Search

Description of the main features of internal control and risk management systems related to the Group’s financial reporting process

Group’s financial reporting and its internal control

Kesko’s management model

Kesko’s financial reporting and planning are based on Kesko Group’s management model. The Group units’ financial results are reported and analysed within the Group on a monthly basis, and disclosed in interim reports published quarterly. Financial forecasts are prepared for quarterly periods, in addition to which significant changes are taken into account in the monthly performance forecasts. The Group’s and its units’ strategies and related long-term financial plans are updated annually.

Kesko Group’s management model

Roles and responsibilities

Kesko Group’s financial reporting and its supervision is organised in three levels. The subsidiaries analyse and report their figures to the respective divisions, which then report the division-specific figures to Group Accounting. Analyses and controls for ensuring the accuracy of reporting are used at each reporting level.

The accuracy of reporting is ensured with automated and manual controls at every reporting level. The implementation of the analyses and controls is supervised on a monthly basis at the company, division and Group level.

Planning and performance reporting

The Group’s financial performance and the achievement of financial objectives are monitored through Group-wide financial reporting. Monthly performance reporting includes Group, division and subsidiary specific results, changes compared to the previous year, comparison with forecasts, and forecasts for the next 12 months. The Group’s short-term financial planning is based on forecasts drawn up by the quarter, extending over the following 12 to 15 months. The key financial indicator for growth is sales performance, while those for profitability are operating profit excluding non-recurring items and return on capital employed excluding non-recurring items, monitored monthly in internal reporting. Information on the Group’s financial situation is provided in interim reports and the financial statements release. The Group’s sales figures are published in a stock exchange release each month.

Financial planning

Financial planning is carried out at the subsidiary, division and Group level in the form of annual budgeting and a rolling forecast. The forecasts are updated quarterly, and any significant changes are taken into account in the performance forecasts reported monthly.

Performance reporting to the Group’s top management

Performance reporting to the Group’s top management comprises monthly reports on the subsidiaries’, divisions’ and the Group's income statements and balance sheet information. Each subsidiary is primarily responsible for the financial reporting and the accuracy of its figures. The controlling function of each division analyses the whole division’s figures for which the division's financial management is responsible. The Group is responsible for the whole Group’s figures. The key items in the income statement and the balance sheet are analysed monthly at the company, division and Group level, based on documented division of duties and predefined reports. This makes real-time information on the financial situation constantly available and enables real-time responses to possible flaws. Performance reporting to the top management also includes Group level monitoring of sales on a weekly, monthly and quarterly basis.

Public performance reporting

Public performance reporting comprises interim reports, the financial statements release, annual financial statements and monthly sales reports. The same principles and control methods are applied to both public performance reporting and monthly performance reporting. The Audit Committee reviews the interim report and the financial statements and gives a recommendation on their handling to the Board of Directors. The Board approves the interim report and the financial statements before they are published.

Key actions in 2015

Kesko Group completed the project for harmonising the financial management information system, which serves both the Group companies and the K-Group retailers. In Finland and in Russia, the centralisation of the Group companies’ financial management routines in the Shared Services Centre continued. The Group’s common financial management information system was introduced in the Norwegian building and home improvement trade company, and improving the efficiency of financial management routines and converting them to electronic format was continued in cooperation with the Group companies.

Kesko Group started planning and implementing the simplification of the Group’s legal structure.

Key actions in 2016

In 2016, the simplification of the Group’s legal structure will continue, and the focus will be on the integration of the business operations being acquired. In addition, improving the efficiency of the Group companies’ financial management and their conversion to electronic format will be continued in both Finland and Russia.

 

#
Accounting policies and financial management IT systems

Kesko Group has adopted the International Financial Reporting Standards (IFRS) endorsed by the European Union. The accounting policies applied by the Group are included in the accounting manual, updated as the standards are amended. The manual contains guidelines for separate companies, the parent company, and guidelines for the preparation of the consolidated financial statements.

