Internal Control & Risk Management

Securing a profitable performance


Internal control is carried out by the board of directors, management, and the entire workforce of the company, so that it is reasonable to assert that:

  • the operations are running smoothly, efficiently, and in accordance with the strategy;
  • the financial reporting and information provided to management are reliable, adequate, and timely;
  • applicable laws and regulations, as well as internal company instructions and ethical values, are all in order.

The following structural elements are present in the company’s internal control:

  • the board of directors’ instructions and principles for internal control, risk management, and administration;
  • the implementation and application of instructions and principles, which fall under management supervision;
  • control of the financial department’s efficiency and functionality, as well as the dependability of financial and management reporting;
  • the company’s risk management process, which aims to identify, assess, and reduce risks that threaten goal achievement;
  • compliance processes, the goal of which is to ensure that all applicable laws, regulations, internal instructions, and ethical values are followed by all employees, with common ethical values and a strong internal control culture.

Risk Management

The goal of risk management is to secure M. Demajo Group’s profitable performance and business continuity by implementing risk management in the company’s various functions in a cost-effective and systematic manner. Risk management is an important component of the company’s strategic and operational planning, daily decision-making, and internal control.

The company follows a risk management policy that has been approved by the company’s Board of Directors. This encompasses all activities related to the achievement and consistency of objectives with the strategy, as well as the identification, measurement, assessment, processing, reporting, and control of and response to risks.

In conjunction with the strategy process and annual planning, the CEO and members of the management team assess business risks that could prevent or jeopardise the group’s strategic results and objectives. The committees conduct risk assessments of their own operations to aid the strategy process, while the directors of the units provide assessments of the risks in their respective areas of responsibility, as well as action plans for risk management. Changes in strategic and operational risks are discussed between management.


The CEO of the company reports the identified risks to the Audit Committee and the Board of Directors, as well as any risk mitigation actions that have been planned and implemented. The company then discloses the major risks and uncertainties that the board is aware of, as well as the principles that guide risk management.

Control Activities

Internal control exists to ensure that business operations are efficient and profitable, financial reporting is reliable, and applicable laws and regulations for the company’s business, as well as internal company instructions, are followed. Internal controls over financial reporting’s specific goal i ensure that interim reports, earnings releases, and other financial reporting made available to the public, as well as financial statements and annual reports, are reliable and prepared in accordance with the company’s accounting and reporting principles.

The company’s audit committee is in charge of monitoring the financial statement preparation and financial reporting processes, as well as the effectiveness of the company’s internal control and risk management processes, according to its working order.

The CEO is operationally responsible for the organisation’s internal control, which includes the company designing and implementing adequate and relevant mechanisms as specified in the board-approved operating principles. Apart from this, the CEO, assisted by the management team, is also responsible for ensuring that the company operates in accordance with agreed-upon and defined principles, adheres to laws and regulations, and responds to identified exceptions by taking appropriate corrective actions.


The authority of the board, the CEO, and other members of the management team are responsible for addressing situations in which authorisations may be required for annual accounts, budgets, remuneration, investments, acquisitions, financing, and one-time transactions.