Internal audit

The scope of Internal Audit encompasses the examination and evaluation of the adequacy and effectiveness of the governance, risk management process, system of internal control structures and quality of performance of the audited organization in carrying out assigned responsibilities to achieve the stated goals and objectives of Cramo.

Internal Audit includes:

  • Reviewing the reliability and appropriateness of financial and operating information;
  • Reviewing compliance with policies, plans, procedures, laws, and regulations that could have a significant impact on operations;
  • Reviewing the means of safeguarding assets and, as appropriate, verifying the existence of such assets;
  • Reviewing and appraising the economy and efficiency with which resources are employed, used and protected;
  • Reviewing operations or programmes to ascertain whether results are consistent with established objectives and goals and whether the operations or programmes are being carried out as planned;
  • Reviewing specific operations at the request of the Board or management, as appropriate;
  • Monitoring and evaluating the effectiveness of set common controls; and
  • Monitoring and evaluating the effectiveness of the risk identification and management system of the audited organisation.

The Audit Committee approves the charter and annual audit plan of the Group’s Internal Audit unit and assesses its operations. The unit pays regular visits to depots and offices in Cramo countries. In addition, Internal Audit is responsible for assessing the efficiency of the Group’s various units for operational and compliance auditing. The Head of Internal Audit reports the findings and recommendations to the Audit Committee and the President and CEO. Administratively, the Head of Internal Audit reports to the CFO and shares the results of audit assignments with the Group management.

Internal Control and Risk Management related to financial reporting

Financial reporting process at Cramo

Group reporting is based on the HFM consolidation and reporting system facilitating common control requirements for all operating companies (“OpCos”) and legal entities reporting to the Group. Subsidiaries submit their figures to the reporting system for consolidation. The reported figures are reviewed in subsidiaries as well as by Group accounting. The Group Finance and Development function maintains the Group’s aggregated chart of accounts. The target is that all Cramo countries share common business and financial reporting processes.

Information relevant to financial reporting is identified, accessed, processed and distributed in accordance with Cramo’s processes and procedures. In financial reporting, the Controller’s Manual, financial guidelines and IFRS accounting principles (as adopted by the European Union) set the standards for financial reporting as well as accounting policies and reporting procedures at Cramo. These documents are up-dated regularly and communicated throughout the Group. Other internal policies and rules related to the financial reporting process include the Treasury Policy, Matrix of Authorisations and Approval Limits Granted as well as the Code of Conduct. Information about internal financial guidelines, their updates and schedules is distributed regularly to all employees concerned.

Roles and responsibilities

The Board bears ultimate responsibility for the appropriate arrangement of internal control over financial reporting. The Board supervises and approves annual financial statements and interim reports. The Audit Committee assists the Board of Directors in overseeing the effectiveness of established internal control and risk management principles. These duties are accomplished by supervising the accounting and reporting processes as well as by an audit of the financial statements to ensure the quality and integrity of the financial statements and related disclosures. In practice, the Pres-ident and CEO and OpCo managers are in charge of performing internal control activities for financial reporting. They are supported in this task by the CFO, the Group Finance and Development function and OpCo financial management.

The Group’s President and CEO is responsible for maintaining an effective control environment by ensuring implementation of internal control and risk management processes and their operational effectiveness. The President and CEO also ascer-tains that the Company’s accounting practices comply with legislation and that financial matters are handled in a reliable manner. Senior managers assign responsibility for establishing more specific internal control policies and procedures to personnel responsible for the functions of the unit. Management and employees are assigned appropriate levels of authority and responsibility to facilitate effective internal control in financial reporting.

Risk assessment and control activities

Cramo has established objectives for reliable financial reporting in order to identify financial reporting risks. Within the risk assessment process, Cramo identifies and analyses risks to achieving financial reporting objectives as a basis for determining how those risks should be managed and mitigated. The risk assessment process has been extended to also take into consideration the potential for material misstatement due to fraud.

