Internal control process

The Internal control process is a process, carried out by the Board of Directors, management and other personnel within Nordea, designed to provide reasonable assurance regarding the achievement of objectives in terms of effectiveness and efficiency of operations, reliability of operational and financial reporting, compliance with external and internal regulations, and safeguarding of assets, including sufficient management of risks in operations.

The Internal control process is based on the Control Environment, Risk and Control Assessment, Control Activities, Information & Communication and Monitoring.

The framework for Internal control process aims at creating the necessary preconditions for the whole organisation to contribute to the effectiveness and the high quality of internal control, through eg clear definitions, assignments of roles and responsibilities as well as common tools and procedures.

Roles and responsibilities in respect of internal control and risk management are divided in three lines of defence. In the first line of defence, the business organisation and Group Functions are responsible for operating its business within limits for risk exposure and in accordance with decided framework for internal control and risk management. As second line of defence, the centralised risk group functions are responsible for providing the framework of internal control and risk management. Group Internal Audit performs audits and provides assurance to stakeholders on internal controls and risk management processes, which is the third line of defence.

See the illustration of Internal control processOpens new window

Updated: February 2013
Source: Annual Report 2012