The Norwegian Code of Practice for Corporate Governance - Statoil
The Norwegian Code of Practice for Corporate Governance - Statoil
The Norwegian Code of Practice for Corporate Governance - Statoil
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
10. Risk management and internal control<strong>The</strong> board <strong>of</strong> directors must ensure that the company has sound internalcontrol and systems <strong>for</strong> risk management that are appropriate in relationto the extent and nature <strong>of</strong> the company’s activities. Internal control andthe systems should also encompass the company’s corporate values,ethical guidelines and guidelines <strong>for</strong> corporate social responsibility.<strong>The</strong> board <strong>of</strong> directors should carry out an annual review <strong>of</strong> thecompany’s most important areas <strong>of</strong> exposure to risk and its internalcontrol arrangements.Commentary<strong>The</strong> board’s responsibility and objective <strong>for</strong> risk management and internalcontrolThis section <strong>of</strong> the <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> on risk management and internalcontrol is intended to clarify the supervision responsibilities <strong>of</strong> the board<strong>of</strong> directors.<strong>The</strong> objective <strong>for</strong> risk management and internal control is to manage, ratherthan eliminate, exposure to risks related to the successful conduct <strong>of</strong> thecompany’s business and to support the quality <strong>of</strong> its financial reporting.Effective risk management and good internal control contribute to securingshareholders’ investment in the company and the company’s assets.Internal control comprises guidelines, processes, duties, conduct and othermatters that:• facilitate targeted and effective operational arrangements <strong>for</strong> the companyand also make it possible to manage commercial risk, operationalrisk, the risk <strong>of</strong> breaching legislation and regulations as well as all other<strong>for</strong>ms <strong>of</strong> risk that may be material <strong>for</strong> achieving the company’s commercialobjectives.• contribute to ensuring the quality <strong>of</strong> internal and external reporting43 CORPORATE GOVERNANCE