Nordea's business is audited, internally as well as externally.
Group Internal Audit (GIA) is an independent function commissioned by the Board. The Board Audit Committee (BAC) is responsible for guidance on and evaluation of GIA within the Nordea Group. The Group Chief Audit Executive (CAE) has the overall responsibility for GIA. The CAE reports on a functional basis to the Board and the BAC and reports on an administrative basis to the Group CEO. The Board approves the appointment and dismissal of the CAE and decides, on proposal from the Board Remuneration Committee, on salary and other employment terms and conditions for the CAE.
The purpose of GIA is to support the Board and Group Leadership Team (GLT) in protecting the assets, reputation and sustainability of the organisation. GIA does this by assessing whether all significant risks are identified and appropriately reported by management and the risk functions to the Board, its committees and GLT by assessing whether all significant risks are adequately controlled and by challenging GLT to improve the effectiveness of governance, risk management and internal controls.
GIA does not engage in consulting activity unless otherwise instructed by the BAC.
All activities and entities of the Nordea Group fall within the scope of GIA. GIA makes a risk based decision as to which areas within its scope should be included in the audit plan approved by the Board.
GIA shall operate free from interference in determining the scope of internal auditing, in performing its audit work, and in communicating its results. This means for example that GIA, via the CAE, is authorised to inform the financial supervisory authorities on any matter without further approval. The CAE has unrestricted access to the Group CEO and Chairman of the BAC, and should meet with the Chairman of the BAC informally and formally throughout the year, including without the presence of executive management. GIA is authorised to carry out all investigations and obtain all information required to discharge its duties. This includes the right to sufficient and timely access to the organisation’s records, systems, premises and staff. GIA has the right to attend and observe Board Committees, GLT, overall committees and fora for the Nordea Group and other key management decision-making fora when relevant and necessary.
Updated: February 2020
Internal control framework
The Board is responsible for setting and overseeing an adequate and effective Internal Control Framework. The Internal Control Framework includes the control functions and the Risk Management Framework and covers the whole Nordea Group.
The Internal Control Framework is designed to ensure effective and efficient operations, adequate identification, measurement and mitigation of risks, prudent conduct of business, sound administrative and accounting procedures, reliability of financial and non-financial information reported or disclosed (both internally and externally) and that compliance risk stays within risk appetite.
The internal control process is carried out by the Board, senior management, risk management functions and other staff at Nordea and is based on five main components: control environment, risk assessment, control activities, information and communication as well as monitoring. The internal control process aims to create the necessary fundamentals for the entire organisation to contribute to the effectiveness and high quality of internal control through, for instance, clear definitions, assignments of roles and responsibilities and common tools and procedures.
Roles and responsibilities with respect to internal control and risk management are divided into three lines of defence. In the first line of defence, the business organisation and group functions are risk owners, and thus responsible for conducting their business within risk exposure limits and the risk appetite and in accordance with the Internal Control Framework.
As a second line of defence, the control functions are responsible for maintaining the Internal Control Framework and for monitoring the implementation of the policies and
procedures within this framework. The Risk Function oversees the implementation of the risk policies and controls the Risk Management Framework and shall among other things ensure that all risks to which Nordea is or could become exposed are identified, assessed, monitored, managed and reported. Group Compliance is responsible for creating a common internal control framework that ensures compliance with applicable laws, regulations, standards, supervisoryrequirements and related internal rules, as well as providing training, advice, monitoring and ensuring compliance matters are adequately communicated and adhered to by management. Group Compliance is responsible for identifying compliance risks and performing monitoring and control to ensure that the risks are managed by the relevant functions. Group Compliance activities shall be decided and conducted according to a risk-based approach. The responsibilities and mandates are described in more detail in the “Group Board Directive for the second line of defence risk function” and in the “Group Board Directive on Group Compliance”.
GIA, which is the third line of defence, performs audits and provides the Board with an assessment of the overall effectiveness of the governance and risk and control framework, together with an analysis of themes and trends emerging from internal audit work and their impact on the organisation’s risk profile.
Updated: February 2020
According to the Articles of Association, the auditor of Nordea Bank Abp shall be an audit firm with the auditor-in-charge being an Authorized Public Accountant (APA). The term of office for the auditor expires at the end of the annual general meeting following the election.
The current auditor of Nordea Bank Abp is PricewaterhouseCoopers Oy. Mr. Juha Wahlroos, APA, has been assigned as the auditor-in-charge.
Updated: February 2019
Auditor's fees of Nordea Bank Abp
|Audit-related services 1||-1||-1|
|Tax advisory services||-||0|
|Other assignments 1||-1||-1|
1) Of which Audit-related services EUR 0.1m (EUR 0.1m) and Other assignments EUR 0.4m (EUR 0.5m) to PricewaterhouseCoopers Oy.
Source: Annual Report 2019 of Nordea Bank Abp