Risk management, Control environment and Internal control and Internal audit

Risk management is part of the company’s monitoring system and it aims to ensure that the risks to which the company’s business is exposed are identified, evaluated and monitored. It aims to help forecast the threats and opportunities for business operations and ensure the continuity of business. The objective of internal control and risk management related to Componenta’s financial reporting is to ensure that the reporting is reliable and that all applicable laws and regulations have been complied with.

Componenta compiles its financial reporting in accordance with the International Financial Reporting Standards (IFRS), the Finnish Securities Markets Act, the Finnish Accounting Act and the guidelines and statements of the Finnish Accounting Board, while also complying with the regulations and guidelines of the Finnish Financial Supervisory Authority and the Code of Nasdaq Helsinki Ltd.

Risk management

The Board of Directors confirms the principles for risk management and those responsible for this. The Board of Directors monitors the effectiveness of risk management systems. The President and CEO supervises the implementation of the risk management program to ensure that it focuses on matters that are essential for local and operational activities. The Corporate Executive Team participates in identifying and evaluating risks, allocating responsibilities and monitoring the risks.

The CFO is responsible for development of Componenta’s risk management.

Then management of business operations is responsible for identifying and managing risks in their own business areas as part of their operational activities.

All employees are responsible for identifying and evaluating the risks that are related to their work or that are otherwise under their control and for reporting on them to their supervisors. The financial risks related to the Componenta Group’s business operations are managed in accordance with the Treasury Policy approved by the Board of Directors. The Group’s treasury department manages financial risks and ensures, for their own part, the availability of equity and debt finance to the Group on competitive terms. The Group’s treasury department is also responsible for managing financial assets and hedging them as needed.

The Corporate Executive Team conducts the Enterprise Risk Management (ERM) process annually and monitors the major risks to operations regularly. The main risks are identified and evaluated in the ERM process and corrective action is decided on.

Componenta’s most significant business environment risks, operational risks and financial risks are presented on the Group’s website at Description of risks.

Control environment

The purpose of Componenta’s internal control is to ensure that the Group operates in line with its strategy profitably and effectively, that risk management is arranged appropriately and adequately and that the financial and operational reporting is reliable. Control is based on Componenta’s values, operating principles, policies and guidelines. Internal control is part of management, governance and daily operations.

Financial reporting and the monitoring of its accuracy are based on annually prepared and adopted budgets and monthly forecasts, and on performance reporting, through which the actual outcomes are compared with the budget and forecasts. The Group’s financial organisation and the management of its units are responsible for the financial reporting process and the related consistent and regularly updated guidelines.

Open and adequate communications ensure an effective and functional control environment. Information about reporting tools and the financial reporting guidelines and principles have been reviewed with all those involved in financial reporting in accordance with their responsibilities. The financial reporting guidelines and principles are available from the Group’s financial organisation and the Group’s intranet to the extent that the guidelines concern the Group’s other functions. New reporting requirements and similar information are provided regularly within the financial organisation in accordance with each employee’s responsibilities. The Group’s CFO reports to the Board of Directors regularly on matters pertaining to internal control.

The Board of Directors supervises the Group’s financial reporting process and monitors the effectiveness of internal control, internal audit and risk management systems.

Internal monitoring

The profitability and efficiency of Componenta’s operations and the achievement of financial objectives are monitored regularly by means of Groupwide financial reporting. The effectiveness of measures in internal control related to financial reporting is monitored by the Board of Directors, the President and CEO, the Corporate Executive Team and operative management teams.

The consistent Group-wide practices also cover reporting. Guidelines related to reporting are communicated regularly to those involved in the reporting process in accordance with their responsibilities. The Group Controller monitors the implementation of measures based on the Group-wide reporting process guidelines, together with the CFO.

The unit controllers are responsible for the financial reporting of operational business units in cooperation with the management of each unit. The management team for each business unit and business area analyses its own financial reports, including volumes,

profits, costs, profitability and working capital, every month before the reporting meeting of the Corporate Executive Team.

The Board of Directors is responsible for the final evaluation of the Group’s result.

Internal audit

The Componenta Group’s internal audit is conducted in accordance with the operating principles approved by the Board of Directors. These principles are based on the Group’s internal reporting and the annual audit plan approved by the Board.

The Componenta Group’s financial management is responsible for strengthening the internal control environments of the Group’s various functions within the framework of the annual plan. Componenta uses external experts in internal auditing when needed. Currently, however, the development of the internal control environment is seen as a more effective way to strengthen internal control. In accordance with Recommendation 26 of the 2020 Corporate Governance Code, “it is not always expedient for the company to organise internal audit as a separate function”. Componenta has opted for this approach after assessing the scope of its business operations and the fact that their locations are concentrated in Finland.

Financial reporting that covers the whole Group regularly monitors how well financial targets are being met. The reports include information about the actual outcomes, as well as budgets and up-to-date forecasts, for the current year.