The foundation of the Groups´ management and internal control is its values that are defined together with the personnel:
- Develop and improve – for the benefit of the customer
- Trust and be trustworthy
- Operate profitably
- Entrepreneurship means responsibility
The Groups´ values constitute ground rules aimed at guiding the operation of all employees. They are an important prerequisite for the materialisation of Group strategy. The values are reflected in all day-to-day operations, guide the personnel in achieving set targets and help to achieve the goal of the internal control. Together determined values support the participation of the entire organisation and clarify and facilitate both our internal and external communication.
The company's Board of Directors is responsible for the arrangement and the functionality of the internal control. Internal control, risk management and financial reporting are overseen by the Audit Committee nominated by the Board of Directors. Financial reporting in the Group is carried out by using the Group´s guidelines concerning the reporting. These guidelines are maintained by the Group´s Financial Administration. Financial Administration also oversees that these guidelines are applied and that the internal communication conserning the guidelines is arranged properly.
Board of Directors has approved principles how to prepare consolidated financial statements. Preparing process and controlling operations for consolidated financial statements are specified, as well as are the job descriptions and responsibilities for preparing consolidated financial statements. Adjustments in consolidated financial statements are made before the balances and profit and loss statements of Group companies are booked to Group reporting system to be sure that all company accounts correspond to principles of consolidated financial statements (IFRS). Validity of consolidation is synchronized. Turnover and profit of group and business units are analyzed and compared to views of management and to information from operational systems in the Business Control function, in which each business unit as well as company’s Russian operations have a specific business controller resource allocated to them.
Other processes that are significant for financial statements are fixed assets process and sales process. Sales revenues of Group are booked based on information from operational systems. This process is supervised by Group Accounting Manager. Significant information from sales systems are synchronized monthly with the information in bookkeeping. In Group there are limits for accepting the purchase of fixed assets and the accounting function of Group is also supervising purchases that are activated as assets. Group has an accepted depreciation policy which specifies economic lifetime for goods and components. Group accounting supervises that the depreciation periods that business units have defined are done according to group policy. Economic lifetimes are supervised by group accounting and inventory of fixed assets is done regularly. Depreciation periods are specified by law and by economic lifetime according to prudence principle.
Effective internal control system requires adequate, well-timed and reliable information so that the management can follow the achievement of goals and functionality of controls. This covers both economic and other information, data from information systems as well as other internally and externally gathered information. Management in different levels of Group is continuously supervising and estimating information from financial and operational systems as well as information from internal and external sources, and evaluates the significance of the information for the Group. Directions for accounting and other relevant directions are available in intranet for all and accounting function organizes regularly education related to these directions. In year 2012 education was organized once or twice in each relevant business location. Communication between operational units and accounting function is regular. Profit of Group is supervised internally by monthly reporting and it is completed by rolling forecasts. Group financial results are informed to the personnel immediately after the official stock exchange release is published.
Instructions for insiders are available in intranet for all. President and CEO, Chief Financial Officer and Communications Manager are responsible for Investor Communications.
The auditors control the validity of Group accounting and financial statements and that the management of the Group is organized properly. Control findings and recommendations related to them made by auditors are reported to the Board of Directors and to the Internal Audit Committee.
In the Group internal control means all actions and processes, principles, instructions and organizational structures that aim to increase the probability that all targets can be reached. Purpose of internal control is to ensure the profitability of operations, observance of legislation and contracts, proper administration of assets and validity of financial reporting. The Group applies its internal control in accordance with international COSO-model.
Nurminen Logistics Group consists of parent company Nurminen Logistics Plc, subsidiaries and associated companies. The company has corporatized its business operations in Finland into separate companies and operation under the new structure has been started from 1 January 2013. Functionally significant companies in addition to the parent company and the Finnish subsidiaries are Russian and Baltic business units which are managed in own companies.
The Board of Directors is responsible for organizing and functionality of internal control. Internal control is managed by Group Executive Board and it is executed by the whole organization. Internal control is not a separate function but elementary part of all functions and it is working in all levels of organization. Operational management has the main responsibility of control. Each manager is responsible for organizing the control of the functions, which he/she is responsible for, and to follow that the controls are continuously functional. Support functions such as financial administration, IT department and risk management are supporting Group Executive Board and have responsibility to organize the internal control in support functions. Chief Financial Officer is responsible for processes in financial administration and in reporting and shall organize the internal control for these functions.
Internal audit of the company is organized by President and CEO and the Audit Committee. Together they annually decide the focus, resourcing and actions of internal audit. Goal of internal audit is to evaluate and develop the risk management, control, management and administration processes. Internal audit is carried out as broadened external audit.
The company does not have a separate internal audit function. Instead, the internal audit is part of the group’s financial administration. Contract risks are also managed locally with the assistance of the lawyers representing the group and its subsidiaries. Local auditors audit the procedures of internal control in accordance with the audit plan. Representatives of the financial administration perform certain controls when they visit subsidiaries. The financial management reports on the findings to the President and CEO and the Audit Committee, which in turn report to the Board of Directors. The main focus areas of risk management have been credit and liquidity risk as well as risks associated with railway logistics business operations.
The Group engages in continuous risk evaluation of its operative business, and aims to protect itself from known risk factors. The goal of the Group´s risk management is to secure the performance of the group, and to ensure the undisturbed continuation of business. The Board's Audit Committee evaluates the sufficiency and the appropriateness of the risk control and the processes related to it. The Audit Committee reports to the Board of Directors.
