Internal control

Internal control is a key element in sound risk management, and Statkraft is focusing on further devel-opment of internal control. The overall management system, "The Statkraft Way", defines the Group's guidelines and contributes to a sound control environment for fulfilling the management's goals. Inter-nal control requirements have been incorporated into HSE, ethics, ICT, corporate responsibility and financial reporting.

Internal control over financial reporting

The system for internal control over financial reporting contributes to trustworthy and timely financial information in Statkraft's reports, and is based on the COSO frameworks for internal control, published by the Committee of Sponsoring Organizations of the Treadway Commission.

All subsidiaries, joint ventures and joint operations are required to comply with the internal control system as described in "The Statkraft Way" and the Group's finance manual.

The board of Statkraft has the overall responsibility for ensuring that the Group has a well-functioning internal control system. The main elements of the internal control system are risk assessment, control measures, self-evaluation, reporting and continuous exercise of control and compliance follow-up.

The financial management prepares an annual risk map which is presented to the Group Management and the audit committee. Business and support processes for handling the inherent risk are identified on the basis of the Group's risk map.

Risk is handled on a more detailed level and the necessary control measures are defined when the overall risk assessment is available and the processes for handling risks have been identified. The control descriptions are available to all employees in the Group's financial manual.

An annual self-evaluation is prepared of how the control measures were implemented and documented throughout the entire accounting year. The result of the evaluation is presented to the Group management and the audit committee with the annual accounts.

Internal control is normally reported twice annually to the Group management and the board in the form of the Group's financial risk map and the result of the self-evaluation.

The control descriptions define how often each individual control measure must be performed and who is responsible. The controls take place continuously throughout the fiscal year and the managers are responsible for ensuring that the controls are carried out as part of the daily operations