Metsä Board Annual and sustainability report 2022





audit guidelines approved by the Audit Commit- tee. The internal audit function reports to the Audit Committee on operations and to Metsä Group’s President and CEO on administration. Internal auditing draws up a six-monthly action plan which is approved by the Audit Committee. Auditing is risk-based and focuses on the Company’s activities and units that are considered to be key to achieving the objectives set for operations. In cooperation with the audit function, internal auditing sees to the coordination of plans to ensure adequate coverage of auditing and avoid overlapping work. Similarly, cooperation is carried out with Metsä Group’s other assurance functions such as risk management, internal controls and compliance. The results of the audit are compiled into an audit report, which is shared with Metsä Board’s CEO and CFO, the management of the audited entity and the persons in charge. The audit reports are submitted to Metsä Group’s President and CEO, CFO, auditor and, if required, to other Group management for informative purposes. Internal auditing provides the Audit Committee with a six-monthly summary report on the audits carried out, the main findings and recommendations, and the management action plans and their implementation. The Chair of the Audit Committee and the Audit Director also meet regularly without the presence of management. Risk management Risk management is an essential part of Metsä Board’s standard business planning and leadership. Risk management is part of daily decision making, operations follow-up and internal control, helping to promote and ensure the achievement of the Company’s objectives. Business management and risk management are efficiently coordinated based on the operational principles confirmed by the Board, the aim of which is to secure a well-defined, understandable and sufficiently practical risk management process. Risks and their development are regularly reported to the Board of Directors’ Audit Committee. Centralised risk management also takes care of the coordination and competitive bidding of Metsä Board’s insurance coverage. The key objective of risk management is to identify and evaluate the risks, threats and

opportunities that may have an impact on the implementation of the strategy and the achieve- ment of short- and long-term objectives. The businesses regularly evaluate and monitor the risk environment and related changes as part of their normal operational planning. The risks identified and their management are reported to the Audit Committee and the Board at least twice a year. Business risks also involve opportu- nities, and they can be capitalised on within the boundaries of the agreed risk limits. Conscious risk-taking decisions must always be based on an adequate evaluation of the risk-bearing capacity and the profit/loss potential, among other things. Such an evaluation must be conducted before any pre-engineering and execution phases of projects and investments. Risk management responsibilities are divided among different functions in Metsä Board. The Board is responsible for the Company’s risk management and approves the Company’s risk management policy; the Audit Committee evaluates the levels and procedures of the Company’s risk management as well as the essential risk areas and provides the Board with related proposals. The CEO and Management Team are responsible for the specification and adoption of the risk management principles. They are also responsible for ensuring that the risks are taken into account in the Company’s planning processes and that risk reporting is adequate and appropriate. The Vice President of Risk Management reports to the CFO and is responsible for the development and coor- dination of the Company’s risk management process, the implementation of risk evaluation and the essential insurance decisions. The Risk Committee conducts a twice-yearly risk review, the results of which the CEO presents to the Board following a review by the Corporate Man- agement Team. The Risk Committee consists of the CFO acting as Chair, and SVP Production, SVP Development, VP Risk Management and VP Group Accounting. The businesses and support functions identify and evaluate the essential risks related to their own areas of responsibility in their planning processes, prepare for them, take necessary preventive action and report on the risks as agreed. The key elements of Metsä Board’s risk management include implementing a compre- hensive risk management process that supports the entire business, protecting property and

ensuring business continuity, corporate security and its continuous development, as well as crisis management and continuity and recovery plans. According to the risk management policy and principles, adequate risk management forms a necessary part of the preliminary review and implementation stages of projects that are financially or otherwise significant. Metsä Board’s risk management is tasked with: • ensuring that all the identified risks with an impact on personnel, customers, products, property, information assets, corporate image, corporate responsibility or operational capacity are controlled according to applicable laws and based on the best available information; • ensuring that the Company’s objectives are met; • fulfilling stakeholders’ expectations; • protecting property and ensuring disrup- tion-free business continuity; • optimising the profit/loss potential; and • ensuring the management of the company’s overall risk exposure and minimising the overall risks. The most significant risks and uncertainties that the Company is aware of are described in the Report of the Board of Directors.

Auditing According to Metsä Board’s Articles of

Association, the Company has one auditor that must be an audit firm authorised by the Central Chamber of Commerce of Finland. The General Meeting appoints the auditor each year at the Annual General Meeting. The Company’s Audit Committee together with the Audit Committee of its parent entity, Metsäliitto Cooperative, organised a competitive bidding for audit services in 2011 and 2021. As a result of the 2011 bidding, the Company’s long-term auditor PricewaterhouseCoopers Oy was changed to KPMG Oy Ab at the 2012 Annual General Meeting. Following the competitive bidding organised in 2021 and pursuant to the decision of the 2022 Annual General Meeting, KPMG Oy Ab now acts as the Company’s auditor with Kirsi Jantunen, APA, as the auditor with main responsibility. Under the EU Audit Directive, an audit firm may act as a company’s auditor for a maximum of 10 years, after which a competitive


Powered by