Fortum's internal control framework supports the execution of the strategy and ensures regulatory compliance and reliability of the financial reporting. The internal control framework consists of Group-level policies and processes as well as business and support process-level controls.
Corporate Risk Management is responsible for reporting risk exposures and maintaining the company's risk management framework.
Corporate Accounting and Control is responsible for the overall control structure of the financial performance
management process. The control process is based on Group instructions and guidelines relating to financial reporting. The Controllers Manual contains financial reporting instructions. This manual is regularly reviewed and updated. The finance process management supports the finance organisation in ensuring a uniform way of working and monitoring the performance of the processes within the Finance function.
Fortum's organisation is decentralised, and a substantial degree of authority and responsibility is delegated to the divisions in form of control responsibilities. Fortum’s control governance follows the so-called “Three lines of defense” –model, see picture “Fortum's Control Governance” .