Kesko Group's internal audit unit is responsible for the independent evaluation and assurance function required of a listed company, which systematically examines and verifies the efficiency of risk management, control, management and governance. The Audit Committee of Kesko's Board has confirmed the operating instructions for Kesko's internal audit.
The internal audit function is organised under Kesko's President and CEO and the Audit Committee, and it reports on its findings and recommendations to the Audit Committee, the President and CEO, the management of the audited operation, and the Auditor. The function covers all of Kesko's divisions, companies and functions. Auditing is based on risk analyses, as well as risk management and control discussions conducted with the Group's and divisions' managements. Meetings with the Auditor are arranged on a regular basis in order to ensure sufficient audit coverage and eliminate overlapping operations.
An internal audit plan, subject to approval by the President and CEO and the Audit Committee, is prepared annually. When necessary, the audit plan is modified on a risk basis. As necessary, the internal audit function purchases external services for added resources or for the purpose of conducting audit operations that require special expertise. Audits can also make use of the expertise and work contribution of Kesko Group's other specialists.
Internal audit operations in 2015
The key target of internal audit in 2015 was Kesko's business operations in Russia and related risks. Other focus areas included Kesko’s electrnoc services, data security and data protection and related risks. Compliance with Kesko's accounting policies and reporting guidelines was verified and assessed in various audits, with an emphasis on the accuracy of inventory values.
Focus areas of internal audit in 2016
The key focus areas of internal audit operations in 2016 will be the implementation of Kesko’s strategies, the acquisitions in progress, quality programmes, business operations in Russia and related risks, the efficiency of data security and data protection issues.