Internal audit

Internal Audit is a function, independent of business operations, which evaluates the efficiency and effectiveness as well as the maturity of the internal control system within Sampo Group. The function helps the organisation to accomplish its objectives by a systematic, disciplined approach to evaluate and improve the effectiveness of the risk management, control and governance processes. The Group function is organised under the Board of Directors of Sampo plc and it reports to Sampo plc’s Board and Audit Committee. It is managed by the Group Chief Audit Executive, who is appointed by the Board of Directors of Sampo plc. Internal audit functions are established in each subgroup and legal entities as regulations demand and approved by the respective Board of Directors or equivalent.

The work is carried out in accordance with the Sampo Group Internal Audit Policy, approved by the Board of Directors of each Group company. According to the Policy, the Internal Audit applies as applicable the mandatory guidance of the Institute of Internal Auditors as applicable.

The Internal Audit establishes an internal audit activity plan for the regulated companies. A period for the activity planning may be defined in the subgroups. The plans are updated annually and approved by the Board of Directors in the respective legal entity . The plans of the subgroups are presented for Sampo plc’s Audit Committee’s information. The approach is risk based considering relevant focus areas. The External Audit is informed about the internal audit activity plans.

The Internal Audit function reports on the audits and follow-up activities performed to the Board of Directors of the legal entities, and to Sampo plc’s Audit Committee. Company-specific audit observations are reported to the respective companies’ management. Furthermore, the function submits activity reports to Sampo plc’s Audit Committee and the Board of Directors in all regulated entities at least twice a year. These reports include any significant deficiencies detected, including follow-up issues related to the risks not been mitigated or remedied according to the agreed action plans. In addition, an annual internal audit report is issued for Sampo Group.

The Group Chief Audit Executive is responsible for ensuring that a quality assurance and improvement programme is established in the internal audit functions. The results are reported to Sampo plc’s Audit Committee.