In Kesko, Group Internal Audit is an independent review function set up within the organization as a service to the Board and, in particular, the Audit Committee. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The Chief Audit and Risk Officer will report functionally to the Chair of the Audit Committee and administratively, on a day-to-day basis, to Kesko's President and CEO on Internal Audit and Group CFO on Risk Management.
Internal audit plan
At least annually, the Chief Audit and Risk Officer will submit to senior management and the Board’s Audit Committee an internal audit plan for review and approval. The Chief Audit and Risk Officer will communicate the impact of resource limitations and significant interim changes to senior management and the Board’s Audit Committee.
The internal audit plan will be developed based on a prioritization of the audit universe using a risk-based methodology, including input from senior management and the Board’s Audit Committee. The Chief Audit and Risk Officer will review and adjust the plan, as necessary, in response to changes in the organization's business, risks, operations, programs, systems and controls. Any significant deviation from the approved internal audit plan will be communicated to senior management and the Board’s Audit Committee through periodic activity reports.
Internal audit focus areas in 2022
In 2022, focus areas for internal audit will include cyber security, IT and business projects, sustainability, process controls and process efficiency, business continuity, and IT service provider audits.