Main featur?es of the internal control and risk management systems pertaining to the financial reporting process

Internal control seeks to ensure the company’s compliance with applicable laws, regulations, Code of Conduct, and with other
recommendations as well as the reliability of financial and operational reporting. Furthermore, internal control seeks to safeguard the the assets of the company and to ensure overall effectiveness and efficiency of operations to meet strategic, operational, and financial targets. Internal control practices are aligned with the risk management process. The goal of the risk management is to support strategy and achievement of targets by anticipating and reacting to potential business threats and opportunities.

Vaisala’s operating model of internal control and risk management related to financial reporting aims to provide sufficient assurance
regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, accepted accounting principles (IFRS), and other requirements for listed companies. The principal components of internal control are control environment, risk assessment, control activities, communications, and monitoring.

Contr?ol environment

The Board of Directors has the overall responsibility for the internal control of financial reporting. The Board of Directors has established a written charter that clarifies its responsibilities and regulates the internal distribution of work of the Board of Directors and its committees. The Board of Directors has appointed the Audit Committee whose task is to ensure that established principles for financial reporting, risk management, and internal control are followed by and to enable appropriate external audit. The President and CEO is responsible for organizing an effective control environment and ongoing work on internal control as regards financial reporting. The internal audit reports all relevant issues to the Audit Committee and the President and CEO.

Internal audit focuses on developing and enhancing controls related to financial reporting by proactively assessing on internal control environment and by monitoring the effectiveness of the control design. Most important internal steering instruments for financial reporting comprise the Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, Disclosure Policy, accounting policies, and other reporting instructions.

Risk asessment

Risk assessment as regards financial reporting aims to identify and evaluate most significant threats at the levels of Vaisala, reporting segments, functions, and processes. As a result of risk assessment, the company defines control targets through which it seeks to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on the development of essential risk areas as well as reactions to the risks are communicated regularly to the Audit Committee.

Control activities

The President and CEO is operationally responsible for internal controls. Internal control related to financial activities as well as to control of the business and the management has been integrated into Vaisala’s business processes. The company has defined and documented significant internal control activities related to its financial statements reporting process as part of business processes. Approval mechanisms, access rights, segregation of duties, authorizations, verifications, reconciliations, and follow-up of financial reporting are essential internal activities. All business units have their own defined controller function whose representatives participate in planning and evaluating the unit’s performance. They ensure that monthly and quarterly financial reporting follows the company’s policies and instructions and that all financial reporting is delivered on time. The management follows up the achievement of targets through monthly management reporting routines. The Chief Financial Officer regularly reports the results of the internal control work and the efficiency of the control activities to the Audit Committee.


Vaisala seeks to ensure that the internal and external communication of the company is open, transparent, accurate, and timely. The Disclosure Policy defines how and when information should be given and by whom it is given. It also defines the accuracy and comprehensiveness of the information in order to fulfil the communication obligations. Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, accounting policies, and reporting instructions as well as Disclosure Policy and Insider Policy are available on the company’s intranet.


The Board of Directors, the Audit Committee, the President and CEO, and internal audit monitor the effectiveness of internal control related to financial reporting. The monitoring includes follow-up of monthly financial reports, review of the rolling forecasts and plans, as well as reports from internal audit and auditors. Internal audit assesses the effectiveness of operations and adequacy of risk management and reports the risks and weaknesses related to the internal control processes. Internal audit compiles an annual audit plan and reports the status of the plan and findings regularly to the Audit Committee and the Management Group. Furthermore, the Chief Financial Officer, the General Counsel, internal audit, and auditor coordinate audit planning and monitoring regularly.

General development measures in internal control and risk management in 2019

In 2019, internal audit focused on sales process, contract management, sourcing process, and integration process of acquired companies. The audit confirmed that the reviewed sales process works reliably. Following the integration of the 2018 acquisitions, internal audit verified the effectiveness of the integration process and recommended some improvements to future acquisitions and integrations. Other audits provided suggestions for continuously improving processes and internal controls. Harmonization of the control environment in Vaisala’s recent acquisitions was one of the priorities of internal controls, and it will continue during 2020.

Corporate Governance Statement 2019