Internal auditing

The internal audit is responsible for the independent evaluation and assurance function required of a listed company, which systematically examines and verifies the efficiency of risk management, control, management and governance.

The Audit Committee of Kojamo’s Board of Directors has confirmed the operating instructions for the internal audit function. Kojamo’s internal auditing was outsourced to the audit firm PricewaterhouseCoopers Oy in 2019 by a decision of the Board of Directors. Kojamo has designated the CFO and Group Controller to be in charge of coordinating the practical activities. Internal auditing operates under the authority of the CEO and the Audit Committee and reports its observations and recommendations to the Audit Committee, the CEO, the Management Team and the auditor.

The auditing function covers all companies and functions in the Kojamo Group. The auditing operations are based on risk analyses and conversations with the Group management related to risk management and control. Regular meetings with the auditor are set up in order to guarantee sufficient audit coverage and to avoid overlapping operations. Internal auditing annually draws up an auditing plan that is approved by the CEO and the Audit Committee. The auditing plan is modified based on risks, if necessary.

In 2021, the main focus areas of internal auditing operations were related to the ICT architecture, procurements, sales, data protection and unit audits. In 2022, the main focus areas of internal auditing operations
will be related to sustainability, the current state of data security, data protection and unit audits.

Internal control

Internal control seeks to ensure that Kojamo’s operations comply with current legislation and regulations and the company’s operating principles, and that the company’s financial and business reporting is reliable. Internal control also seeks to safeguard Kojamo’s assets and ensure that its operations are efficient and reliable, thereby enabling its strategic goals to be achieved.

The internal control and risk management operating model for financial reporting is designed so as to gain sufficiently dependable information on the reliability of financial reporting and to ensure that the financial statements are drawn up according to current legislation and regulations.

Kojamo’s internal control system is based on the framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The organisation of internal control is the responsibility of the Board of Directors and the CEO. However, responsibility for carrying out internal control is shared by the entire organisation: each individual Group employee is responsible to his/her supervisor for internal control in his/her area of responsibility.

Read more about Kojamo plc’s internal control from the Corporate Governance Statement 2021.

Page updated 17 February 2022