Home Investors Corporate Governance Internal control

Internal Control

The main features of the internal control and risk management systems pertaining to the financial reporting process

Talvivaara's internal control and risk management practices relating to financial reporting seek to ensure the reliability and objectivity of financial reporting, compliance with applicable laws and regulations, and effectiveness and efficiency of operations.

The Company's internal control and risk management processes use the framework introduced by the Committee of Sponsoring Organizations (COSO) as the starting point. The framework comprises the key components of control environment, risk management, control activities, information and communication, and monitoring. Talvivaara aims to continuously improve its internal controls and risk management practices to eventually make them COSO compliant and to make these processes an increasingly integrated part of all day-to-day operations.

Control environment

Talvivaara's Board of Directors bears the overall responsibility for ensuring that an effective system of internal control and risk management is established. The Audit Committee periodically reviews the status of the relevant processes and reports of its findings to the Board. The Audit Committee also oversees that appropriate relations with the auditor are maintained. Operationally, the responsibility for maintaining and improving the internal control and risk management systems is delegated to the CEO and the Executive Committee.

Risk management

The objective of Talvivaara's risk management is to support the achievement of the Group's strategic and operational targets while protecting the Company against loss, uncertainty and lost opportunity. There is an ongoing process in place, supported where necessary by external advisors, for identifying, evaluating and managing the significant risks facing the Talvivaara Group. The Board of Directors is responsible for reviewing the effectiveness of the systems for the identification and management of risk. Such reviews are periodically undertaken with the assistance of the Audit Committee.

The Chief Executive Officer, the Executive Committee and the Risk Management Committee as its sub-committee are responsible for defining and implementing daily risk management procedures and ensuring that risks are taken into account in the Group's strategic planning. The Executive Committee coordinates risk management activities and risk reporting in the Group.

In 2010, the Company's risk management activities were focused on developing risk management practices within departments and functions, partly as part of internal development programmes relating to environment, health and safety, internal controls, and production reliability. The goal set for 2011 is to update the Group level risk management policies to reflect Talvivaara's present development stage as an operational rather than a project focused entity. The Group level risk assessment will be based on findings from the department level work and on experience gained from the chosen risk assessment toolswhich take into account the probability and estimated impact of the identified risks.

Risks specific to Talvivaara, its business and the industry in which it operates are discussed in more detail in Talvivaara's Annual Report in section "Risk management and principal risks".

Control activities

Talvivaara's management is responsible for setting up and maintaining an adequate internal control structure and procedures for reliable financial reporting. The Chief Executive Officer, the Executive Committee and other members of the senior management of Talvivaara and its subsidiaries are responsible for ensuring, under the supervision of the Board of Directors of the Company, that the accounting and governance in their respective lines of duty comply with the applicable laws as well as with the guidance given by the Board of Directors.

In 2010 Talvivaara continued the work commenced in 2009 and aimed at further improving its internal controls to reflect the Company's growth and development into a revenue generating entity. The work on internal controls focused on the following key processes: procurement, payments, revenue, production, human resources and payrolls, financial reporting, and information technology. Control matrices for all of the key processes were defined during the year and the effectiveness of the controls was tested. Whilst no significant findings pertaining to the controls were made, additional testing is planned for 2011 along with further updating and improvement of documentation relating to the processes, controls and operating procedures. The foundation for the work on internal controls has been the identification of risks relating to the key processes and definition of the internal controls to minimize the identified risks.

Talvivaara views control activities an area of continuous improvement. In 2011, the Company intends to continue paying special attention to the effective implementation of the internal controls and on further documentation of the underlying operating procedures.

Information and communication

Talvivaara aims to keep its personnel as well as the Board of Directors informed of its internal controls and risk management policies in a transparent, accurate and timely manner in order to continuously build on a positive culture of control activities. The key information channels towards all of the employees include the Company intranet and the weekly and monthly personnel publications, Talvivaara Weekly and Talvivaara News. Relevant personnel groups are also separately informed of and trained relating to internal controls and risk management procedures. Employee input is also actively sought when identifying the key risks and controls.

Internal controls are a recurring agenda item in Audit Committee meetings, where they are discussed with the Chief Financial Officer as well as the Company's auditors. The Audit Committee plays an important role in further communicating the status, targets and development of the Company's internal controls to the Board of Directors.

Monitoring

The effectiveness of the internal controls is overseen by the Board of Directors and operationally monitored by the management on various organisational levels. The Company's financial control function is responsible for periodically testing the controls and overseeing the commitments entered into in connection with the operations of the Talvivaara mine.

Talvivaara does not have a separate internal audit function to evaluate and test the operating procedures and processes relating to internal controls. The establishment of an internal audit function, either internally or through outsourcing, is considered by the Audit Committee and the Board of Directors annually and is regularly discussed with the Company's external auditors. The stage of development and operational scope of the Company have, in the Board of Directors' view, not yet warranted establishment of an internal audit function. The key factors contributing to this view include the Group's operations being carried out on one mine site and in one country only, and the number of the Group's customers being limited. Also, the ongoing development work on internal controls involves testing and evaluation of controls in a fashion that closely resembles internal audit.