Internal control over financial reporting

Objectives 

The objective of internal control over financial reporting at Neste is to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statement in accordance with applicable laws and regulations and internal requirements of control activities.The system of internal control related to financial reporting in the Neste Corporation is based on the framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Control environment

Under the Finnish Companies Act, the Board of Directors is responsible for ensuring that there is adequate control over the Company’s accounts and finances. Responsibility for arranging this control is delegated to the President & CEO, who is required to ensure that the Company’s accounts are in compliance with the law and that its financial management have been arranged in a reliable manner.

The Internal control in Neste is based on the Corporate structure whereby the operations are organized into business areas and services functions. The heads of business areas and finance function are responsible for establishing and maintaining appropriate, up-to-date, effective and adequate internal control over financial reporting. To ensure sufficient control in business areas, the Neste controllers network has a key role in developing internal control system and reporting practices. In some key areas Corporate Finance department has centralized control responsibility. Neste's values and management system containing formal Code of Conduct are the foundation of the control environment. The President & CEO and corporate management are responsible for emphasizing the importance of ethical principles and correct financial reporting. The structure of the organization and the resources allocated within it are designed to provide effective control over financial reporting and segregation of duties.

Risk assessment

As a prerequisite for risk assessment, the organization’s objectives need to be established. With respect to financial reporting, the general objective is to have reliable reporting and ensure that transactions are recorded and reported completely and correctly. The assessment of risk includes risks related to fraud. 

Based on risk assessment, the requirement for internal control has been included in the Principle and Instruction for Control over Financial Reporting-documentation which are to be obeyed in Neste Corporation.

Control activities

Neste control activities include instructions, guidelines and procedures to ensure that the actions identified by management to address the relevant risks are carried out effectively. The Controller’s manual is the most important guideline related to financial reporting systems and practices. Neste's entity-level and process-level control activities with respect to reliable financial reporting are described in the Principle and Instruction for Control over Financial Reporting- documentation. These establish the minimum control requirements covering also control activities related to transactions in relevant processes as well as controls carried out as part of the monthly reporting process. The other key risk and process level policies and guidelines are documented in Neste's management system.

Communications

The Neste Corporate level communication practices support completeness and correctness of financial reporting. Neste personnel have access to adequate information and communication regarding accounting and reporting principles and guidelines. The main means of communicating the relevant matters for appropriate financial reporting are the Controllers' Manual and financial portal for controllers at common function and business areas. These contain instructions covering accounting principles, forecasting and reporting. 

Neste's business areas make regular financial and management reports to the management review, including analysis and comments of financial performance. The Neste Executive Board receives financial reports monthly. Interim Reports are reviewed in Audit Committee meetings, and thereafter by Board of Directors. 

Monitoring

The effectiveness of the controls is regularly monitored as part of management, as a control that was initially effective can become ineffective due to changes in the operating environment. Changes can also take place in the controls due to changed processes, IT systems or personnel.

The Board of Directors and the Audit Committee regularly review the financial performance including reviewing whether there is an adequate level of process to evaluate the risks and effectiveness of controls related to financial reporting process in all level of the organization. The Audit Committee oversees the Company’s finances, financial reporting, risk management, and internal auditing as part of the Company's corporate governance. Internal control deficiencies are communicated in a timely manner to those parties responsible for taking corrective action, and to management and the Board as appropriate.

Corporate Internal Audit assesses annually the operational model and practices of internal control over financial reporting of Neste as part of business and process level audits.