Main principles of internal control

Internal control is a process, approved by DNA’s Board of Directors, to enhance risk management in the DNA Group regarding risks that threaten the company’s goals and business. Another objective is to identify, analyse and monitor business related risks. DNA’s internal control is guided by the valid Finnish legislation, rules and recommendations of Nasdaq Helsinki Ltd, regulations and guidelines of the Financial Supervisory Authority, and the governance code.

The Board of Directors has confirmed the principles of internal control, which are based on recognised international principles of good internal control. 

The CEO and the Board of Directors have responsibility for ensuring that it is proportionate to operational risks. The Board of Directors is responsible for ensuring that the scope of internal audit is appropriate.

The objective of internal control is to ensure, to a sufficient extent, that the company meets its goals in areas such as:

  • effectiveness and efficiency of operations;
  • reliability and integrity of financial and operational information;
  • compliance with laws, regulations and agreements, and with the company’s own operating principles.

The company has a separate compliance programme related to competition law.

The areas of internal control comprise the following:

  • internal operating environment (control environment);
  • goal-setting;
  • risk identification and management;
  • control measures;
  • reliable information and communication (reporting);
  • evaluation and monitoring of internal control;
  • systems and security;
  • monitoring of outsourced operations.

Internal audit

The Group’s internal audit supports the CEO, the Board of Directors and the operative management in their controlling duty.  Internal audit has been established by the Board of Directors, and the functions and principles of the company's internal audit have been defined in the Internal Audit Charter confirmed by the Board of Directors. Internal audit’s sphere of duties covers the DNA Group.

Internal audit is independent of the Group companies and their management. Governance of internal audit is the responsibility of Senior Vice President, Legal Affairs, who is a member of the Executive Team. Internal audit has direct and unlimited access to the senior management and Board of Directors of the company, and it issues regular reports to the company Audit Committee and, when necessary, to the Board. Internal audit carries out its duties in accordance with an operational plan approved by the Board of Directors. When required, internal audit performs additional checks as proposed by the function itself or by the Board of Directors. Internal audit communicates with the DNA Group’s Board of Directors and internal control to ensure efficient coordination of auditing activities.

Internal audit reports on the results of the audit to the management of the audited operation, the CEO, the Executive Team and the Audit Committee, and prepares an annual summary on the audits for the Audit Committee.

The Board of Directors confirms decisions on the appointment and dismissal of the person in charge of internal auditing.

The objective of internal audit is to ensure that the company’s targets are met in areas such as:

  • effectiveness and efficiency of operations;
  • ensuring effective management of the organisation and accountability;
  • reliability of financial and operational reporting;
  • reporting risk and control information to appropriate units in the organisation;
  • safeguarding of assets;
  • enhancing ethics and values within the organisation;
  • compliance with laws and agreements;
  • coordination of operations and transmission of information between the Board of Directors, external and internal audit and the company management.

Internal audit complies with the international standards for the professional practice of internal auditing and the ethical principles and practical instructions of IIA (The Institute of Internal Auditors Inc.) in its work.

The guidelines, annual operational plan and budget of internal audit are discussed and approved by the Board of Directors. The Audit Committee and the Board of Directors receive all the auditors’ reports and an annual summary of the audits performed.