9 Internal control, risk management and internal audit
The purpose of internal control and risk management is to ensure the effective and successful operation of the company, reliable information and compliance with the relevant regula- tions and operating principles. Internal control helps improve the effective fulfilment of the board’s supervising obligation.
Recommendation 51 Internal audit
The company shall describe the manner in which the internal audit function of the company is organised.
Recommendation 49 Operating principles of internal control
The company shall define the operating principles of internal control.
The description must include the organisation of the internal audit function and the essential guidelines applied to internal audits. The organisation and working methods of internal audit depend on the nature and scope of the company’s operations, the number of personnel and other similar factors.
To ensure its successful operations the company must regularly control its activities. The board ensures that the company has defined the internal control procedures and monitors the effec- tiveness of such control.
Recommendation 50 Organisation of risk management
The company shall describe the criteria according to which the risk management is organised.
Risk management is part of the control system of the company. The purpose of risk management is to ensure that the risks relat- ed to the business operations of the company are identified and monitored. Effective risk management requires definition of the risk management guidelines. For the evaluation of the operation of the company it is important to provide shareholders with suf- ficient information on risk management. It is also recommended that the significant risks that have come to the knowledge of the board are described.