The Board is responsible for the principles of internal control in Uponor. Uponor's internal control is defined as a process influenced by the Board, the management and all the individual employees of the Group. The objective of internal control is to ensure that the management has a reasonable assurance that:
- operations are effective, efficient and aligned with the strategy;
- financial reporting and management information is reliable, comprehensive and timely; and
- the Group is in compliance with applicable laws and regulations.
Uponor's internal control framework strives to balance the business needs and the control perspective. The aim of the internal control framework is thus to:
- focus on the most business-relevant risks and issues from the strategic alignment and operational effectiveness point of view;
- promote ethical values, good corporate governance and risk management practices;
- ensure compliance with laws, regulations and Uponor's internal policies; and
- assure production of reliable financial reporting to support internal decision-making and to serve the needs of external stakeholders.
The base for the internal control environment and integrity of the employees is set in Uponor's Code of Conduct and values.
Uponor's aim is to embed control in the daily operations. Effective internal control requires that duties are properly segregated to different employees and potential conflicts of interests are identified and eliminated. Examples of existing control mechanisms include group policies, accounting and reporting instructions and regular management business review meetings. Additionally, as an example, responsibilities for communication with external parties, such as customers, suppliers, regulators and shareholders are clearly set.
Ongoing monitoring occurs locally in each organisational unit, during the course of daily operations. Groupwide, the responsibility lies within the Finance and Administration function.
Whether separate evaluations are needed, their scope and frequency, will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies shall be reported upstream, with serious matters to be reported to the top management and the Board. Any separate evaluations are performed by the internal audit function and may be initiated by the Board and by the management.