UPM's internal audit assists the company in achieving its objectives by providing a systematic and disciplined approach to evaluate and improve risk management, internal control and governance processes.
Internal audit follows the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. The operating principles of internal audit have been defined in the Internal Audit Charter approved by the Audit Committee, and the Board of Directors monitors and assesses the effectiveness of the internal audit together with the Audit Committee. The Audit Committee approves annually the Internal Audit function’s audit plan and budget which form the framework for the Internal Audit function’s operations.
Internal audit work is independent and objective. Strategic focus areas and related risks of UPM businesses and functions are the key inputs for audit engagements. Internal audit contributes to identifying synergies and sharing best practices and recommends improvements to operational efficiency. The scope of internal audit covers all businesses, functions, units and processes of the UPM Group.
In addition, Internal Audit function manages the Report Misconduct channel and the related investigation process of alleged misconducts, and reports to the Audit Committee on submissions under this channel quarterly. In order to strengthen the speak-up culture and to harmonise the company’s procedures, principles, roles and responsibilities with regard to reporting and investigation of misconduct and other concerns, the company’s misconduct investigation protocol was updated in 2018.
The Internal Audit function operates administratively under the President and CEO and functionally under the Audit Committee, and reports on conducted audits and related findings and recommendations to the Audit Committee, the President and CEO, the CFO, the management of the audited operations, and the external auditor. In addition, the Head of Internal Audit attends all Audit Committee meetings, and has quarterly sessions with the committee members without other members of management present.
