibilities

The Board of Directors is responsible for the functionality of the internal control mechanisms, which are managed by the company’s management and implemented throughout the organization. Internal control is an integral part of all activities of the Group at all levels. The company’s operative management bears the main responsibility for operational control. Every supervisor is obliged to ensure sufficient control over the activities belonging to his or her responsibility and to continuously monitor the functionality of the control mechanisms. The Chief Financial Officer is responsible for organizing financial administration and reporting processes and the internal control thereof. Finance function is responsible for internal and external accounting; its tasks include, among others, producing financial information concerning the different areas and ensuring the accuracy of this information.

The preparation process of the consolidated financial statements (IFRS), the related control measures, and the task descriptions and areas of responsibility related to the reporting process are defined. The company’s Finance function produces the consolidations and information for the Group level and the different areas. Each legal entity within the Group produces its own information in compliance with the instructions provided and in line with local legislation. The Group’s Finance function is centrally responsible for the interpretation and application of financial reporting standards as well as for monitoring compliance with these standards.

Effective internal control requires sufficient, timely, and reliable information in order for the company’s management to be able to monitor the achievement of targets and the efficiency of the control mechanisms. This refers to financial information as well as other kinds of information received through IT systems and other internal and external channels. The instructions on financial administration and other matters are shared on the company’s intranet, and training is organized for personnel with regard to these instructions when necessary. Communication with the business units is continuous. The company’s financial performance is internally monitored by means of monthly reporting complemented with updated forecasts. The financial results are communicated to Company personnel immediately after the official stock exchange releases have been published.

internal audit

Nokian Tyres’ Internal Audit systematically carries out assessments and audits on the efficiency of risk management, internal control, and corporate governance processes. Internal Audit is an independent and objective function aimed at helping the organization achieve its goals. The principles for Internal Audit have been confirmed in the Internal Audit Charter and Policy, approved by the Board of Directors.

The Nokian Tyres Group’s Internal Audit is organized by outsourcing principle. The outsourced Internal Audit team reports administratively to CFO and functionally to the Audit Committee. Each year, the Audit Committee approves the focus areas for Internal Audit.

The operation of Internal Audit covers all business activities, functions and processes within the Nokian Tyres Group. The audit assignments are based on the key strategic focus areas of the company’s operations and the associated risks. The audit findings, recommendations and management action plans are presented to the Audit Committee, followed by ongoing monitoring and follow-up on the implementation of the management action plans.

related party transactions

Nokian Tyres determines and monitors related parties in accordance with the International Accounting Standards (IAS 24, Related Party Disclosures) and other applicable regulations. The Company has procedures in place to identify and define its related parties and assesses and monitors related party transactions to ensure that all conflicts of interest and the company’s decision-making process are appropriately taken into account. The Audit Committee monitors and assesses how agreements and other legal acts between the company and its related parties meet the requirements of ordinary activities and arm’s length terms in accordance with applicable laws and regulations. The Group’s financial management monitors and supervises related party transactions as part of the company’s normal reporting and monitoring procedures and reports to the Audit Committee on regular basis.

The company only has related party transactions that are a part of normal business, and the information regarding them is provided in the Annual Report. The decision-making processes have furthermore been structured in order to avoid conflict of interests. In case the company would have any transactions that are not part of the company’s ordinary course of business or are not implemented under arm’s length terms, such transactions shall be handled by the Audit Committee and approved by the Board and provided in the Annual Report.


The auditor has an important role as a controlling body appointed by the shareholders. The audits give shareholders an independent opinion on how the financial statements and report by the Board of Directors of the company have been drawn up and the accounting and administration of the company have been managed. In addition to his duties under the valid regulations, he reports all audit findings to the Group’s management.

During the financial year 2023, the company's auditor was authorized public accountant firm Ernst & Young Oy with Mikko Järventausta acting as the Chief Auditor. Nokian Tyres' audit fees in 2023 amounted to EUR 1,081,000. The fees paid to the authorized public accountant for other services totaled EUR 24,000.

In 2024 the General Meeting decided to re-elect authorised public accountant firm Ernst & Young Oy as the Company’s auditor for a term ending at the closing of the Annual General Meeting 2025. Ernst & Young Oy has notified that Mikko Järventausta, APA, will act as the principally responsible auditor.