Internal control, risk management and internal audit

Internal control and risk management

Tieto’s internal control framework supports the execution of the strategy and ensures regulatory compliance. The foundation for internal control is set by the risk management framework, financial control, internal audit and the supporting policies.

The aim of Tieto’s internal control framework is to assure that operations are effective and efficiently aligned with the strategic goals. The internal control framework is to ensure reliable, complete and timely financial reporting and management information. The framework endorses ethical values, good corporate governance and risk management practices.

The activities related to internal control and risk management are part of Tieto’s management practices and integrated into the business and planning processes.

Risk Management Framework

Tieto uses systematic risk management as a means of developing efficiency and control of business operations, their profitability and continuity. The role of risk management organization is to develop and maintain the company’s risk management framework, including also risk reporting, risk management governance and follow-up of risk exposures consisting of strategic, financial, operational, and compliance risks.

The risk management framework consists of risk management organization, related policies, operating principles, and tools. The owner of each process is responsible for the continuous development of the established procedures, including controls and risk management. The Chief Risk Officer (CRO) has the responsibility to arrange and lead Tieto’s risk management. The Internal Audit (IA) assures the efficiency of the framework and risk management in business operations. The ARC monitors the adequacy of the company’s risk management, financial control, and internal audit functions.

Continuous development of risk framework

The adaptation of the risk management framework continued successfully during 2015, main achievements were connected to improved automation, which resulted in reduced administration effort, better utilization of framework in daily operative work and enhanced reporting.

The refined process and tools have also contributed to a more matured risk management culture.

The development of the risk management framework is carried out in close co-operation with the units in Tieto and approved by Tieto LT and validated by the ARC.

Financial control

The purpose of internal control over financial reporting is to ensure the correctness of financial reporting, including interim and annual reports, and the compliance of financial reporting with regulatory requirements.

The ARC has the oversight role in Tieto’s external financial reporting.

Financial reporting process and responsibilities

Tieto has a common accounting and reporting platform. Group consolidation and reporting are based on the reporting system, which facilitates common control requirements for all legal entities reporting to the Group. Financial reporting consists of monthly performance reports, including all the key performance indicators, rolling forecasts and interim financial reports.

Monitoring activities of financial reporting

Financial reports are regularly reviewed by Finance Partners in the units, the Leadership Teams and the Board of Directors. The follow-up is based on a thorough comparison of the actual figures with the set objectives, forecasts and previous periods. If the figures deviate, the Leadership Team members are responsible for initiating corrective actions.

Internal audit

Tieto’s Internal Audit function carries out both business and control related audit activities.

Business audit activities aim to ensure the efficiency and appropriateness of Tieto’s operations. Control related audit activities are intended to assess and assure the adequacy and effectiveness of internal controls and risk management framework within Tieto. Internal audits are planned and carried out independently but in coordination with other control functions and the external auditors. Internal Audit reports to the Chief Financial Officer (CFO), the President and CEO and the ARC. The annual audit plan and the annual internal audit report are approved by the ARC.