The Internal Control Framework covers the whole Group and includes Group Board, Group CEO and senior executive management responsibilities regarding internal control, all Group functions and business areas, including outsourced activities and distribution channels. Under the Internal Control Framework, all business areas, Group functions and units are responsible for managing the risks they incur when conducting their activities and for having controls in place that aim to ensure compliance with internal and external requirements.
As part of the Internal Control Framework, Nordea has established Group control functions with appropriate and sufficient authority, independence and access to the Group Board to fulfil their mission in line with the Risk Management Framework. The Internal Control Framework ensures effective and efficient operations, adequate identification, measurement and mitigation of risks, prudent conduct of business, sound administrative and accounting procedures, reliability of financial and non-financial information (both internal and external) and compliance with applicable laws, regulations, standards, supervisory requirements and the Group internal rules.
Group Internal Audit (GIA) is an independent function commissioned by the Board. The Board Audit Committee (BAC) is responsible for monitoring the effectiveness of GIA within the Nordea Group. The Chief Audit Executive (CAE) has the overall responsibility for GIA. The CAE reports on a functional basis to the Board and the BAC and reports on an administrative basis to the President and Group CEO. The Board approves the appointment and dismissal of the CAE.
The purpose of GIA is to support the Board and the GLT in protecting the assets, reputation and sustainability of the organisation. GIA does this by assessing whether all significant risks are identified and appropriately reported by management and the risk functions to the Board, its committees and the GLT, by assessing whether all significant risks are adequately controlled and by challenging the GLT to improve the effectiveness of governance, risk management and internal controls. GIA does not engage in consulting activities unless approved by the BAC. Consulting activities are the range of services, beyond assurance services, performed specifically at the request of management for a pre-defined scope and provided to assist management in meeting its objectives.
All activities and subsidiaries of the Group fall within the scope of GIA. GIA makes a risk-based proposal as to which areas within its scope should be included in the audit plan which is approved by the Board. GIA operates free from interference in determining the scope of internal auditing, in performing its audit work and in communicating its results. This means for example that GIA, via the CAE, is authorised to inform the financial supervisory authorities of any matter without further approval.
The CAE has unrestricted access to the President and Group CEO and the Chair of the BAC and should meet with the Chair of the BAC throughout the year, including without the presence of executive management. GIA is authorised to conduct investigations and obtain any information required to discharge its duties. This includes the right to sufficient and timely access to the organisation’s records, systems, premises and staff. GIA has the right to attend and observe the meetings of the Board committees, the GLT, Nordea Group committees and forums in general and other key management decision-making forums when relevant and necessary
According to the Articles of Association, the auditor of Nordea must be an audit firm with the auditor in charge being an authorised public accountant. The term of office of the auditor expires at the end of the Annual General Meeting following the election. The current auditor of Nordea is PricewaterhouseCoopers Oy. Jukka Paunonen, Authorised Public Accountant, has been the auditor in charge since the 2023 Annual General Meeting.
The 2024 Annual General Meeting further elected PricewaterhouseCoopers Oy as the assurer of Nordea’s sustainability reporting for the period until the end of the 2025 Annual General Meeting. Authorised sustainability auditor Jukka Paunonen acts as the responsible sustainability reporting auditor. Further information about the fees paid for audit services and non-audit services is presented in Note G2.7 “Other expenses” on page 209 in the Annual Report.