Nordea's business is audited, internally as well as externally.
Group Internal Audit (GIA) is an independent function commissioned by the Board of Directors. The Board Audit Committee is responsible for guidance on and evaluation of GIA within the Nordea Group. The Group Chief Audit Executive (CAE) has the overall responsibility for GIA. The CAE reports on a functional basis to the Board of Directors and the Board Audit Committee and reports on an administrative basis to the Group CEO. The Board of Directors approves the appointment and dismissal of the CAE and decides, on proposal from its Remuneration Committee, on salary and other employment terms and conditions for the CAE.
The purpose of GIA is to support the Board of Directors and GEM in protecting the assets, reputation and sustainability of the organisation. GIA does this by assessing whether all significant risks are identified and appropriately reported by management and the risk functions to the Group Board, its committees and GEM; by assessing whether all significant risks are adequately controlled; and by challenging GEM to improve the effectiveness of governance, risk management and internal controls.
GIA does not engage in consulting activity unless otherwise instructed by the Board Audit Committee.
All activities and entities of the Group fall within the scope of GIA. GIA makes a risk based decision as to which areas within its scope should be included in the audit plan approved by the Group Board.
GIA shall operate free from interference in determining the scope of internal auditing, in performing its audit work, and in communicating its results. This means for example that GIA, via the CAE, is authorised to inform the financial supervisory authorities on any matter without further approval. The CAE has unrestricted access to the Group CEO and Chairman of the BAC, and should meet with the Chairman of the BAC informally and formally throughout the year, including without the presence of executive management. GIA is authorised to carry out all investigations and obtain all information required to discharge its duties. This includes the right to sufficient and timely access to the organisation’s records, systems, premises and staff. GIA has the right to attend and observe Group Board committees, GEM, overall committees and fora for the Nordea Group and other key management decision-making fora when relevant and necessary.
Updated: October 2018
Internal control framework
The Board of Directors is responsible for setting and overseeing an adequate and effective Internal Control Framework. The Internal Control Framework includes the control functions and the Risk Management Framework and covers the whole Group.
The Internal Control Framework is designed to ensure effective and efficient operations, adequate identification, measurement and mitigation of risks, prudent conduct of business, sound administrative and accounting procedures, reliability of financial and non-financial information reported or disclosed (both internally and externally) and compliance with laws, regulations, supervisory requirements and the Nordea Group Internal Rules.
The internal control process is carried out by the Board of Directors, senior management, risk management functions and other staff at Nordea and is based on five main components: control environment, risk assessment, control activities, information and communication as well as monitoring. The internal control process aims to create the necessary fundamentals for the entire organisation to contribute to the effectiveness and high quality of internal control through, for instance, clear definitions, assignments of roles and responsibilities and common tools and procedures.
Roles and responsibilities in respect of internal control and risk management are divided into three lines of defence. In the first line of defence, the business organisation and Group Functions are risk owners, and thus responsible for conductiong their business within risk exposure limits and risk appetite and in accordance with the Internal Control Framework.
As second line of defence, the control functions are responsible for maintaining the Internal Control Framework and for monitoring the implementation of the policies and procedures within this Framework. Group Risk Management and Control (GRMC) is responsible for identifying, measuring, monitoring and reporting on all risks. Group Compliance is responsible for ensuring and monitoring compliance with internal and external rules and for establishing policies and processes to manage compliance risks and to ensure compliance.
GIA, which is the third line of defense, performs audits and provides the Board of Directors with an assessment of the overall effectiveness of the governance, and risk and risk control framework, together with an analysis of themes and trends emerging from internal audit work and their impact on the organisation's risk profile.
Updated: October 2018
Nordea Bank Abp has an auditor that the Annual General Meeting selects based on the proposal by the Board of Directors, which takes into account the recommendation by the Board Audit Committee. The auditor shall be an audit firm the responsible auditor of which shall be an Authorized Public Accountant (APA/KHT). The term of office for the auditor expires at the end of the annual general meeting following the election.
The annual general meeting decides on the auditing fees payable to the auditor.
The auditor of Nordea Bank Abp is PricewaterhouseCoopers Oy, Authorized Public Accountants (APA) and Mr. Juha Wahlroos, APA, has been assigned as the auditor in charge.
Updated: October 2018
Auditor's fees of Nordea Bank AB (publ)
|Tax advisory services||-1|
Source: Annual Report 2017 of Nordea Bank AB (publ)