Internal Control

The objective of internal controls at Neste is to provide reasonable assurance concerning the reliability of the financial and sustainability reporting.

Additionally, internal controls support the business in the achievement of its operational and strategic objectives by acting as performance accelerators in business processes.

The system of internal controls at Neste is based on the Committee of Sponsoring Organizations framework (the “COSO framework,” 2013). 

Neste’s internal control requirements are defined in the Neste Internal Control Principle, Access Risk Management Principle and related standards. 

Neste Internal Control function leads the Group-wide control development and monitors the internal controls throughout Neste. The Internal Controls function provides the necessary guidance for designing and performing the controls effectively.

The Board is responsible for ensuring that there is adequate control over the Company’s accounts and finances. Responsibility for arranging this control is delegated to the President and CEO, who is required to ensure that the Company’s accounts are in compliance with the law, and that its financial management has been reliably arranged.

The internal control at Neste is based on the corporate structure, whereby the operations are organized into organizational units. The heads of business areas and the finance function are responsible for establishing and maintaining appropriate, up-to-date, effective and adequate controls of financial and sustainability reporting. Operational management owns the risks and controls and is responsible for ensuring controls and deficiency-related corrective actions are implemented.

The Internal Control Principle emphasizes the importance of internal controls and clarifies the responsibilities of the Three Lines for establishing effective controls in business processes. Neste’s values and management system containing the formal Code of Conduct are the foundation of the control environment. The President and CEO and corporate management are responsible for emphasizing the importance of ethical principles and correct financial and sustainability reporting.

As a prerequisite for risk assessment, the organization’s objectives need to be established. 

With respect to financial reporting, the general objective is to have reliable reporting and ensure that transactions are recorded and reported completely and correctly. The assessment of risk includes risks related to fraud.

With the inclusion of the statutory sustainability reporting in the 2024 statements, additional risks and controls have been identified by the Double Materiality assessment.

More information about risk management principles is available in the Risk Management section of the Annual Report.

Neste control activities include instructions, guidelines and procedures to ensure that the actions identified by management to address the relevant risks are carried out effectively. The most important guidelines related to financial and sustainability reporting systems and practices are documented in the Neste Corporate Governance Policy, Neste Internal Control Principle, Access Risk Management Principle, the Controls over Financial and Sustainability Reporting Standard (COFR), Internal Control Process Standard, process charts, month end workflows and detailed Finance Instructions.

Key control activities are documented in a global control catalog covering each business or financial process. Group-level policies and guidelines are documented in the Neste Management System. The control catalog is maintained in SAP GRC, the platform used for internal control management.

Neste corporate-level communication practices support the completeness and correctness of financial and sustainability reporting. Neste personnel have access to adequate information and communication regarding accounting and reporting principles and control guidelines, including clarity on control responsibility and accountability. Sustainability reporting requirements and processes are communicated to the personnel, with emphasis to data correctness. The main means of communicating the relevant matters for appropriate financial and sustainability reporting consist of internal control training, detailed Finance Instructions containing accounting principles, sustainability manuals, guidelines for forecasting and reporting, information sessions, on-the-job training, process walkthroughs, and postings on internal channels and pages.

Neste business areas prepare regular financial and management reports for the management review, including analysis of and comments on financial performance. The Neste Leadership Team and the Board receive financial reports monthly. Interim reports, Financial statements and the Sustainability statement are reviewed at Audit Committee meetings, and thereafter by the Board.

The Audit Committee oversees the Company’s finances, financial reporting, statutory sustainability reporting, risk management, as well as the Internal Control and Internal Audit functions, as part of the Company’s corporate governance. Internal control deficiencies are communi cated in a timely manner to those parties responsible for taking corrective action, and to management and the Board’s Audit Committee as appropriate. 

The Internal Control function acts on behalf of the stakeholders to monitor the performance and assess the adequacy of the controls. Results are reported regularly to the Neste Leadership Team.

Corporate Internal Audit assesses the operational model and practices of internal control over Neste’s financial and sustainability reporting as part of business and process-level audits.