Controls Main features of the internal control and risk management systems pertaining to the financial reporting processInternal control seeks to ensure the company’s compliance with applicable laws, regulations, Code of Conduct, and with other recommendations as well as the reliability of financial and operational reporting. Furthermore, internal control seeks to safeguard the assets of the company and to ensure overall effectiveness and efficiency of operations to meet strategic, operational, and financial targets. Internal control practices are aligned with the risk management process. The goal of risk management is to support strategy and achievement of targets by anticipating and reacting to potential business threats and opportunities.Vaisala’s operating model of internal control and risk management related to financial reporting provides assurance regarding the reliability of financial reporting and that the financial statements have been prepared in accordance with the applicable laws and regulations, accepted accounting principles (IFRS), and other requirements for listed companies. The principal components of internal control are control environment, risk assessment, control activities, communications, and monitoring.Control environmentThe Board of Directors has the overall responsibility for the internal control of financial reporting. The Board of Directors has established a written charter that clarifies its responsibilities and regulates the internal distribution of work of the Board of Directors and its committees. The Board of Directors has appointed the Audit Committee whose task is to ensure that established principles for financial reporting, risk management, and internal control are followed by and to enable appropriate external audit. The President and CEO is responsible for organizing an effective control environment and ongoing work on internal control as regards financial reporting. The internal audit reports all relevant issues to the Audit Committee and the President and CEO.Internal audit focuses on developing and enhancing controls related to financial reporting by proactively and consistently assessing the internal control environment and by monitoring the effectiveness of the control design. The most important internal steering instruments for financial reporting comprise the Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, Disclosure Policy, accounting policies, and other reporting instructions.Risk assessmentRisk assessment as regards financial reporting aims to identify and systematically evaluate the most significant threats at the levels of Vaisala, reporting segments, functions, and processes. As a result of risk assessment, the company defines control targets through which it seeks to ensure that the fundamental requirements placed on financial reporting are fulfilled. Information on the development of essential risk areas as well as reactions to the risks are communicated regularly to the Audit Committee.Control activitiesThe President and CEO is operationally responsible for internal controls. Internal control related to financial activities as well as to control of the business and the management has been integrated into Vaisala’s business processes. The company has defined and documented significant internal control activities related to its financial statements reporting process as part of business processes. Approval mechanisms, access rights, segregation of duties, authorizations, verifications, reconciliations, and follow-up of financial reporting are essential internal controls.All business units have their own defined controller function whose representatives participate in planning and evaluating the unit’s performance. They ensure that monthly and quarterly financial reporting follows the company’s policies and instructions and that all financial reporting is delivered on time. The management follows up on the achievement of targets through monthly management reporting routines. The Chief Financial Officer regularly reports the results of the internal control work and the efficiency of the control activities to the Audit Committee.CommunicationsVaisala seeks to ensure that the internal and external communication of the company is open, transparent, accurate, and timely. The Disclosure Policy defines how and when information should be given and by whom it is given. It also defines the accuracy and comprehensiveness of the information in order to fulfill the communication obligations. Code of Conduct, Approval Policy, Treasury Policy, Credit Policy, accounting policies, and reporting instructions as well as Disclosure Policy and Insider Policy are available on the company’s intranet.MonitoringThe Board of Directors, the Audit Committee, the President and CEO, and the internal audit monitor the effectiveness of internal control related to financial reporting. The monitoring includes follow-up of monthly financial reports, review of the rolling forecasts and plans, as well as reports from internal audit and auditors. Internal audit assesses the effectiveness of operations and adequacy of risk management and reports the risks and development areas related to the internal control processes. Internal audit compiles an annual audit plan and reports the status of the plan and findings regularly to the Audit Committee and the Leadership Team. Furthermore, the Chief Financial Officer, the General Counsel, the internal audit, and the auditor coordinate audit planning and monitoring regularly.General development measures in internal control and risk management in 2023In 2023, the internal audit carried out site, function, and process audits. Audits provided input to the continual improvement of processes and internal controls.Corporate Governance Statement 2023