Corporate Governance
Risk management
The primary objective of the Company's risk management is to support the implementation of the Company's strategy, the continuity of its operations, and the achievement of business objectives by anticipating and proactively managing risks related to the Company's operations. Risk management emphasises the role of corporate culture and is an integrated part of the Company's operations, planning and decision-making. A risk is defined as an uncertain event resulting from external or internal factors, which can be either a threat or an opportunity. The Board has approved a risk management policy that defines the Company's risk management framework, processes, governance and responsibilities.
The Board oversees and is responsible for ensuring that the Company's risk management processes are comprehensive. The Board defines the risk appetite and risk tolerance according to current circumstances. The Company's operative management is responsible for achieving the set targets and for managing, administering and mitigating the risks threatening them. The operational management is also responsible for risk management work and for ensuring the functionality of the risk management process and the availability of adequate resources.
The CEO is responsible for providing instructions and advice to business and operations regarding the Company's risk management, and for monitoring the practical implementation of the process. Risk management assessments are coordinated by the CFO, who supports management, business operations and other support functions in risk management work. The CFO reports on key risks to the Board annually. The Board discusses the Company's most significant risks and uncertainties and reports on them to the market annually in the Board of Directors' report. In addition, the Company describes significant short-term risks and uncertainties in its half-year reports and business reviews.
The software business is responsible for the risks related to its operations, as well as their identification, assessment and mitigation. The Company's internal audit is responsible for preparing a risk-based audit plan and for carrying out audit procedures in accordance with the plan. Internal audit reports as an independent function directly to the Board.
Internal Control add
Internal control ensures that the Company's business objectives can be achieved. Effective control can prevent or detect deviations from targets at the earliest possible stage, allowing for corrective measures to be implemented.
The purpose of internal control is to ensure the profitability, efficiency, continuity, and undisturbed nature of operations, as well as the reliability and regulatory compliance of the Group's external and internal financial and operational reporting, and adherence to internal principles, practices, and guidelines. In addition, internal control ensures compliance with laws and regulations. Internal control measures cover all levels and functions of the Group. Information systems are crucial for effective internal control.
The planning of control measures begins with defining business objectives and identifying and assessing risks that threaten these objectives. Control measures are targeted based on risks, and are appropriately selected to manage these risks.
The Board and the CEO are responsible for arranging internal control. The CEO creates the foundation for the internal control environment ("tone at the top") by leading and guiding the Management Team and by reviewing its approach to leading and supervising the business. The CEO is responsible for managing the business and administration in accordance with applicable laws and regulations, and the instructions of the Board. The CEO is responsible for creating adequate internal control processes within the organisation. The CFO and operational management assist the CEO in these tasks.
In practice, the Company's internal control over financial reporting consists of the following interrelated components: risk identification and assessment, processes and support systems, internal control points, and internal control monitoring and reporting. The business area and the Group's financial administration organisation are responsible for financial reporting processes. The Board assesses the financial reporting processes and monitors the Group’s financial position. The Board reviews business reviews, half-yearly reports and financial statements before approving and publishing them.
Internal Auditing add
The Board decides on the operating model and the charter of the Company's internal audit. The Head of Internal Audit (or the highest-level internal auditor operating under a different title) reports functionally to the Board and administratively (i.e. for day-to-day operations) to the CFO.
Easor's internal audit duties include, among other things, examining and assessing the adequacy and effectiveness of the Company's governance, risk management, and internal controls, as well as the quality of performance of tasks assigned to achieve the Company's objectives. The Board of Directors decides on Easor's internal audit operating model and internal audit charter. Easor does not establish its own internal audit function; instead, internal auditing is carried out as an outsourced service by a service provider specializing in internal auditing, as needed. The Board of Directors selects the outsourcing partner and approves their audit plan annually.
