Internal audit
In Kesko, Group Internal Audit is an independent review function set up within the organization as a service to the Board and, in particular, the Audit Committee. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The Chief Audit and Risk Officer will report functionally to the Chair of the Audit Committee and administratively, on a day-to-day basis, to Kesko's President and CEO on Internal Audit and Group CFO on Risk Management.
Internal audit plan
At least annually, the Chief Audit and Risk Officer will submit to senior management and the Board’s Audit Committee an internal audit plan for review and approval. The Chief Audit and Risk Officer will communicate the impact of resource limitations and significant interim changes to senior management and the Board’s Audit Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input from senior management and the Board’s Audit Committee. The Chief Audit and Risk Officer will review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems and controls. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Board’s Audit Committee through periodic activity reports.
Focus areas for internal audit in 2023
The main focus areas for internal audit in 2023 will be data and cyber security, IT supply chain, inventory and credit management, indirect purchasing, customer and vendor bonuses, and BSC and Treasury operations.
