Internal control is under the Board of Director's responsibility. Internal control's function is, among other things, to ensure the efﬁciency and proﬁtability of operations, the reliability of information, and adhering to rules and regulations. Internal control is a part of day-to-day management and company administration.
An essential part of internal control is the Internal Audit. The arranging of Internal Audit is the responsibility of the Board of Directors and internal audit services are purchased from an outside service provider. Internal Audit reports its observations to the Board of Directors. The Internal Audit supports the Company's management in directing operations by inspecting and evaluating the efﬁciency of business operations, risk management and internal control, and by producing information and recommendations to enhance efﬁciency. The Internal Audit also inspects the processes of business operations and ﬁnancial reporting. The operations of the Internal Audit are guided by being risk-focused and emphasizing the development of business operations.
The Board of Directors has approved the company's risk management principles. The goal of risk management is to secure the Company's earnings development and to ensure that the company operates without any disturbances by controlling risks in a cost efficient and systematic.
The company management team regularly evaluates risk factors to which business operations are exposed and the sufficiency of risk management actions as a part of the strategy process. Risk management is supported by internal control systems and guidelines. Risk management guidelines have been drawn up separately for the following areas, among others: IT and information security, finance operations, environmental issues, malpractice, security and insurance.
Verkkokauppa.com's business is exposed to various risks that may have an adverse effect on the company's operations. The management team is responsible for making financial and strategic plans; analyzing business risks and evaluating actions is a part of strategy planning. Business risks are also analyzed outside the strategic process, especially in connection with significant projects and investments, and are reported to the Board of Directors as needed.
The company has a risk management steering group, whose task it is to support business operations in recognizing and managing such risks that may endanger or prevent Verkkokauppa.com from achieving its strategic goals.
Main features of the internal control and risk management systems pertaining to the ﬁnancial reporting process
The company's Board of Directors is responsible for the implementation of internal control in regard to ﬁnancial reporting. The Chief Financial Officer and the finance department are responsible for the financial reporting. The reporting is based on information from commercial and administrative processes and data produced by the ﬁnancial management systems. The company's finance department determines the control measures applied to the ﬁnancial reporting process. These control measures include various guidelines, process descriptions, reconciliations, and analyses used for ensuring the validity of the information used in the reporting and the validity of the reporting itself.
The ﬁnancial reporting results are monitored and any anomalies in relation to forecasts or in comparison with the previous year's ﬁgures are analyzed on a regular basis. Such analyses are used to detect any reporting errors and to produce materially accurate information on the company's ﬁnances.
The company's finance department is responsible for the effectiveness of internal control. The finance department is responsible for assessments of the reporting processes. The risk management process includes assessment of the risks pertaining to financial reporting and the related management measures are determined as a part of the risk management process.