Internal control, internal audit and risk management

 

Stockmann's risk management principles are approved by Stockmann's Board of Directors. Assessment of the risks pertaining to financial reporting and the related management measures are determined as a part of the risk management process. Stockmann's internal control is linked to the risk management process so that some of the aspects which are subject to control are selected on the basis of risk assessments. An essential part of internal control is the Internal Audit, which operates as a separate unit within Corporate Administration under the CEO and reports its observations to the Board of  Directors. The Internal Audit is examining and assessing the effectiveness of business operations and internal control as well as producing information and recommendations to management on how to enhance these functions.

The Group's CFO and the Finance and Control Department are responsible for ensuring that the Group's financial reporting is undertaken. Group-level directions are complied with in Stockmann's financial reporting. The reporting is based on information from commercial and administrative processes and data produced by the financial management systems. The Group's Finance and Control Department determines the control measures applied to the financial reporting process. These control measures include various process descriptions, reconciliations and analyses used for ensuring the validity of the information used in the reporting and of the reporting itself. The financial reporting results are monitored and any anomalies in relation to forecasts or in comparison with the previous year's figures are analysed on a regular basis. Such analyses are used to detect any reporting errors and to produce materially accurate information on the company's finances. All of the divisions and the Group's Finance and Control Department are responsible for the effectiveness of control within their own sphere of responsibility. The Group's Finance and Control Department is responsible for assessments of the reporting processes.

In addition, Internal Audit conducts audits of the business and financial reporting processes. The company's Board of Directors is responsible for the implementation of internal control in regard to financial reporting.

Risk management

The aim of risk management is to safeguard the Group's earnings trend and ensure disturbance free business operations by implementing risk management cost-effectively and systematically in the divisions. To achieve the goals the risk management at Stockmann is organized such that

  • it is part of normal business operations and management.
  • it is a process of identifying, assessing and managing business risks that can prevent or jeopardize the achievement of business goals.
  • it is supported by internal control systems (guidelines, routines and procedures). Risk management principles are defined separately for specific areas, including the following: IT and data security, financial operations, environmental affairs, fraud and abuse, security and insurance policies.

Risk management is part of the Stockmann Group's normal business operations. The Board of Directors sees to the due and comprehensive supervision of accounting and financial management according to the Finnish Companies Act. The Board also confirms the company's long-term strategies and financial goals and the Board has confirmed the company's risk management principles. The chief executive officer sees to it that the company's accounts are kept according to law and that the management of funds is arranged in a reliable manner.

During the strategy process, the Group's Management Committee makes an estimate of business risks that may jeopardize or prevent the achievement of strategic goals. At the same time it evaluates the adequacy of risk management measures.  Formulating a strategy involves analyzing business risks and assessing the risk management procedures. Business risks are also analysed outside the strategy process, in particular in connection with important projects and investments.

The Group has a Risk Management Steering Group whose task is to support the divisions in identifying and managing risks that may jeopardize or prevent the achievement of Stockmann's strategic goals. The Steering Group, comprising the head of the Group's Internal Audit, the Group's director of legal affairs, and the head of Group Consolidation, reports on its observations and recommendations to the company's Management Committee.

Business risks are managed by taking out voluntary insurance policies in accordance with the confirmed principles of providing insurance cover. The Stockmann Group's insurance function is handled centrally by the company's director of legal affairs, who is responsible for seeing to it that the principles of providing insurance cover are observed at all Group units. In addition, the insurance company carries out regular insurance inspections of the insured items and sites in order to ascertain that the company has appropriate insurance cover. Responsibility for statutory personal insurance has been assigned to the Group's personnel administration unit.

Risk management reporting
The divisions report on business risks and their management

  • annually in connection with Stockmann's strategy process and
  • as part of decision-making on important projects and investments to the Group's Management Committee, which reports on business risks to the Board of Directors.

Risk factors