Internal auditing seeks to ensure that VVO's operations comply with current legislation and regulations and the company's operating principles, and that the company's financial and business reporting is reliable. Internal auditing also seeks to safeguard VVO's assets and ensure that its operations are efficient and reliable, thereby enabling its strategic goals to be achieved.
The internal auditing and risk management operating model for financial reporting is designed so as to gain sufficiently dependable information on the reliability of financial reporting and to ensure that the financial statements are drawn up according to current legislation and regulations.
VVO’s internal auditing system is based on the framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Organisation of internal auditing is the responsibility of the Board of Directors and the CEO. However, responsibility for carrying out internal auditing is shared by the entire organisation: each individual VVO employee is responsible to his/her supervisor for internal auditing in his/her area of responsibility.
Principal responsibility for the internal auditing of financial reporting rests with the Board of Directors. The working order of the Board of Directors outlines the responsibilities of the Board and the division of duties within the Board and among its committees. The principal task of the Audit Committee appointed by the Board of Directors is to ensure that the principles outlined for financial reporting, risk management and internal auditing are complied with and that appropriate contact is kept with the company’s auditors. It is the duty of the CEO to maintain an organisational structure in which responsibility, authority and reporting relationships are clearly and comprehensively defined in writing, and to ensure that the internal auditing environment is adequately resourced.
Financial reporting is governed by VVO's operating principles, HR policy, treasury policy, information security policy, accounting principles, and reporting instructions.
VVO's risk management is based on the company's risk management and treasury policy, corporate governance and ethical guidelines, and the risk assessments carried out in connection with the annual strategic planning process. Risk management forms part of the company’s internal auditing, its purpose being to ensure that the company achieves its business objectives. Responsibility for arranging risk management rests with the Board of Directors. Risk management is based on the risk assessments carried out in connection with the strategy and annual planning processes, which involve identifying the most notable risks, evaluating their likelihood and potential impacts, and defining means to manage them. Any significant changes in risks in business operations and the business environment are evaluated regularly and reported to the Board of Directors as part of quarterly interim reporting. The Group's legal counsel is responsible for the risk management process.
VVO's financial and operational reporting process complies with the Group's operating instructions and current process descriptions. VVO's financial management is responsible for the content of the reporting process and for compliance with instructions. The quality of reporting is ensured through process control measures. These include the reconciliation of accounts, system-generated controls, and inspections and other measures undertaken by management or others. Control functions have designated managers who are responsible for their sufficiency and the efficacy of their execution.
Auditing of the reporting and budgeting processes is based on the standardised VVO reporting principles drawn up and maintained by VVO's financial management.