Talvivaara - Internal control

Home Investors Corporate Governance Internal control

The main features of the internal control and risk management systems pertaining to the financial reporting process

Talvivaara's internal control and risk management practices relating to financial reporting seek to ensure the reliability and objectivity of financial reporting, compliance with applicable laws and regulations, and effectiveness and efficiency of operations.

The Company's internal control and risk management processes use the framework introduced by the Committee of Sponsoring Organizations (COSO) as the starting point. The framework comprises the key components of control environment, risk management, control activities, information and communication, and monitoring. Talvivaara aims to continuously improve its internal controls and risk management practices to eventually make them COSO compliant and to make these processes an increasingly integrated part of all day-to-day operations.

Control environment

Talvivaara's Board of Directors bears the overall responsibility for ensuring that an effective system of internal control and risk management is established. The Audit Committee periodically reviews the status of the relevant processes and reports of its findings to the Board. The Audit Committee also oversees that appropriate relations with the auditor are maintained. Operationally, the responsibility for maintaining and improving the internal control and risk management systems is delegated to the CEO and the Executive Committee.

Risk management

The objective of Talvivaara's risk management is to support the achievement of the Group's strategic and operational targets while protecting the Company against loss, uncertainty and lost opportunity. There is an ongoing process in place, supported where necessary by external advisors, for identifying, evaluating and managing the significant risks facing the Talvivaara Group. The Board of Directors is responsible for reviewing the effectiveness of the systems for the identification and management of risk. Such reviews are periodically undertaken with the assistance of the Audit Committee.

The Chief Executive Officer, the Executive Committee and the Company's other senior management are responsible for defining and implementing daily risk management procedures and ensuring that risks are taken into account in the Group's strategic planning. The Executive Committee coordinates risk management activities and risk reporting in the Group. Whilst risks are generally managed within the departments or functions where risks may occur, certain risk management functions, in particular the management of financial risks and administration of insurances, are centralised in order to realize economies of scale and to ensure appropriate group level control.

While Talvivaara has during the past year evolved from a project company into a producing entity, particular emphasis has recently been put on identifying and managing the changes in the Company's risk profile. Risks specific to Talvivaara, its business and the industry in which it operates are discussed in more detail in Talvivaara's Annual Report in section "Principal risks and uncertainties".

Control activities

Talvivaara's management is responsible for setting up and maintaining an adequate internal control structure and procedures for reliable financial reporting. The Chief Executive Officer, the Executive Committee and other members of the senior management of Talvivaara and its subsidiaries are responsible for ensuring, under the supervision of the Board of Directors of the Company, that the accounting and governance in their respective lines of duty comply with the applicable laws as well as with the guidance given by the Board of Directors.

In 2009 Talvivaara set out to further improve its internal controls to reflect the Company's growth and development into a revenue generating entity. The work on internal controls has focused on the following key processes: procurement, payments, sales, production, human resources and payrolls, financial reporting, and information technology. Of these, sales and production are relatively new processes to Talvivaara and therefore have required special attention. For all processes, the main targets have been to review and update the key controls, and to improve the documentation relating to the processes, controls and operating procedures. The foundation for the work on internal controls has been the identification of risks relating to the key processes and definition of the internal controls to minimize the identified risks.

Talvivaara views control activities an area of continuous improvement. In 2010, the Company intends to pay special attention to the effective implementation of the updated controls and on further documentation of the underlying operating procedures.

Information and communication

Talvivaara aims to keep its personnel as well as the Board of Directors informed of its internal controls and risk management policies in a transparent, accurate and timely manner in order to continuously build on a positive culture of control activities. The key information channels towards all of the employees include the Company intranet and a fortnightly personnel publication, Talvivaara News. Relevant personnel groups are also separately informed of and trained relating to internal controls and risk management procedures. Employee input is also actively sought when identifying the key risks and controls.

Internal controls are a recurring agenda item in Audit Committee meetings, where they are discussed with the Chief Financial Officer as well as the Company's auditors. The Audit Committee plays an important role in further communicating the status, targets and development of the Company's internal controls to the Board of Directors.

Monitoring

The effectiveness of the internal controls is overseen by the Board of Directors and operationally monitored by the management on various organisational levels. The Company's financial control function is responsible for periodically testing the controls and overseeing the commitments entered into in connection with the operations of the Talvivaara mine. In addition, based on recommendations by the Company's external auditors, a more thorough evaluation of one or more of the key control areas is conducted annually. In 2009, such evaluation was conducted relating to the information technology systems and processes, and the findings were communicated to the management and the Audit Committee. Improvements in controls based on the findings are being implemented in 2010.

Talvivaara does not have a separate internal audit function to evaluate and test the operating procedures and processes relating to internal controls. The establishment of an internal audit function, either internally or through outsourcing, is considered by the Audit Committee and the Board of Directors annually and is regularly discussed with the Company's external auditors. The stage of development of the Company has, in the Board of Directors' view, not yet warranted establishment of an internal audit function.