Skip to Content

Internal Control

Neste establishes internal control procedures across the business operations in order to provide a reasonable assurance and mitigation of risks that may adversely affect the reliability of financial information, prevention of fraud, compliance with external laws and internal policies, and effectiveness and efficiency of operations.

Internal control procedures established in business operations contain, inter alia, policies and instructions, risk identification and related process control to mitigate risk, segregation of duties including authorization management, day-to-day supervisory controls and monitoring to ascertain these procedures are present and functioning.

The Three Lines Model is implemented to ensure there are adequate controls to manage the risk of adverse effect to business objectives from any major setback. The first line, operational management, owns the risks and controls and is therefore responsible that controls and deficiency related corrective actions are implemented.

Functions that oversee risks and control implementation constitute the second line, thus providing additional assurance to the stakeholders. 

Internal Audit provides independent assurance and constitutes the third line. In addition, external auditors provide assurance on the financial statements.

Neste has set up an internal control function, Neste Internal Control, to provide additional assurance and lead the group-wide internal control development and monitoring. Neste Internal Control provides insight in designing and implementing effective controls, by keeping in view all relevant financial and operational risks and mitigation parameters. The Internal Control function provides the necessary guidance and training for defining and documenting the controls. It monitors the adequacy and effectiveness of controls by utilizing technology for Continuous Control Monitoring and it reports the control assessment results to the Neste Leadership Team and Audit Committee.

Internal Control function activities follow COSO* principles and its elements of internal control framework: 1. Control Environment; 2. Risk Assessment; 3. Control Activities; 4. Monitoring; and, 5. Information and Communication. Internal Control Framework is being completed with the sustainability controls, following the CSRD requirements and guidelines provided by COSO Sustainability Supplement on ICSR.

*COSO is The Committee of Sponsoring Organizations of the Treadway Commission and referred to by many companies worldwide for thought leadership in development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. COSO is established by The Institute of Internal Auditors, The Association of Accountants and Financial Professionals in Business, American Accounting Association, American Institute of Certified Public Accountants, and Financial Executives International.

Controls over Financial Reporting

Objectives

Control environment

Risk assessment

Control activities

Information and communication

Monitoring

Share this