The leading principle of Netum’s risk management is continuous, systematic and preventive action to identify risks, to define an acceptable risk level, to evaluate and manage risks as well as, in the event of realised risks, to efficiently mitigate them.
Netum Group Plc’s Board of Directors confirms the risk management principles and evaluates the adequacy and appropriateness of risk management. The CEO retains overall responsibility for the Group’s risk management and organising it. Internal control of the Group is implemented by the Board of Directors together with the CEO. The company has a reporting system for internal control with which information on the Group’s businesses and subsidiaries is produced.
The Group has no separate internal audit organisation, as it has not been deemed necessary considering the scope of operations. Internal audit is based on procedures and reporting done on different levels of the organisation in the subsidiaries. The management system (TTHJ) based on the information security standard ISO 27001 has for over 10 years been an important risk management tool at Netum. The company’s information security and risk management are annually audited by Inspecta Sertifiointi.