Risk Management and Internal Control

The Objective of Risk Management at Asiakastieto

The objective of Risk Management is to secure profitable performance of the Asiakastieto and to ensure the continuity of the business by executing risk management in a cost-effective and systematic manner in the different functions of the company. Risk management is part of Asiakastieto’s strategic and operative planning, daily decision-making process and internal control.

Main Principles for Organizing Risk Management 

The company complies with a policy approved by the company’s Board of Directors for the management of risks. Risk Management covers all activities that are related to the objectives being achievable and consistent with the strategy, to the identification, measuring, assessment, processing, reporting and control of risks and to the reaction to risks.

Main Features of Risk Management Process

In conjunction with the strategy process and annual planning, the company’s CEO and members of the management group evaluate the business risks which may prevent or endanger the achieving of the group’s strategic and result objectives. The units provide risk assessments of their own operations for the support of the strategy process. The directors of the units have to provide assessments of the risks of their own area of responsibility and present action plans for the management of risks. Changes taking place in the strategic and operative risks are discussed in the management group.

Asiakastieto’s CEO reports the identified risks as well as planned and implemented actions for the risk mitigation to the Audit Committee and the Board of Directors. In accordance with the recommendation 49 of the Finnish Corporate Governance Code, the company shall disclose the major risks and uncertainties that the board is aware of and the principles along which risk management is organised. The Audit Committee shall assure that the Corporate Governance Statement published by the company shall contain an appropriate description of the main features of the internal control and risk management systems in relation to the financial reporting process.

The report by the Board of Directors contains an evaluation of the major risks and uncertainties. In addition, the interim reports and financial statements releases describe major short-term risks and uncertainties related to the business operations.

General Description of Internal Control and Operational Principles

Internal control is carried out by the Board of Directors, management and the company’s entire personnel so that it can reasonably be asserted that:

  1. the operations are functioning, efficient and in compliance with the strategy
  2. the financial reporting and information given to the management is reliable, sufficient, and timely
  3. applicable laws and regulations as well as the company’s internal instructions and ethical values are complied with at Asiakastieto

 

Asiakastieto’s internal control contain the following structural elements:

Key Risks and Uncertainties

Asiakastieto is exposed to a number of risks and uncertainties related to, among other factors, the market conditions, the Company’s industry, the Company’s strategy, business operations of the Company and financial risks. The materialisation of any such risks could have a material adverse effect on the Asiakastieto’s business, financial condition, results of operations and future prospects.

Market and strategic risks

Demand for the Company’s products and services depends on the transaction volumes of its customers which, in turn, are sensitive to changes in general economic conditions. Demand tends to follow general levels of economic activity and commercial transaction volumes, and slow economic growth, which has prevailed in Finland in recent years, generally result in lower levels of demand for the Company’s products and services.

Asiakastieto operates in a number of product and service markets that is competitive and subject to evolving customer needs. Information services are becoming more readily available, principally due to the greater availability of public data, the expansion of the Internet and the emergence of new service providers, which may increase competition on the market. The greater availability of data could also facilitate developing certain services, such as analytical services, in-house by the Company’s customers.

Competitive tenders by the Company’s customers and overall customer cost-consciousness may cause some downward pricing pressure in the Company’s markets. In addition, price pressure by Asiakastieto’s competitors could negatively affect the Company’s margins and results of operations and could also harm its ability to obtain new customers on favourable terms.

The largest customer accounted for approximately 11.0 per cent of Asiakastieto’s invoicing in 2014, while the 10 and 40 largest customers accounted for approximately 34.8 and 48.3 per cent of the invoicing in 2014, respectively. The loss of one or several of its largest customers could have an adverse effect on Asiakastieto.

Collection, storage and use of data is subject to detailed regulation. Changes in the regulatory framework could require Asiakastieto to adapt its service offering or its strategy, resulted in increased costs, force the Company to discontinue provision of certain products and services or prevent or delay the development of its activities.

Operational risks

Asiakastieto’s business relies on data from external data providers, including government agencies and other public sources, customers and other sources. If one or more data provider were to cease making their data available for any reason or substantially increase the price of their data, Asiakastieto’s ability to provide its products and services to its customers could be adversely affected.

