Risk management, internal control and Code of Conduct are a key part of good corporate governance at Endomines.
Endomies group’s risk management is guided by the risk management policy. The aim of risk management is to create operational conditions in which business-related risks are managed comprehensively and systematically at all organizational levels. The principle is to identify risks, assess their magnitude and significance, define risk mitigation measures and decide on their implementation and monitoring of their effects.
The Company uses a group-level risk assessment and monitoring model and conducts a comprehensive risk assessment annually, in which the most significant risks to the group’s strategy and other objectives are assessed, as well as their probability and impact on business, and risk management measures are mapped. If necessary, the risk assessments are updated, for example, for the risk assessments in half-yearly financial reports. The operational management of the Company compiles a risk management report covering their areas of responsibility for review by the parent Company’s management team (management review). The CEO presents the risk management report every six months to the Board’s Audit Committee, which discusses the report and presents it to the Board of Directors.
The Company’s Board of Directors is responsible for defining the group’s risk-taking level, decides on taking strategic risks and is responsible for monitoring the results of risk management and evaluating its effectiveness. The Board’s Audit Committee monitors the effectiveness of the group’s risk management system.
Objectives and Principles of Risk Management
The Group’s risk management seeks to ensure that the financial reports published by the Company provide materially correct information about the Company’s financial standing. The purpose of risk management in the Group is to ensure the continuity of the business and the operating capability of the Group in the circumstances all identifiable risk scenarios.
In this context, risk means the possibility of an event that may, if materialised, result or may result in harmful consequences for Endomines. If the risk materialises, it may have a negative impact on Endomines’ operations, goal achievement, reputation, personnel or customers. Risks can also be taken consciously, or the level of risk can be increased.
The central principle of risk management is continuous, systematic and pre-emptive action to identify risks, to define the level of risk the Company accepts, to evaluate and manage risks and, in the event of risk realisation, to see to their effective management so that the Company will meet its strategic and financial goals.
Endomines Finland Plc’s Board of Directors confirms the Company’s risk management principles, strategical goals and focus points. It also directs and monitors the planning and implementation of risk management. The Group’s Audit Committee appointed by the Company’s Board of Directors monitors risk management in the Group.
The risk management is a part of the Group’s management, monitoring and reporting systems. Risk management covers identifying a risk, its assessment and contingency plans.
Risk management provides an overall picture of the most significant risks to Endomines’ operations. Endomines’ risk management is a systematic process that identifies the most significant risks that threaten the Company’s goals, processes and competitive position. Risks are documented, assessed, monitored and managed, and risks are reported. The risk management process is also constantly monitored and developed. It can be used to make decisions and measures that take risk-bearing capacity and desire into account.
Risk management is a systematic activity, the purpose of which is to guarantee comprehensive and appropriate identification, assessment, management and control of risks for the entire group. It is an integral part of Endomines’ strategy process, decision-making, day-to-day management and operations, as well as control and reporting procedures. Endomines assesses and manages risks in a business-oriented and comprehensive manner. This means that key risks are systematically identified, assessed, managed, monitored and reported as part of business operations at group and operational levels in all operating countries.
Identification and assessment of risks
The Company’s strategic and operative objectives are used as a basis for identifying risks. Risk analysis and assessments are conducted as self-assessments. In assessing the impact of the risk, the probability of the risk and its impact to Company’s net sales and financial results are taken into account.
Separate risk assessments can be made in significant projects.
Risk management responsibilities and organisation
It is the duty of the Company’s Board of Directors to confirm the Company’s risk management principles and assess the adequacy and appropriateness of risk management. The Managing Director is responsible for the Group’s risk management and its organisation, allocating resources for the work and reviewing the risk management principles. The Audit Committee evaluates risk management in connection with the internal audit work.
The Group’s Management Team is responsible for the implementation of risk management, operative risk monitoring, risk assessment and risk related measures.
The risk management process is based on the business plan drawn up by managing director, which implements the Company’s strategy. Internal and external events that have a material effect on the Company’s objectives are identified and divided into risks and opportunities. The probability and impact of the risks in the event of risk realisation is assessed, and an action plan regarding risks that are identified as significant is drafted. Possible measures are avoiding, accepting, mitigating and dividing risks. The senior management determines necessary actions for setting the risk levels on a level corresponding the Company’s risk appetite. Risk assessment is done regularly and detected material changes are reported to the Board of Directors.
The Company’s risk management is decentralised across units and Group support functions that assign responsibility for risk management and that are in charge of identifying, managing and reporting risks. The business functions are responsible for identifying and assessing risks affecting their own business area, for proposing measures for risk management and reporting to the management teas as instructed. Each employee is responsible for identifying and reporting to their manager all risk relating to their work or such that they have otherwise observed.
Financial risk management is coordinated by the Group’s Finance function. It develops the Company’s financial risk management, supports the risk management of business operations and regularly reports to the Management Team and to the Board of Directors about the financial risks.
The Business Management of the subsidiaries organises the appropriate way of implementing the risks management, taking into account the size of each company. For certain areas of risk managements, such as insurance and treasury risk management, where a centralized approach is appropriate, the decision-making is made in the parent company.
Risks and their changes will be reported to the Endomines Finland Plc’s Board of Directors. The Company’s Board of Directors deals with the most significant risks, their management and evaluates the effectiveness of risk management at least once a year.
Financial and operational risks and actions taken to manage them are regularly reported to the Management Team. Strategic risks are handled by the Board of Directors annually in connection with discussing the strategy.
Central risks and risk management actions are reported annually in the annual report and interim reports and on a case by case basis as necessary.