Control activities are linked to risk assessment, and specific actions are taken to address risks to achieving financial reporting objectives. The risks identified related to financial reporting are managed through control activities which are set throughout the organisation, at all levels and in all functions. Financial officers and their staffs, whose control activities cut across, as well as up and down, the Group’s operating and other units, are particularly important. Cramo’s Group-wide controls include a variety of activities such as approvals, authorisations, verifications, reconciliations, reviews of operating performance, safeguarding of assets and segregation of duties.


In order to ensure the effectiveness of internal control regarding financial reporting, monitoring is conducted by the Board, the Audit Committee, the President and CEO, the CFO and the Group Finance and Development function, Internal Audit, the Group management team and OpCo managers and controllers. Follow-up is accomplished through ongoing monitoring activities, separate evaluations or a combination of the two.

The Audit Committee approves the charter for the Group’s Internal Audit and the annual audit plan as well as assesses its operations. As part of the Internal Audit plan, the Group’s Internal Audit (IA) function also performs independent audits of Cramo’s financial reporting process and assesses the effectiveness of Cramo’s controls at the Group level and in the OpCos. The results of audit assignments are reported regularly to the Audit Committee, the President and CEO and the CFO. These results are also shared with the Group’s external auditors, and internal activities are aligned with the suggestions presented by the external auditors. Furthermore, the Group Finance and Development function monitors the adequacy and effectiveness of Cramo’s control activities and ensures that external reporting is correct, timely and in compliance with regulations. OpCo managers and controllers ensure compliance with the Group’s financial reporting guidelines along with local, state and national budgetary reporting requirements and that local external reporting is correct and timely.

Ongoing monitoring activities include the follow-up of monthly financial reports relating to the budget, forecasts and other targets, follow-up of business plans, monitoring of new plans and follow-up of internal and external projects. The scope and frequency of separate evaluations depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures and control activities. Internal control deficiencies are identified and communicated in a timely manner to the parties responsible for taking corrective action, as well as to management, the Audit Committee and the Board as appropriate. Implementation and control of financial and other business targets are monitored through Group-wide financial reporting and through regular operating company Board meetings as well as management and controller meetings.


Cramo’s related parties include the Board of Directors, Group management team, his/her close family members, entities under control or significant influence of the persons belonging to related parties, subsidiaries and joint ventures.

The transactions concluded between the Company and its related parties are evaluated and monitored and it is ensured that any conflicts of interest are taken into account appropriately in the decision-making process of the Company.

Transactions between the Company and related parties are allowed, provided that they promote the purpose of the Company and are conducted on acceptable terms and in the interests of the Company from the company’s business perspective, as well as in compliance with effective regulations.

Further information about internal control and risk management related to financial reporting can be found in Corporate Governance Statement 2019.


Corporate governance statements

Corporate governance

The corporate governance at Cramo is based on Finnish law and the Company’s Articles of Association. The Group complies with the rules of Nasdaq Helsinki Ltd and from 1 January 2020 onwards the Finnish Corporate Governance Code 2020 published by the Securities Market Association. The Corporate Governance Code is available on the Securities Market Association’s website: Cramo does not deviate from the Finnish Corporate Governance Code Recommendations.

The Group’s headquarters are in Vantaa, Finland and the Company is listed on the Nasdaq Helsinki Ltd.

Cramo prepares annual financial statements and interim reports conforming to Finnish law and International Financial Reporting Standards (IFRS). Statements and reports are published in Finnish and English.

Overview of Corporate Governance Components at Cramo Group

The Group’s control and management responsibilities are divided among the General Meeting of Shareholders, the Board of Directors with its three committees, Shareholders’ Nomination Committee, the President and CEO, the Group Management team and Managing Directors of subsidiaries. The Board of Directors supervises the performance of the Company, its management and organisation on behalf of shareholders. The Board of Directors and the Group management team are separate bodies, and no one serves as a member of both.