Internal audit within Mandatum Group is an independent and objective function whose primary task is to assess and enhance the adequacy, effectiveness, and maturity of the Group’s internal control, risk-management and governance processes. The purpose of the function is to ensure that the Group’s governance and control structures support the achievement of the business’s strategic objectives and meet regulatory requirements and standards of good governance. Internal audit operates as a Group-level function and reports directly to the Board of Directors of Mandatum plc and its Audit Committee, underscoring the independence of the function. Administratively, internal audit falls under the Group CEO, and the function is headed by the Group Chief Audit Executive, who is appointed by the Board of Directors of Mandatum plc.

The activities of internal audit are based on the Mandatum Group Internal Audit Policy, which is approved by the Board of Directors of Mandatum plc and adopted by the Boards of the Group companies holding regulatory authorisations. In line with the Policy, internal audit adheres, where applicable, to the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (IIA), thereby ensuring the quality of the function and its consistency with international practice. The function is subject to an external quality assessment every five years by an independent evaluator.

Audit activities follow a risk-based approach that takes into account the strategic priorities of the Group’s business and its most material risks. Internal audit 
prepares annual audit plans, which are approved by the Boards of each authorised Group company and confirmed by the Audit Committee of Mandatum plc. The plans are also provided  to the Group’s external auditor for information. Reporting occurs on a regular basis: internal audit reports on audits and follow-up activities at least twice a year to the Boards of the relevant companies and quarterly to the Audit Committee of Mandatum plc. The reports include information on significant findings and risks, particularly in situations where corrective actions have been delayed or not implemented.