Risk management and internal audit system
The Group's risk management is guided by legal requirements, business requirements set by the shareholders as well as the expectations of the customers, personnel and other important stakeholders. The goal of risk management is to systematically and extensively identify and acknowledge the risks involved in the company's operations as well as to make sure that the risks are appropriately managed when making business decisions.
The company’s risk management supports the attainment of strategic goals and ensures the continuity of business operations. Basware takes risks that are a natural part of its strategy and objectives. The company is not ready to take risks that might endanger the continuity of operations or that are uncontrollable or that can significantly harm the company’s operations.
In accordance with the company's risk management policy, risks are divided into six categories: risks related to business operations, products, personnel as well as legal, financial and data security risks. Responsibilities of risk management follow the distribution of liability throughout the organization and operations. Each group has a designated person in charge. In the process of risk management, the goal is to identify and evaluate the risks, after which a risk-specific plan is drawn up and concrete action is taken. Such actions may include avoiding the risk, diminishing the risk by different means or transferring the risk by insurance or agreements. The company has created a crisis communication plan as a part of its risk management process.
In accordance with Basware's risk management process, the Board of Directors receives an annual report of the most significant risks discovered during the assessment of risks. The Board analyses the risks from the point of view of shareholder value. According to the reporting conforming to the risk management process, the most significant risks in 2014 that have come to the Board's knowledge are associated with the company's ability to invest in the growth of its e-invoicing business as well as launching of the new financing services, maintaining the company's competitiveness and ensuring the product leadership of Alusta-based solutions, ensuring the production quality, continuity, and compliance of the growing service business, improving new customer acquisition and increasing the transaction volume of the e-invoicing business, developing products and services that support scalable business and distribution methods and related support processes, information systems and organization, successful preparation and implementation of merger and acquisition projects, strengthening the intellectual property right position as well as the measurement and impairment testing of significant balance sheet items.
Internal control is a process performed by the organization's Board of Directors, acting management and other employees to obtain a reasonable certainty of the attainment of goals. The framework of internal control at Basware is based on the international COSO model published by the Committee of Sponsoring Organizations of the Treadway Commission.
The goal of Basware's internal control is to support the implementation of the Group strategy and ensure compliance with regulations. The system is based on Group-level policies, guidelines and processes and controls of business operations and support processes. Basware's strong ethics, values and operating culture form the basis of the internal control system. The operating culture is being built by the steering and control of the company's operations by the Board of Directors, the management methods of the company's management, the company's organizational structure and management system, effective utilization of global information system as well as the employees' competence and development. The company uses a global HR system.
The Group's centralized financial administration center and group accounting as well as controlling function, operating under the CFO, are responsible for the overall control system of financial reporting. Harmonized methods of financial reporting are applied in all Group companies, utilizing a uniform ERP system and harmonized account scheme, and also software for electronic procurement management, purchase invoices and travel expense reports and financial management. The entire Group applies the International Financial Reporting Standards (IFRS).
The risk management process includes an annual identification and analysis of risks related to financial reporting. In addition, the aim is to analyze and report all new risks immediately after they have been identified. Taking into account the quality and extent of the Group's business operations, the most significant risks associated with the reliability of financial reporting are associated with revenue recognition, processing of bad debt reservation, capitalization of product development expenses, appreciation of goodwill and intangible assets, and deferred tax assets.