The Internal Audit Unit supports Neste Oil’s Board of Directors, the Board’s Audit Committee, and management in overseeing the Company’s activities and securing its operations by carrying out internal audits and providing consultative assistance. The goal of Internal Audit is to generate added value by making recommendations designed to improve the Company’s operations. Internal Audit is an independent function and its activities are based on international professional internal audit standards and rules of ethics.
The central task of Internal Audit is to audit the operations of Neste Oil’s units and functions on a regular basis and evaluate their internal controls, risk management, and administrative practices. The areas to be audited are determined by the projected financial and operational risks concerned. Internal Audit can also carry out special assignments on behalf of management or the Board of Directors’ Audit Committee.
Internal Audit reports to the Board of Directors’ Audit Committee and administratively to the President & CEO. The Audit Committee is responsible for approving the Internal Audit Charter and Internal Audit’s annual operating plan. As a staff function, Internal Audit does not have any direct authority over the activities it reviews.
Preventing misconduct in the Company’s operations is one of Neste Oil’s primary goals. Continuous efforts are made to identify and evaluate the risks associated with possible misconduct.
Neste Oil observes a number of principles and guidelines to prevent and deal with misconduct. These cover misuse of assets, systems, or a person’s position within the Company aimed at benefiting one or more people either directly or indirectly. Regulations cover areas including:
- fraudulent financial reporting
- unauthorized use of Company assets
- income or assets acquired fraudulently or illegally
- evading costs or responsibilities using fraudulent or illegal means, and
- costs generated in a fraudulent or illegal way.
Regulations also include principles covering how supply, purchase, and service contracts should be negotiated. The Neste Oil Code of Conduct defines the general approach that every Company employee is expected to follow.
Should employees notice or suspect misconduct, they can inform their manager or supervisor, the head of Internal Audit, the head of the Group’s Corporate Security Unit, HR personnel, or anonymously via an online tool. Internal Audit is responsible for evaluating cases that are reported and investigating them thoroughly if appropriate. Legal Affairs is responsible for any legal action taken in response. Misconduct and suspected misconduct is reported to the Board of Directors’ Audit Committee.
During 2011, Internal Audit focused on the Company’s overseas operations, data security issues, and the Renewable Fuels business area. Together with risk management personnel, Internal Audit developed a more systematic approach for evaluating the risk of misconduct in the Company’s units and operations. Internal Audits’ IT capabilities were also enhanced.
Ethics Online, Neste Oil’s online tool for reporting misconduct and other activity incompatible with the Company’s Code of Conduct, which was introduced in 2009, was further developed; and employee communication related to the Code was extended. No cases of misconduct took place in 2011 that would have had a material impact on the Company’s financial performance.
Read more about internal communications related to the Code of Conduct in the Sustainability section of the Annual Report.