Internal control and audit

Principles of internal control and audit

Internal control refers to all activities aimed at ensuring that the business objectives set for the group are achieved. The objective of internal control is to ensure that the company’s operations are efficient, reliable, and compliant with regulations and that the company’s financial reporting is accurate, reliable, and reflective of its operational performance. Internal control aims to safeguard the continuity and smooth functioning of operations while preventing deviations from objectives or detecting them at an early stage so that corrective actions can be taken.

The responsibility for organizing internal control lies with the board of directors and the CEO. The CEO is responsible for implementing internal control. Additionally, the management of each business unit, group company, division, and project is responsible for developing, implementing, and maintaining internal control within their respective areas of responsibility.

At GRK, internal control is an integral part of management, involving the board of directors, management, and employees. The company’s internal control system includes both the business management process and independent control and oversight functions that support but remain separate from business operations. These independent functions include systematic group-wide risk management, compliance work, and an internal audit function independent of business operations.

Internal control tools include GRK’s policies and principles, guidelines, decision-making and approval authorities, access rights, control functions, reporting relationships and regular reporting, as well as inspections, audits, and self-assessments.

Internal control pertaining to financial reporting

Financial reporting provides economic information used in the company’s management and financial data disclosed in accordance with applicable laws, standards, and other regulations relevant to the company. The objective of GRK’s internal control over financial reporting is to ensure, with an adequate level of assurance, the accuracy of financial reporting and the preparation of financial statements in compliance with laws, regulations, and GRK’s internal guidelines.

The tools for internal control over financial reporting include reporting guidelines and systems, reliability-assuring checks (controls), and reports integrated into the management system.

Internal audit

Internal audit is an integral part of GRK’s internal control framework. It is an independent, objective, and advisory function that emphasizes a developmental approach to the continuous improvement of the company’s operations. GRK’s internal audit systematically evaluates the effectiveness of the company’s risk management, control, governance, and administrative processes and independently verifies their adequacy and functionality.

Internal audit performs its work autonomously. It has the authority to conduct investigations and access all information relevant to the audit. GRK’s internal audit adheres to international professional standards for internal auditing.

GRK’s internal audit operates under the board of directors’ audit committee and reports its findings to the audit committee, which in turn reports to the board of directors. The board of directors approves the internal audit charter, which defines the principles and procedures governing internal audit activities.

The board of directors approves the long-term overall plan for internal audit as well as the annual internal audit plans. When preparing the annual plan, business risks, strategic priorities, and any previous findings are taken into account. The annual audit targets are selected based on a risk-based approach.