The company has developed and implemented a comprehensive internal control system that covers business and financial reporting processes. UPM’s internal control framework is based on the internal control framework issued by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). The framework was originally published in 1992 and it is internationally recognised guidance for designing, implementing and conducting internal control, and assessing its effectiveness. During 2014, UPM transitioned to the updated COSO 2013 framework. The five components of UPM’s internal control system are:
UPM’s system of internal control can be described with the lines of defense model, which is reflected in UPM’s risk management and control processes.
UPM’s risk management process includes the following phases:
The company’s annual risk management process is linked to the company’s long-term planning process (LTP) as presented in the illustration below.
Internal audit supports the management in its responsibilities for
Further information on the company’s internal control, risk management and internal audit is available under respective sections.