Endomines faces a number of risks and uncertainties, which may adversely impact its ability to successfully pursue its exploration and development plans as well as its extraction and enrichment of ore. The risks are e.g. related to the safety, size of ore reserves, the conditions for mining and enrichment, the valuation of growth development potential, mineral prospecting, valuation of mine-related assets, environmental and ore prospecting permits and environmental responsibilities, laws and regulations, and various financial risks. The risk factors set out below should not be considered exhaustive.
The Company divides risks into strategic risks, operative risks, risks of damage and financial risks. The Company has sought to hedge against insurable risks with standard property insurance, loss of profits insurance and liability insurance.
New or not yet identified risks assessed systematically as part of operational environment analysis and regular risk assessments. The Company supplements the risk identification process and practices as needed.
Internal control is an essential tool for ensuring the Company’s operational capability, a critical component in risk management, and it enables creating and maintaining the Company value. The purpose of establishing principles for internal control is to provide guidelines for the proper safeguarding of the Company’s assets and to ensure that the financial statements are accurate and provide a reliable basis for making business decisions. The internal control is a process which enables minimizing the probability of errors related to accounting. Internal control also helps with to assess the adequacy of the Company’s risk management in practice.
Internal control is primarily the responsibility of the operational management. They are supported by the Group’s senior management, who prepare Group level guidelines and monitor risk management. The third level in internal control is made up of external audit, whose task it is to confirm that the first two levels of control are functioning efficiently.
The Company has documented and evaluated the control measures that are connected to the risks related to unreliable accounting. This documentation is maintained by the CFO. Control measures are designed to prevent and detect errors and/or fraud, taking into account the size and complexity of the operation in an appropriate manner and scope. These include well-established accounting principles, process checks and reconciliations, rules for approving transactions, restrictions on system access rights, and analysis of all financial items. The CFO monitors unexpected exceptions and investigates them.
Endomines has entered into an agreement with the well-known service provider to provide financial administration services for operations in Finland, from where the majority of payment transactions are generated. The services include accounting, purchase ledger, payroll and related controls such as reconciliation of accounts and statutory controls.
The monitoring of financial reporting
The Company’s financial results and position are closely monitored on several levels. For operational units, the result is analysed in detail and reported to the group’s CFO. The audit committee reviews the financial reports before they are sent for the approval of the Board. The Technology, Environment and Safety Committee reviews press releases and other technical information related to mining. (e.g. ore reserves, mineral reserves, results from ore prospecting, core drilling.)
The audit committee and the Board of Directors hold discussions with an external auditor to determine whether the auditor’s work has shown possible deficiencies in financial reporting or internal control.
The function of internal audit
The environment for internal control is shaped by Endomines’ values and company culture. Endomines’ operations are concentrated, and the organization has a flat structure, which means that both the board and the Company’s management as well as the staff participate in the Company’s business and operations on a practical level. The Company does not have a separate internal audit function, but instead, internal audit responsibilities have been divided within the Company between different corporate bodies and focus areas as described below. The Board of Directors may use external consultants to conduct separate assessments concerning the control environment or functions. The audit plan of the Company’s external auditor must consider that the Company does not have a separate internal audit function.
The Board of Directors has the ultimate responsibility for the Company’s administration and the proper organization of the corporate and business functions. The Board of Directors also ensures that the Company operates in accordance with its values, approves the internal control, risk management and corporate governance policies and can assign internal audit assignments to the external auditor or other external service providers as needed. The board has confirmed the rules of procedure for its own work and has also appointed an audit committee. The audit committee’s role as an institution of the board is to be responsible for the supervision of financial reporting, internal supervision and cooperation with external auditors
Endomines’ control environment forms the basis for internal control. Internal control is a part of corporate culture and the Company’s’ board and management convey it to the rest of the organisation. In accordance with established practices, internal control and supervision is one of the management’s priorities. Endomines’ Board of Directors and management define and draw up clear areas of responsibility and decision-making processes and communicate them openly to the rest of the organization. The Company’s Board of Directors also strives to ensure that documents related to internal control, such as internal practices and guidelines, cover all essential areas and that these guide the various employees of the Company in the right direction in their work.
The Managing Director is in charge of the day-to-day management of the Company in accordance with the instructions and directions given by the Board of Directors. The Managing Director establishes the basis for internal control by leading and directing the senior management and supervising the way they monitor the businesses they are in charge of, and by ensuring that the accounting practices of the Company comply with the law and that the financial administration is management in a reliable manner.
The Management Team is responsible for creating detailed internal control instructions and practices in their respective business units. The financial administration personnel have a particularly important role, as their control measures cover all the Company’s operational and other units.
Group’s Financial Administration assists the other units to create suitable control practices. In addition, it directs the Company’s risk management process and reports on its implementation to the management, and monitors the adequacy and functionality of control measures at a practical level.
The management of business units and functions are responsible for making sure that all units and employees under their responsibility comply with applicable laws, regulations, and internal policies.
The Company’s control measures are intended to respond to the risks identified at different units of the Company’s operations and may be preventive, revealing, manual, automatic or management controls. Practical examples of control measures are analytical inspections, such as a comparison of actual results with estimates and budgets, and lower-level measures, such as various authentications, specification, approvals, and authorisations.
Endomines has financial reporting regulations and procedural guidelines, which also include the Corporate Governance Manual and Finance and Administration Manual. The manual contains e.g. accounting principles, financial policy, procurement practices and reporting procedures, as well as rules regarding the distribution of powers and the approval of internal and external transactions.
The purpose of the internal control of the Company’s financial reporting is to ensure a high level of reliability of external reporting. The internal control of financial reporting focuses on ensuring that e.g. purchase and sale transactions, other income and the Company’s financing are processed and reported efficiently and reliably.