Internal control and risk management

The CEO is responsible for the company’s risk management and its organisation, allocating resources for the work and reviewing the risk management principles. Management of financial risks is coordinated by the company’s CFO. Risks and associated changes are reported to the Company’s Board of Directors as appropriate.

Internal control seeks to ensure the company’s compliance with applicable laws, regulations, Code of Conduct, and with other recommendations as well as the reliability of financial and operational reporting. Furthermore, internal control seeks to safeguard the assets of the company and to ensure overall effectiveness and efficiency of operations to meet strategic, operational, and financial targets. 

Internal control practices are aligned with the risk management process. The goal of risk management is to support strategy and achievement of targets by anticipating and reacting to potential business threats and opportunities.

Internal control is essential in ensuring the company’s operating capability, a critical component in risk management, and it enables creating and maintaining the company’s value. The purpose of internal control is to protect the company’s and its business units’ resources from misuse, ensure the appropriate authorisation of business transactions, support management of IT systems, and ensure the reliability of financial reporting. Internal control is a process which enables minimizing the probability of mistakes related to accounting.

The company does not have a separate internal audit function, and internal audit responsibilities have been divided inside the company among different bodies and functions. The Board of Directors may use external experts to conduct separate evaluations of the control environment or control functions. 

Lamor’s operating model of internal control and risk management related to financial reporting aims to provide sufficient assurance regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, accepted accounting principles (IFRS on Group level, local GAAP in respective countries), and other applicable requirements for listed companies. 

The principal components of internal control are control environment, risk assessment, control activities, communications, and monitoring.