External Auditing

The City Council must establish an audit committee to arrange audits of the administration and finances during the years of the council’s term (Section 121 of the Local Government Act).

The duties of the Audit Committee are specified in the Local Government Act. The Audit Committee prepares matters regarding administration and finances for the decision of the City Council, such as auditor selection, processing of the audit report, statement on the acceptability of the financial statement, and the granting or refusal of discharge from liability.

The Audit Committee annually prepares an assessment report, which is processed by the City Council in May.  The report assesses the city’s financial statement and the realisation of the operative and financial goals. The assessment report also specifies the committee’s view on the profitability of the city’s operations and the appropriate organisation of the city’s services.  The committee handles the consolidation of the audits of the municipality and its affiliated corporations. The Audit Committee also estimates the actual balancing of the finances during the financial period and the sufficiency of the financial plan and action programme if the municipality’s balance includes an uncovered deficit.

The committee monitors the implementation of the auditing plan and can also issue instructions to the auditor, as required by the Local Government Act, and request for clarification. If the auditor’s report includes a reminder, the committee will obtain clarifications from the parties in question and a statement from the City Board.

In addition to the assessment report, the Audit Committee provides the City Council with its statement on the monitoring report and monthly report.

Audit Committee’s assessment plan for 2021–2024 and assessment programme for 2023

The Audit Committee’s assessment is based on a statutory assessment plan that covers the City Council term as well as on an annual assessment programme. Assessment results are published annually in May in an assessment report submitted to the City Council. In addition, the Audit Committee issues statements to the City Council on the second and third interim reports and corporate group reports. The Audit Committee supervises compliance with the obligation to provide declarations of interests and informs the City Council of the declarations of interests on an annual basis. The External Auditing Unit prepares matters to be discussed by the Audit Committee.

The theme of the Audit Committee’s assessment plan for the council term 2021–2025 is assessing the profitability, quality, cost-effectiveness and accessibility of the city’s services. The focus areas during the assessment period are the promotion of sustainable development in Espoo’s urban environment and the implementation of the ‘Economically Sustainable Espoo’ productivity and adjustment programme. During the assessment period, the Audit Committee will monitor the implementation of the Espoo Story, the setting, achievement and reporting of the binding performance targets as well as effectiveness. Major investment and development projects will also be monitored during the period. In addition, matters dealt with annually include the financial statements and personnel key figures of the city and the corporate group. The work done during the period also includes following up on the recommendations issued in the previous assessment reports.

The assessment programme for 2023 (autumn 2023–spring 2024) includes 14 meetings for the Audit Committee and four meetings for both sub-committees. The chairs of the City Council will be invited to a meeting in August/September 2023, while the chairs of the City Board will be invited to a meeting in March 2024. The Mayor will present Espoo’s key challenges and other topical matters to the Audit Committee in April 2024.

The persons invited to the assessment meetings include, depending on the topic, experts and office-holders in charge of the matter as well as the chairs of the committees and boards concerned.

The Audit Committee’s focus areas during the assessment year 2023:

• wellbeing of children and young people
• exercise and cultural services for the elderly and special groups
• security and preparedness
• accessibility and equality
• promotion of biodiversity and local nature.

At its meetings, the Audit Committee will assess the development of the city's economy and operating environment as well as the city’s key challenges. Other matters to be assessed include security and preparedness, personnel key figures, the city’s HR policy and occupational safety. In addition to the assessment of corporate governance and ownership policy, the group entities to be assessed are the joint municipal authority HSL (Helsinki Region Transport) and Länsimetro Oy. Over the course of the assessment year, the implementation of the auditor’s auditing plan as well as the action plan for internal auditing will be presented to the committee. In addition, the committee will assess the city’s actions and development measures related to the investigation of a case of misconduct within the city’s public utility and the prevention of similar cases.

During the assessment year 2023, the first sub-committee will assess the Finnish model for leisure activities and the Espoo Hobby Path as well as exercise and cultural services for the elderly and special groups. In the Growth and Learning Sector, it will assess early childhood education services and the quality of services, support for learning and inclusion in pre-primary and basic education, and the support provided for pupils with Finnish or Swedish as a second language. In the Sector for Economic Development, Sports and Culture and the Growth and Learning Sector, the sub-committee will assess youth services, the promotion of youth employment and Ohjaamotalo activities. Employee attraction and retention within the Growth and Learning Sector will also be assessed.

The second sub-committee’s assessment activities within the Urban Environment Sector will focus on biodiversity, environmental health care, and the accessibility and safety of buildings and the built environment. In the Sector for Economic Development, Sports and Culture and the Urban Environment Sector, it will assess nature and local exercise services and the infrastructure in outdoor sports areas and recreational routes. The city’s balance sheet units will also be assessed.

The assessment programme may be updated during the assessment period if the Audit Committee so decides. For example, a topical issue may be added to the programme if the Audit Committee immediately wants to make the Council aware of the issue and have it included in the decision-making processes.

The Council has selected BDO Audiator Oy as the Finance Auditor of the city according to the Section 122 of the Local Government Act.

The accountable Finance Auditor is JHT, KHT Tiina Lind.