Asiakastieto believes that its continued success will be influenced by its ability to meet customers’ needs through the development of products and services that are easy to use and that seek to increase customers’ business process efficiency, offer cost savings, and facilitate better business decisions. Asiakastieto may experience delays in developing new products and services and enhancements to existing products, due to technical challenges, difficulties with external IT development resources, acquiring data or regulatory requirements, in which case the company’s results could suffer.

Asiakastieto has and will continue to undertake continuous investments in its technology infrastructure, including its hardware and software. If Asiakastieto experiences any failures related to its technology investments, it may not achieve its expected revenue development, or may experience increased costs, and it could experience a competitive disadvantage in the marketplace, such as the inability to offer certain types of new products and services or to collect certain types of new data.

The secure and uninterrupted operation of Asiakastieto’s networks and systems is critical to its business operations. Any unauthorised access, disclosure, loss or misuse of information may result in Asiakastieto being in breach of data protection and related legislation, reputational harm, loss of revenue, claims or regulatory actions.

In addition, despite testing and data quality control, the products and services that Asiakastieto develops as well as the operating systems or software used by the company may contain errors or defects. Asiakastieto’s information technology networks and infrastructure could be vulnerable to damage or disruptions due to various reasons. In the event of such an incident, Asiakastieto’s information technology infrastructure may not be operative, which could hamper its operations and result in contractual breaches, among other.

Asiakastieto is exposed to a number of financial risks, including interest rate risks, credit risk and liquidity risk. The Company’s financial risks and financial risk management is described in notes to the Financial Statements.

Internal control

The objective of the internal control in Asiakastieto is to ensure that business operations are efficient and profitable, financial reporting is reliable, and that applicable laws and regulation for the company’s business, as well as company’s internal instructions are followed. The specific objective of the internal controls over financial reporting is to ensure that interim reports, earnings releases and other financial reporting made available to the public, and financial statements and annual reports are reliable and are prepared in accordance with the accounting and reporting principles adopted by the company.  

The Audit Committee of the Asiakastietois responsible for, according to its working order, monitoring of the financial statement preparation and financial reporting processes, and monitors the effectiveness of the company’s internal control and risk management processes.

CEO is operationally responsible for the organization of the internal control. It includes that the company has designed and implemented adequate internal control mechanisms as stipulated in the operating principles approved by the board. CEO, supported by the Management Team, is responsible to ensure that the company operates in accordance with the agreed and defined principles, follows laws and regulations, and reacts towards identified exceptions and takes adequate corrective actions.

An integral part of the internal control is the document indicating the company’s roles and delegation of authority, as defined by the Board (Delegation of Authority Summary). The guideline defines authorisations of the board, the CEO and other management team members. The guideline deals with the situations where authorisations may be required for annual accounts, budget, remuneration, investments, acquisitions, financing and one-off transactions. Asiakastieto Code of Ethics is applicable for all the group employees. It has been published in the company’s intranet and is also introduced to all new employees.

 Internal audit

The company does not have currently internal audit function. The Audit Committee of the Board shall, according to its working order, evaluate on a yearly basis whether such function should be established. The Audit Committee may use either internal or external resources to carry out specific internal audit assignments. The Group Finance of the company monitors adherence of the approval limits as defined in the Delegation of Authority guidelines.

Focus areas in 2015 for internal control development

As part of the listing process of the Asiakastietointernal controls over preparation of the financial statements and financial reporting process have been developed in 2015 by the company’s finance management. This initiative has consisted of identification of the risk relating to the financial statements and financial reporting process, and identification and documentation of the key control points for related processes in a consistent documentation model. In connection with the documentation, each control point has been allocated to the responsible person, and the adequacy of the control design has been evaluated. Control points are e.g. reconciliations, analysis, approvals and authorisations, segregation of duties, and system access management. As part of the work, controls relating to bank payments and external financial reporting have been strengthened. Development of internal control continues in 2015 and includes the design of the monitoring process of the controls effectiveness, implementation and reporting results to the Audit Committee