Risk management and internal control

HomeInvestorsGovernanceRisk management and internal control

Risk management

Canatu’s risk management is a systematic process designed to ensure comprehensive and appropriate identification, assessment, management, and monitoring of risks and contingency plans. The objective is to facilitate the successful execution of the company’s strategy, achieve sustainability targets, maintain high customer loyalty and talent retention, ensure profitability, and safeguard business continuity and shareholder value against all identifiable risks. This involves monitoring and mitigating threats and risks while also identifying and managing opportunities.

Canatu’s Board of Directors is responsible for establishing the company’s risk management principles, approving the risk management policy, and setting the level of risk appetite. The CEO has overall responsibility for the company’s risk management, and each member of the Management Team manages risks within their respective areas. The CFO organises the company’s risk management efforts, leads the risk management function, and regularly reports to the Board of Directors on risks and risk management measures.

Internal control

Canatu’s internal control framework aims to provide reasonable assurance regarding effectiveness and efficiency of operations, the achievement of operational and financial performance objectives, the protection of assets against loss, reliable and transparent reporting as well as compliance with applicable laws and regulations.

The internal control framework is applicable to all business areas and functions across every organisational level, including services and functions outsourced to third parties by Canatu.

Responsibilities for control activities are distributed among various roles, focusing on identification of risks associated with business processes and supporting functions to determine appropriate responses and control measures.

Due to the nature and scale of the company’s business, Canatu has no separate internal audit function. Instead, the function is replaced with an (outsourced) extended audit in connection with the statutory audit.

Whistleblowing

Canatu has a procedure for employees to report suspected breaches of financial securities market regulation through an independent channel. The company has established a Whistleblowing Channel for these purposes. The company’s employees may report violations by filling a form available on the company’s Sharepoint site. The Whistleblowing Channel is designed to protect a whistleblower’s identity when a report is made. If the whistleblower does not disclose their identity when making the report, they will stay anonymous throughout the whole process. The company will not attempt to find out their identity in any way.