Internal Control, Risk Management and Internal Audit

Internal control is a process, put into effect by Ramirent’s Board of Directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to strategy, operations, reporting and compliance.

Risk management is an integral part of internal control in Ramirent. The Board of Directors has approved the Internal Control Policy and the Risk Management Policy. The goal of risk management in Ramirent is to support the strategy and the achievement of the objectives by anticipating and managing potential threats to and opportunities for the business. The risk management process consists of risk identification, assessments, integration and responses and monitoring. The risk management process is continuous. Regular risk assessments are conducted and reported to the Board quarterly. The objectives of the internal control and risk management systems for financial reporting are to ensure that the financial reports disclosed by Ramirent gives essentially correct information about the company finances, are reliable and that Ramirent complies with the applicable laws, regulations, International Financial Reporting Standards (IFRS) as adopted by EU and other requirements for listed companies.

The overall system of internal control in Ramirent is based upon the framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO 2013) and comprises five principal components of internal control: the control environment, risk assessment, control activities, information and communication, and monitoring.

CONTROL ENVIRONMENT
Ramirent’s Board of Directors bears the overall responsibility for the internal control for financial reporting and sets the tone at the top. The Board has established a written formal working order that clarifies the Board’s responsibilities and regulates the Board’s and Working Committee’s internal distribution of work. The Working Committee’s primary task is to ensure that established principles for financial reporting, risk management and internal control are followed and that appropriate relations are maintained with Ramirent’s auditors. The responsibility for maintaining an effective control environment and the ongoing work on internal control as regards the financial reporting is delegated to the CEO.

Ramirent focuses on developing and enhancing internal control over the financial reporting by concentrating on the internal control environment and by monitoring the effectiveness of the internal control. All relevant issues are reported to the Working Committee and the CEO.

To enhance and improve the internal control system related to financial reporting Ramirent has centralized finance and accounting services from Sweden, Denmark, Norway, Finland and established a Shared Service Center located in Estonia, city of Tallinn.

Otherwise Ramirent’s operating model is decentralized with local decision-making and local accountability. The business model and customers are local and most of the business decisions are made in the operating countries. Accounting functions in the countries other than referred above (Sweden, Denmark, Norway, Finland) are still independent with reporting lines to the Group head office. Internal control at the country level is the responsibility of the Country or Segment EVP in accordance with the Group framework.

Common Group instructions are given by the head office in the areas of business development, treasury, credit risk management and collection, inventories and fleet management, intangible assets management, finance, accounting and control and financial reporting.

Ramirent’s financial reporting process is integrated and serves both external and internal reporting purposes. Ramirent prepares consolidated financial statements and interim reports in accordance with the IFRS. Financial statements include also other information that is required by the Securities Markets Act, as well as the appropriate Financial Supervision Authority’s standards and Nasdaq Helsinki Ltd’s rules. The Board of Director’s report of Ramirent and parent company financial statements are prepared in accordance with Finnish Accounting Act and the opinions and guidelines of the Finnish Accounting Board.

External financial reporting in Ramirent is based on Group Accounting and Reporting Procedures which set forth the basis for external financial reporting according to IFRS. Detailed reporting instructions and time schedules have been established and communicated to all persons involved with the financial reporting process in due time.

RISK ASSESSMENT
Ramirent’s risk assessment regarding financial reporting aims to identify and evaluate the most significant risks affecting the financial reporting at the Group, reporting segment and country levels. The assessment of risk includes for example risks related to fraud, risk of loss or misuse of assets. Based on the risk assessment results, control indicators are set to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on development of essential risk areas, indicators, planned and executed activities to mitigate risks are communicated regularly to the Board.

CONTROL ACTIVITIES
Ramirent has identified key processes end-to-end for the financial reporting purposes and internal controls have been designed based on the risk assessment. Key processes are order-to-cash, purchase-to-pay, rental asset management and record-to-report.

Common control points for the key processes for Ramirent business units are defined and set forth minimum requirements for each process. Examples of such internal control activities are authorizations and approvals, account reconciliations, physical counts of assets, analysis and segregation of key financial duties. Country Manager is responsible for arranging an adequate internal control within the
country.

Control activities include also business and financial results analysis on a monthly basis. These analyses are performed in country, segment and Group level by the management and the Board of Directors. Ramirent Board of Directors reviews interim and annual reports and approves reports before publication.

Internal audit assesses the efficiency and appropriateness of operations and examines the functioning of internal controls in Ramirent Group. Internal audit service is described in more detail in section below.

INFORMATION AND COMMUNICATION
To secure effective and efficient internal control environment, Ramirent’s internal and external communication is open, transparent, accurate and timely. Information regarding internal policies and procedures for financial reporting i.e. Accounting procedure, Reporting Procedure and Disclosure Policy, reporting timetables etc are available on Ramirent’s intranet. Ramirent arranges training for personnel regarding internal control tools. Internal audit reports the results of the work on internal audit as a standing item on the agenda of the Working Committee’s meetings. The Working Committee reports to the Board as needed.

Ramirent has established a procedure for anonymous reporting of violations related to fraud, misconduct or internal controls and auditing, as well as rules and regulations relating to financial markets.

MONITORING
Ramirent is constantly monitoring effectiveness of its internal controls. The audit function supports management by evaluating the operation of internal controls and by giving recommendations on development of internal controls. Internal audit compiles an annual audit plan, the status and findings of which it regularly reports to Ramirent management, external auditors and the Working Committee. Ramirent is also reviewing its rental fleet on a regular basis by separate Fleet audits and Fleet audits combined with internal audit visits.

Financial performance is monitored at all levels of the organization as a combination of variance analysis, benchmarking and management reviews. Ramirent is constantly developing harmonized reporting tools and processes to allow higher transparency and better comparability between business units.

COMPLIANCE WITH LAWS AND CODE OF CONDUCT
Ramirent is committed to comply with applicable laws and regulations as well as generally accepted practices of the business. Additionally, Ramirent’s operations are guided by Ramirent’s Code of Conduct and company values. Ramirent’s Code of Conduct is based on UN Declaration of Human Rights and ILO’s Declaration on Fundamental Principles and Rights at Work. Ramirent’s Code of Conduct and company values describe Ramirent’s corporate culture. Each and every Ramirent employee has to be familiar with the principles of the Ramirent’s Code of Conduct, company values, the legislation and operating guidelines of their own areas of responsibility. Management is responsible for the internal control of the operations. The operations are monitored by the Working Committee, which reports any misconduct to the Board.

INTERNAL AUDIT
Ramirent has had outsourced internal audit performed by an external service provider. In 2016 Ramirent has been working towards insourcing the internal audit activities.

The objective of the internal audit is to provide assurance and to support management in development of operational efficiency and effectiveness by evaluating and expressing opinion on the functioning of the internal controls. The scope and program of the internal audit function is reviewed related to the changes in the strategic objectives of Ramirent Group, changes in assessed risks and findings from previous audits.

Internal audit seeks to ensure the reliability of financial and operational reporting, compliance with applicable laws and regulations, and proper management of the company’s assets.

Internal audit is independent from the operational management. Internal audit reports directly to the Working Committee and audit program and annual audit plans are approved by the Working Committee. Audit programs are based on risk assessment and findings from previous internal and external audits.


Share this page