The internal audit function, Management Assurance & Special Assignments, is responsible for independent, objective assurance, in order to systematically evaluate and propose improvements for more effective governance, internal control and risk management processes.
The process of internal control and risk management has been developed to provide reasonable assurance that the Group’s goals are met in terms of efficient operations, compliance with relevant laws and regulations and reliable financial reporting.
Internal audit assignments are conducted according to a risk based plan developed annually and approved by the Audit Committee. The audit plan is derived from an independent risk assessment conducted by Internal Audit to identify and evaluate risks associated with the execution of the company strategy, operations, and processes. The plan is designed to address the most significant risks identified within the Group and its business areas. The audits are executed using a methodology for evaluating the design and effectiveness of internal controls to ensure that risks are adequately addressed and processes are operated efficiently.
Opportunities for improving the efficiency in the governance and internal control and risk management processes identified in the internal audits are reported to responsible business area management for action. A summary of audit results is provided to the Audit Board and the Audit Committee, as is the status of management’s implementation of agreed actions to address findings identified in the audits.
For additional information on internal control, see page 156. For additional information on risk management, see Note 1, Note 2 and Note 18.