Kesko Group’s financial management information is generated by division-specific enterprise resource planning systems, via a centralised and controlled, shared interface, into the Group’s centralised consolidation system, to produce the Group’s key financial reports. The key systems used in the production of financial information have been certified and secured by back-up systems, and they are controlled and checked regularly to ensure reliability and continuity.

Risk management

Kesko’s risk management is proactive and an integral part of its management and day-to-day activities. The goal of risk management is to ensure the delivery of customer promises, profit performance, dividend paying capacity, shareholder value, the implementation of responsible operating practices and the continuity of business operations in Kesko Group.

The risk management policy confirmed by Kesko’s Board of Directors guides risk management in Kesko Group. The policy defines the goals, principles, organisation and responsibilities of risk management at Kesko Group, as well as its operating practices. In the management of financial risks, the Group's finance policy, confirmed by Kesko's Board of Directors, is observed.

The business division and Group managements are responsible for the implementation of risk management. Each division has appointed a management board member, usually the finance director, to be responsible for coordinating risk management and providing guidelines within the division and for reporting on risk management responses. Kesko’s Internal Audit annually evaluates the efficiency of Kesko’s risk management system.

Kesko Group applies a business-oriented and comprehensive approach to risk assessment and risk management. This means that key risks are systematically identified, assessed, managed, monitored and reported as part of business operations at the Group, division, company and unit level in all operating countries.

Kesko has a uniform risk assessment and reporting model. Risk identification is based on business objectives and opportunities and the defined risk appetite. Risks are prioritised on the basis of their significance by assessing their impacts in euros and the probability of their realisation. When assessing the impact of realisation, the impacts on reputation, the wellbeing of people and the environment are assessed in addition to the impacts in euros.

In connection with the strategy process, the divisions assess the risks and opportunities concerning each strategy period. Near-future risks are identified and assessed in accordance with the rolling planning framework. Risk assessment also covers the risks concerning the divisions’ subsidiaries and those related to significant projects.

A division's risk assessment, which includes a risk map, risk management responses, responsible persons and schedules, is reviewed regularly by the division’s management board. The common functions also assess the risks concerning their respective areas of responsibility.

Risks and management responses are reported in accordance with Kesko’s reporting responsibilities. The divisions report on risks and changes in risks to the Group’s risk management function on a quarterly basis. Risks are discussed by the risk reporting team, which includes representatives of the divisions and the common functions. On that basis, the Group’s risk management function prepares the Group’s risk map, which presents the most significant risks and uncertainties and their management.

The Group's risk map, the most significant risks and uncertainties, as well as material changes in and responses to them are reported to the Kesko Board's Audit Committee in connection with reviewing the interim reports and the financial statements. The Audit Committee also evaluates the efficiency of Kesko’s risk management system. The Audit Committee Chair reports on risk management to the Board as part of the Audit Committee report.

Kesko's Board discusses Kesko Group’s most significant risks and uncertainties. The Board reports on the most significant risks and uncertainties to the market in the financial statements and on material changes in them in interim reports.

Risk management responses in 2015

In Kesko's risk management process, the evaluation of the impacts in euros of the materialisation of risks was developed. Kesko participated in an international peer review on the level of risk management. The risk management, legal affairs and internal audit functions continued organising Value Discussions about Kesko’s responsible operating practices. During the year, the adoption of online training tools on safety was continued and the purchasing of security services across division boundaries was enhanced. User right management was enhanced and data security was improved in Kesko's various SAP environments. A positive trend continued in terms of damages and there were no major single damages.

Focus areas of risk management in 2016

The risk management function will continue working in close cooperation with division parent companies and the common functions in order to ensure the adoption of responsible operating practices, to prevent malpractice, and to develop risk management related to personal safety, business continuity, data security and data protection. One of the most important focus areas is the risk management related to the ongoing acquisitions. Security operations will focus on expanding the use of electronic tools and e-learning programmes. The data security of SAP and other systems will be developed. Jointly with the divisions, the risk management function will organise crisis exercises and training sessions on security. The aim is to expand Group-level insurance programmes further.

