Description of the procedures for internal control and the main features of risk management systems

Internal control

The aim of internal control is to help to verify the efficiency, productiveness and reliability of the Group’s operations, and to confirm the compliance of operations with the law and other regulations. The Group’s internal control systems serve to verify that the financial reports issued by the Company give essentially correct information on the financial standing of the Group. The Group has determined for the key spheres of its operations Group-wide principles which form the basis for internal control.

Responsibility for the arrangement of internal control is held by the Board of Directors and by the President and CEO. Each member of the Board of Directors is sent a monthly report on the Group’s financial situation and operating environment. The Audit Committee of the Board of Directors oversees the effectiveness of internal control and the accuracy of the financial reporting. Responsibility for the performance of internal control is held by the operational organisation of the entire Group, in such a way that each Group employee is responsible to his or her supervisor at all times for the supervision of his or her sphere of responsibility.

Responsibility for the arrangement of internal control is held by the Board of Directors and by the President and CEO.

The content of the reporting process and compliance with regulations are the responsibility of the Group’s financial administration. The Group’s financial reporting process complies with the Group’s operational guidelines and process descriptions as well as control measures for ensuring the quality of reporting. The controls on the reporting process have been specified on the basis of a control risk assessment matrix for the process. The types of controls are, for example, system controls, specifications, or audits or actions carried out by management or another party. Responsible parties have been allocated for controls which are in charge of the implementation and effectiveness of the controls.

The interpretation and application of accounting standards has been consolidated in the hands of the Group’s financial administration, which maintains operating guidelines on financial reporting, process descriptions, calculation manuals and control mechanism descriptions, and which attends to the associated in-house communications. The Group’s financial administration also oversees compliance with these instructions and procedures. The monitoring of the budgeting and reporting processes is based on the Group’s reporting principles, for which the definition and centralised maintenance is the responsibility of the Group’s financial administration. The principles are applied uniformly throughout the Group and a standardised Group reporting system is in use.

Risk management

SATO’s risk management is based on the systematic risk assessment embodied in the strategic and annual planning process. Risk assessment also covers the risks of the financial reporting process. Business risks are categorised as strategic and operative risks as well as financing and market risks. The controls on the financial reporting process are specified on the basis of a separate survey of reporting process risks.

Responsibility for the arrangement of risk management is held by the Company’s Board of Directors and the CEO. The internal audit and internal control support the Board of Directors in performing its duty of supervision. The mission of the Audit Committee elected by the Board of Directors from among its membership is to assess the adequacy and appropriateness of risk management processes and risk management. The Audit Committee reports to the Board of Directors, which supervises the risk management.

Internal audit

Internal audit supports the Board of Directors in performing its duty of supervision.

The internal audit assesses, independently and systematically, the functionality, efficiency and appropriateness of the Group’s management and governance systems, as well as the business processes and risk management. In its reports, the internal audit makes recommendations for the improvement of systems and processes.

The duties of the internal audit were carried by Ernst & Young Oy. A review of the internal audit is sent once or twice a year to the Audit Committee and management. The internal audit reports are sent not only to the executive management but also to the Chairs of the Board of Directors and Audit Committee. The Audit Committee deals with the annual plan for internal auditing and the Board of Directors approves them. The subjects for auditing are selected in accordance with the Group’s strategic goals, estimated risks and priorities.

Audit

The annual general meeting elects a single auditor for the Company, which must be an auditing firm approved by the Central Chamber of Commerce. The auditor's term in office is the financial year and their duties end at the closing of the annual general meeting following the one at which they were elected.

The auditor for the financial year 1 January to 31 December 2016 was KPMG Oy Ab with Lasse Holopainen, M.Sc. (Econ.), APA as the auditor in charge. The audit checks the accounts, financial statements and administration of the Company and Group.

In 2016, the auditor was paid auditing fees of EUR 139 588. The auditor was also paid EUR 169 424 for other services (including all companies belonging to the same group or chain).

Related party transactions

A key employee included in the management of SATO Corporation is obligated to report in writing to the person in charge of related party issues any related party business that involves the key employee in question, their close family member or corporation in which said employee or their close family member hold authority or have prominent influence.

The report must be submitted for approval before completing the related party transaction. In the case of major transactions, the Board of Directors will make a decision on whether to accept the reported related party transaction. In the case of transactions that are part of SATO's regular business, or minor transactions valued less than EUR 10,000, the decision can be made by the Chair of the Board, the President and CEO or the CFO. Regulations concerning recusal due to the likelihood of bias are observed in decision making.

The closeness of the related party relations and the size of the transaction are taken into account, as well as any exceptions from market conditions, whether the transaction is part of SATO Group's daily business, whether there are financial grounds for the transaction and whether it is acceptable from the viewpoint of SATO Group.

Insider trading management

SATO’s rules concerning insider trading are based on the Market Abuse Regulation, the Finnish Securities Markets Act and they comply with the standards of the Financial Supervisory Authority and the guidelines of the Finnish and Irish stock exchanges where these apply to a party issuing listed bonds. The insider guidelines include, among other things, guidelines concerning SATO’s financial instruments. SATO does not keep a list of insiders. A project-specific list of insiders is based on a decision by the President and CEO or, if he/she is recused, the CFO. Insider information is in particular information that concerns the ability of SATO and the SATO Group to fulfil their commitments in respect of bond issues.