The group internal audit function reviews the group operations and makes proposals aiming at improving the internal control environment as well as efficiency in processes and systems. Through operational reviews, a systematic and disciplined approach is used to evaluate and improve the effectiveness of governance within the group.
The direction of the work of the internal audit function is stated in the annual audit plan. In order to reflect the overall business objectives and risks, the audit plan is aligned with the group business plan and strategy. The audit plan determines priorities and resource allocation. It is approved by the Audit and Responsible Business Committee and presented to the external auditors on an annual basis. Within the audit plan, the detailed audit assignments are defined on a quarterly basis. The quarterly audit assignments are discussed with the external auditors in order to share risk assessments and audit findings.
In 2017, audits were performed in group functions and all countries. Important focus areas were:
- Transformation to New Generation Telco
- Information security
- Customer data privacy
- Supply chain and outsourced business
- Talent management
- Sustainable business
The Head of Group Internal Audit reports administratively to the Head of CEO Office; Strategy & Combined Assurance, and functionally to the Audit and Responsible Business Committee. The results from each specific audit assignment are reported to the line manager responsible for the audited area or unit, and in addition to the relevant function-related area manager and to the external auditors. A summary of audit findings is reported to the Committee on a quarterly basis.