In addition, the response programme for 2016 is aimed at achieving cost efficiency in risk management responses through, for example, centralised purchasing of services and security technology.

Internal control

Internal control is an integral part of management and of ensuring the achievement of business objectives. Through efficient internal control, deviations from objectives can be prevented or detected as early as possible, so that corrective measures can be taken. The tools of internal control include policies and principles, work instructions, manual controls and automatic controls built into information systems, follow-up reports, inspections and audits, among other things.

The objective of internal control in Kesko Group is to ensure the profitability, efficiency, continuity and freedom from disruptions of operations, the reliability of financial and operational reporting both externally and internally, compliance with laws and agreements and Kesko’s values and operating principles, as well as safeguarding assets, expertise and information.

Roles and responsibilities in Kesko Group’s internal control

#

The planning of control measures begins with defining the business objectives and identifying and assessing risks that threaten the objectives. The definition of objectives and the assessment of risks should take account of not only operational objectives, but also the requirements for compliance of operations with laws, and for the accuracy of the information used in decision-making and reporting. Control measures are targeted based on risks, and control measures are selected as appropriate so as to keep the risks under control.

The Board of Directors and the President and CEO are responsible for the organisation of internal control. The management of each division, company and unit is responsible for taking care that efficient and effective control procedures are in place. The divisions annually prepare control plans that contain, among other things, the focus areas and development targets of control. Every Kesko employee is obliged to comply with the responsible working principles and report on any grievances to their supervisor.

Kesko's common functions guide and support the divisions and subsidiaries with policies, principles and guidelines pertaining to their respective responsibility areas. Kesko Group's internal audit function assesses and verifies the effectiveness and efficiency of Kesko's internal control, reports on it to the President and CEO and the Audit Committee of Kesko Corporations’ Board of Directors and assists management and the Kesko companies in the development of the internal control system. The Audit Committee of Kesko’s Board of Directors has confirmed the principles of Kesko’s internal control, which are based on good control principles widely accepted internationally (COSO 2013).

Internal audit

Kesko's internal audit function is responsible for the Group's independent evaluation and assurance function required of a listed company, which systematically examines and verifies the efficiency of risk management, control, management and governance. The Audit Committee of Kesko's Board of Directors has confirmed Kesko's internal audit function's operating instructions.

The internal audit function is organised under Kesko's President and CEO and the Audit Committee, and it reports on its findings and recommendations to the Audit Committee, the President and CEO, the management of the audited operation, and the Auditor. The function covers all of Kesko's divisions, companies and functions. Auditing is based on risk analyses, as well as risk management and control discussions conducted with the Group's and divisions' managements. Meetings with the Auditor are arranged on a regular basis in order to ensure sufficient audit coverage and eliminate overlapping operations.

An internal audit plan, subject to approval by the President and CEO and the Audit Committee, is prepared annually. The audit plan is modified on a risk basis, if necessary. As necessary, the internal audit function purchases external services for added resources or for the purpose of conducting audit operations which require special expertise. Audits can also make use of the expertise and work contribution of Kesko Group's other specialists.

Internal audit operations in 2015

The key targets of the internal audit operations in 2015 were Kesko's business activities in Russia and related risks. Other focus areas included Kesko’s digital services, data security, data protection and related risks. Compliance with Kesko's accounting policies and reporting guidelines was verified and assessed in various audits, with an emphasis on the accuracy of inventory values.

Focus areas of internal audit in 2016

The key focus areas of internal audit operations in 2016 will be the implementation of Kesko’s strategies, the ongoing acquisitions, quality programmes, business operations in Russia and related risks, the efficiency of data security and data protection issues.