Internal audit

UPM's internal audit assists the company in achieving its objectives by providing a systematic and disciplined approach to evaluate and improve risk management, internal control and governance processes.


Internal audit follows the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. The operating principles of internal audit have been defined in the Internal Audit Charter approved by the company’s Board of Directors and the Board monitors and assesses the effectiveness of the internal audit together with the Audit Committee. The Audit Committee approves annually the Internal Audit Function’s audit plan and budget which form the framework for the Internal Audit Function’s operations.

Internal audit work is independent and objective. Strategic focus areas and related risks of UPM businesses and functions are the key inputs for audit engagements. Internal audit identifies synergies, shares best practices and recommends improvements to operational efficiency. The scope of internal audit covers all businesses, functions, units and processes of the UPM Group.

In addition, Internal Audit Function manages the Report Misconduct channel and the related investigation process of alleged misconducts, and reports to the Audit Committee on submissions under this channel quarterly.

The Internal Audit Function operates administratively under the President and CEO and functionally under the Audit Committee and reports on conducted audits and related findings and recommendations to the Audit Committee, the President and CEO, the CFO, the management of the audited operations, and the external auditor. In addition, the Head of Internal Audit meets quarterly with the Audit Committee without other members of the management present.


​You may report your complaints or concerns relating to violations against the UPM Code of Conduct or any company policies thereunder to the head of internal audit and security director through this channel.