Citycon's internal control includes financial and other control. Internal control is carried out in-house by the senior and executive management as well as by all other personnel. Due effort is made to promote, within the company, the creation of a corporate culture which accepts internal control as a normal and necessary part of everyday business. Citycon uses the internationally known COSO framework as the framework for its internal control.

Internal control is intended to ensure the following:

  • the attainment of any goals and objectives set
  • the economical and efficient use of resources
  • the sufficient management of risks associated with business
  • the reliability and accuracy of financial and other management information
  • compliance with external regulations and internal procedures as well as with appropriate procedures in customer relationships
  • safeguarding operations, information and the company's assets
  • sufficient and appropriate data systems and work processes supporting operations.

The company's Board of Directors is responsible for arranging and maintaining adequate and functional internal control. It is the CEO's duty to attend to the implementation of practical actions ragarding internal control. The CEO must maintain an organisational structure in which responsibilities, authorisations and reporting relationships are clearly and comprehensively defined in writing. The company's employees have written job descriptions defining authorisations as well as relationships of responsibility and reporting. A member of the company's personnel may not, as a representative of the company, deal as a counterparty with any business of their own or that of any persons closely related to them, or otherwise influence or participate in decision-making concerning such business.

The various sub-fields of the business are assigned quantitative and qualitative targets in accordance with the business plan, and the achievement of said targets is supervised. Reporting to the management is prepared separately from, and independently of, the business sector. The company has appropriate and reliable accounting and other data systems in place to monitor business activities and supervise treasury operations. The attainment of the set targets is monitored using a planning and reporting system in use throughout the Group, which is used to monitor both actual performance and forecasts. The system also serves as a tool for budgeting.

The CEO and the members of the company's Corporate Management Committee are responsible for ensuring that currently valid laws and regulations are complied with in the Group's everyday business, as well as the company's business principles and the decisions of the Board of Directors.

Any shortcomings and items for improvement identified in the business operations by internal control or by any other means are documented and reported to the CEO, who must initiate any action necessitated by such observations without delay.