Internal Audit reviews and evaluates the processes for risk management, governance and control in the Group with a focus on operative risks. Internal Audit is independent of business operations and reports to the Board of Directors. Internal Audit not only reviews ongoing business operations within the line organization but also the Group’s various functions for risk control. Internal Audit also acts in an advisory capacity to the business with respect to operative risks. Internal Audit’s work is based on an annual audit plan that takes as its starting point a risk-based evaluation of the business and the processes for risk management, governance and control in the Group. The plan defines the most probable risks and the goals for the audit. Internal Audit is governed by “Group Policy for the Internal Audit Function”.