Internal Audit is a function, independent of business operations, which evaluates the efficiency and effectiveness as well as the maturity of the internal control system within Mandatum Group. The function helps the business organisation to accomplish its objectives through a systematic approach to evaluate and improve the effectiveness of the risk management, control and governance processes. The Group function is organised under the Board of Directors of Mandatum plc and it reports to the Board and its Audit Committee. It is managed by the Group Chief Audit Executive, who is appointed by the Board of Directors of Mandatum plc. Internal audit functions are established in each Group company as regulations demand and approved by the respective Board of Directors.
The work is carried out in accordance with the Mandatum Group Internal Audit Policy, approved by the Board of Directors of Mandatum plc and each regulated Group company. According to the policy, the Internal Audit applies the mandatory international guidance of the Institute of Internal Auditors as applicable.
The Internal Audit establishes an internal audit activity plan for the regulated Group companies. The plans are updated annually and approved by the Board of Directors in the respective legal entity. Mandatum’s Audit Committee participates in the preparation of the activity plans and approves them. The approach is risk based and takes into consideration relevant focus areas. The Group’s auditor is also informed about the internal audit activity plans.
The Internal Audit function reports on the audits and follow-up activities performed to the Board of Directors of the legal entities, and to Mandatum plc’s Audit Committee. Company-specific audit observations are reported to the respective companies’ management. Furthermore, the function submits activity reports to Mandatum plc’s Audit Committee each quarter and to the Board of Directors in all regulated entities at least twice a year. These reports include any significant deficiencies detected and risks related to measures not being remedied according to the agreed activity plans.
The Group Chief Audit Executive is responsible for ensuring that a quality assurance and improvement programme is established in the internal audit functions. The programmes’ results are reported regularly to Mandatum’s Audit Committee.