Sanoma’s Internal Control Policy defines the internal control process applied in the Group. Internal controls are in line with the Corporate Governance Framework, and aim to assure that all Group policies and standards are up to date, communicated and implemented.
Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations.
The process includes objective setting, control design and implementation, operating effectiveness testing, monitoring and continuous improvement, and reporting.
Internal controls consist of entity-level, process-level and IT controls. Entity-level controls are applied on all levels of Sanoma (i.e. Group, SBU and entity) and can relate to more than one process. The Code of Conduct, Group policies and guidelines and their active implementation are examples of entity-level control activities.
Process-level control activities are designed to mitigate risks relating to certain key processes. Examples of such processes are purchase-to-pay and payroll processes. Automated or manual reconciliations and approvals of transactions are typical process-level controls.
IT controls are embedded within IT processes that provide a reliable operating environment and support the effective operation of application controls. Controls that prevent inappropriate and unauthorised use of the system and controls over the effective acquisition are examples of IT controls.
The operation of controls is monitored to ensure that they are implemented as designed, and that they operate effectively. The monitoring is performed as a management self-assessment, assessment of an independent party/internal audit or a combination of those.