Business risks are divided in strategic risks, financial risks, operational risks, data security risks and indemnity risks.
The Group has established a general risk management policy, the principles of which are:
The Group systematically analyzes risks that are significant in relation to achieving the Group´s strategic targets. Risk analysis of strategic risks and the measures caused by it are reviewed in the Board of Directors at least twice a year.
The goal of the Group´s risk management is to minimise the harmful effects by the changes in financial markets on the Group’s profit and equity. The policy for managing financial risks is based on the main principles of finance approved by the board of directors. Finance operations are responsible for daily risk management within the limits set by the board.
Currency risks are caused by foreign currency imports and exports, by the financing of foreign subsidiaries and by equity in foreign currency.
The Group manages the currency risk inherent in cash flows by keeping foreign currency income and expense cash flows in the same currency, and by matching them simultaneously to the extent possible. If matching is not possible, a portion of the open position may be hedged.
Foreign currency balance sheet items are hedged if the sum of currency exceeds EUR 500,000. Instruments used in hedging include forward contracts, currency options, NDF contracts, and their combinations. The protection level of currency positions should be between 30–70 percent, considering the current economic trends and the predicted currency prospects as well as the functionality of each currency's hedge market. In extraordinary hedging market circumstances the company may deviate from the guidelines above.
Currency amounts in cheque accounts should be kept as small as possible without disturbing payment transactions. The amount of currency assets may not exceed one percent of the total of the profit and loss statement.
Interest Rate Risks
Interest rate risks to the Group derive mainly through interest bearing debt. The purpose of interest rate risk management is to diminish the effect of market interest rate movements on finance cash flows. Usable protection instruments include forward rate agreements and interest rate futures, interest rate swaps and interest collar agreements.
The purpose of liquidity risk management is to ensure sufficient financing in all situations. Assets required for two weeks’ payment transactions will be reserved as a buffer for liquidity of payment transactions.
The Group aims to guarantee the availability and the flexibility of financing in all circumstances by various financing agreements including sufficient credit limits and by co-operating with a number of financing institutions.
The goal of managing credit risk is to minimise losses which are caused by the other party neglecting their obligations. The Group will manage the counterparty risk based on the customer credit rating and engages in active debt-collection, when necessary.
The operational risks consist of sales, business, personnel, IT, safety and agreement risks, risks related to the internal processes and systems as well as of legal risks.
The Group strives to minimise the operational risks of its activities by seeking as balanced a business revenue and expenditure structure as possible and by continually developing its own operations and systems.
In terms of revenue structure, the Group pursues a balanced customer portfolio such that the proportion of the Group´s business activities deriving from individual customers and industries does not become too large.
In terms of expenditure structure, the Group strives for a flexible expenditure structure such that outlays conform to seasonal variations in business activities.
The Group strives to minimise the agreement risks by harmonising the agreements as well as the processes of drafting and approving the agreements.
The Group continuously developes its core processes and information systems in order to be able to serve its customers competitively now and in the future.
It is the goal of theGroup to continuously develop the possibilities for the Group and the personnel to improve their own operating environment and to predict changes by developing procedures, systems, tools and personnel through many different means. Regular personnel satisfaction surveys, supervisor evaluations along with evaluations of key personnel, allow the prediction and minimization of possible human risks.
Information Security Risks
Information security is a constant part of the securing and developing of all operations of the Group. Information security and information security policy are the responsibilty of President and CEO and Group ExecutiveTeam.. They decide on the common information security policy of the Group. IT department is responsible for the development, supervision of the implementation and the maintenance of information security knowledge. In the end every administrator and user of the information systems and information networks is responsible for the implementation of information security. IT department is responsible for the protection of the information systems and for the information that they include.
The foundation of the implementation of the information security is the information security policy established by the Group.. The policy is available for all amployees and IT system users. The targets, responsibilities and methods of implementation of the Group´s and its subsidiaries' information security are defined in the information security policy.
The goal of the information security work is to secure the continuity of the Group´s operations and the uninterrupted functioning of the manual and automatic information systems that are important to the operations, to prevent the unauthorised use of the information and information systems, to prevent unintented or intented destruction or distortion of information and to minimise the possible damages. In addition to the protection of the information processing of normal times the Group also prepares for the threat situations that could interrupt the Group´s operations and for the recovery from these situations. The Group´s information, information systems and information system services are kept properly protected through administrative, technical and other measurements both during normal and unusual conditions. Every person handling company information is responsible for his/her part to take care of information security.
The achievement of information security goals is an ongoing process, which includes administrative, physical and technical resolutions. The information security risks are being investigated on regularly basis with a goal to identify the threats that endanger the operations, to recognise the vulnerable spots of the information systems and to estimate the losses in case some kind of threat materialises and to estimate the costs of reconstructing the information security in order to reduce the risks.
Significant indemnity risks to the Group are those related to the Group´s personnel, its assets, interruption of its operations and its liability risks.
The Group continuously pays attention to the security of its operations and to maintenance of proper working conditions. The company´s quality and enviromental systems are deemed to fulfil the requirements established for the ISO 9001:2008 and ISO 14001:2004 standards. In addition its occupational health and safety system is certified (OHSAS 18001:2008) as well.
All drivers and terminal workers have earned an occupational safety card.
The Group utilises deviation reporting.
In addition to statutory insurance coverage, the Group also has comprehensive property, business interruption and liability insurance coverage to minimise indemnity risks. In order to ensure that insurance policies offer comprehensive coverage and are priced competitively, the Group analyses its insurance coverage yearly using external experts as necessary.