Internal control, risk management and internal audit
Internal control and risk management
Tieto's internal control framework supports the execution of the strategy and ensures regulatory compliance. The foundation for internal control is set by the risk management framework, financial control, internal audit and the supporting policies.
The aim of Tieto's internal control framework is to assure that operations are effective and efficiently aligned with the strategic goals. The internal control framework is intended to ensure reliable, complete and timely financial reporting and management information. The framework endorses ethical values, good corporate governance and risk management practices.
The activities related to internal control and risk management are part of Tieto's management practices and integrated into the business and planning processes.
Risk Management Framework
Tieto uses systematic risk management as a means of developing efficiency and control of business operations, their profitability and continuity. The role of the risk management organization is to develop and maintain the company's risk management framework and report risk exposures consisting of strategic, financial, operational, and compliance risks.
The risk management framework consists of the risk management organization, related policies, operating principles, and tools. The owner of each process is responsible for the continuous development of the established procedures, including controls and risk management. The Chief Risk Officer (CRO) has the responsibility to arrange and lead Tieto's risk management. The Internal Audit (IA) assures the efficiency of the framework and risk management in business operations. The Audit and Risk Committee (ARC) monitors the adequacy of the company's risk management, financial control, and internal audit functions.
Continuous development of the risk framework
The risk management framework has been adapted to Tieto's operating model and organization.
The development of the risk management framework continued throughout the whole of 2014. The main achievements were the deployment of a Risk Governance model in the organization, deployment of methods and tools, and improvement of Tieto's risk management culture.
The development is carried out in close co-operation with Tieto units and approved by Tieto LT and reviewed by the ARC.
The purpose of internal control over financial reporting is to ensure the correctness of financial reporting, including interim and annual reports, and the compliance of financial reporting with regulatory requirements.
Tieto's ARC has the oversight role in Tieto's external financial reporting.
Financial reporting process and responsibilities
Tieto has a common accounting and reporting platform, Tieto ERP. Group consolidation and reporting are based on the reporting system, which facilitates common control requirements for all cost centres and legal entities reporting to the Group. Financial reporting consists of monthly performance reports, including all the key performance indicators, rolling forecasts and interim financial reports.
Monitoring activities of financial reporting
Financial reports are regularly reviewed by Finance Partners in the units, the Leadership Teams and the Board of Directors. The follow-up is based on a thorough comparison of the actual figures with the set objectives, forecasts and previous periods. If the figures deviate, the Leadership Team members are responsible for initiating corrective actions.
Tieto's Internal Audit function carries out both business and control related audit activities.
Business audit activities aim to ensure the efficiency and appropriateness of Tieto's operations. Control related audit activities are intended to assess and assure the adequacy and effectiveness of internal controls and risk management framework within Tieto. Internal audits are planned and carried out independently but in coordination with other control functions and the external auditors. Internal Audit reports to the CFO, the President and CEO and the ARC. The annual audit plan and the annual internal audit report are approved by the ARC.