GSM +358 40 5282159

E-mail: firstname.surname@bdo.fi

Finance Auditors’ Office (in the agenda)

P.O. Box 113, 02070 Espoo

E-mail: jhtt-tilintarkastaja@espoo.fi

Street address: Virastopiha 2 C, 5th floor, centre of Espoo

Street address: Virastopiha 2 C, 5th floor, centre of Espoo

Mailing address: P.O. Box 113, 02070 City of Espoo

E-mail: firstname.surname@espoo.fi

Audit Director, Reporting Official of the Audit Committee Virpi Ala-aho

GSM +358 46 8772801

City Auditor, Secretary of the Audit Committee Jussi Lepistö

GSM +358 40 6366285

Date of publication of the Privacy Statement: 23 September 2020

1. Data controller

City of Espoo/Audit Committee

2. Person responsible for the register

Audit Director

3. Contact person of the register

Audit Director Virpi Ala-aho

External Auditing Unit, P.O. Box 113, 02070 City of Espoo

Tel. +358 9 81621 (exchange)

firstname.lastname@espoo.fi

4. Data protection officer

City of Espoo Data Protection Officer

Address: P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (exchange)

E-mail: tietosuoja@espoo.fi

5. For what purpose is personal data processed?

The register has been established for the declaration of private interests.

6. On what grounds is personal data processed?

Personal data is processed in the register based on the provisions of the Local Government Act (410/2015).

The EU General Data Protection Regulation, Article 6(1c): processing is necessary for compliance with a legal obligation to which the controller is subject.

7. What data is processed?

Elected officials and senior local officers acting as presenting officers for decision-making bodies as defined in the Local Government Act must declare their managerial duties and positions of trust as well as their significant assets and other private interests that could be of significance in attending to their position. Any changes must also be declared without delay.

The following personal data is collected in the register from persons obliged to declare their private interests:

• Personal identity code (does not appear in the public register)

• First name(s), last name, e-mail address, telephone number

• Party they represent

• Decision-making body in which they are a member/presenting officer

• Posts, occupations, professions and positions that may have an impact on the public decision-making process

• Administrative functions in state-owned enterprises, economically significant enterprises, banks and other financial institutions and significant organisations

• Positions of trust in interest groups

• Municipal and ecclesiastical positions of trust

• Major holdings acquired for business and investment purposes and other major holdings

• Debts incurred for business and investment purposes and guarantees or other liabilities for the same purpose

PUBLIC ACCESS TO INFORMATION AND CONFIDENTIALITY:

The information will be published in the online service after review and approval and will be presented on the City of Espoo website, unless otherwise provided for in the confidentiality regulations.

GROUNDS FOR CONFIDENTIALITY:

Some of the data processed is confidential. The operations are guided by the Data Protection Act (1050/2018), the EU General Data Protection Regulation (2016/679) and the Act on the Openness of Government Activities (621/1999).

8. What are the sources of data?

The required information is personally provided by the persons obliged to declare their private interests. The persons obliged to declare their private interests assure that the information provided is correct and up-to-date, and authorise the publication of their data in the register of private interests.

Personal data is processed in the register based on the provisions of the Local Government Act (410/2015).

The register works as an electronic network service in which the elected officials and local officers obliged to declare their private interests log in themselves to fill in the information required by law. Providing the information is a legal obligation. The persons obliged to declare their private interests assure that the information provided is correct and up-to-date, and authorise the publication of their data in the register of private interests.

Administrators or the Audit Committee may not modify the information provided by the obliged persons in the register.

The Audit Committee monitors compliance with the declaration obligation and may ask a person obliged to declare their private interests to make a declaration or supplement a declaration already made. Once reviewed and approved, the information will be published in the same online service for public viewing.

9. Is data disclosed or transferred outside the city?

The information will be published in the online service after review and approval and will be presented on the City of Espoo website, unless otherwise provided for in the confidentiality regulations.

The Audit Committee has decided that information from the register of private interests will not be disclosed for direct marketing, market or opinion polls, public registers or genealogical studies.

10. Is data transferred outside the EU/EEA?

The data will be stored in a data centre located in the EU and will not be transferred outside the EU.

11. How long is data stored?

The personal and interest data provided by the users will be saved in electronic form in the service provider’s database. In accordance with the Local Government Act, the data will be deleted from the public electronic register of private interests when the data no longer needs to be used.

On 30 June 2017 (AL/10361/07.01.01.03.01/2017), the National Archives of Finland ordered, pursuant to Section 8 and Section 11 of the Archives Act (831/1994), the declarations of private interests and the information in registers of private interests to be kept in permanent storage exclusively in electronic form.

12. How is data protected?

The personal data is kept confidential, mainly in electronic form. The material is stored in printed form in the records and archives of the City of Espoo Audit Committee, except to the extent that the National Archives has ordered the material to be stored exclusively in electronic form. An electronic personal data file of those who have provided information about their private interests is located on a properly protected server in a controlled data server centre.

13. The data subject’s rights

More detailed instructions on how to submit data requests in accordance with the GDPR: https://www.espoo.fi/en-US/Eservices/Data_protection/Client_rights

13.1 How can I access my data?

You have the right to obtain from the data controller a copy of the personal data undergoing processing. The controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and no later than within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests by the data subject and the related measures are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to take the action requested.

13.2 When can I request rectification of my data?

You have the right to have incorrect, inaccurate, incomplete, outdated or unnecessary personal data that we retain, corrected or supplemented by us.

13.3 When can I request erasure of my data?

You have the right to have personal data concerning you erased by the data controller without undue delay under certain preconditions. You have no right to remove the data if, following the statutory commitment requires processing of the data or the processing is done for the purpose of performing a task concerning public interest or exercising official authority vested in the controller. In these cases, the personal data will only be destroyed after the statutory deadline.

13.4 When can I request restriction of processing of my data?

If the data collected about you is inaccurate, you may require that the processing of your customer data be restricted until the accuracy of the data has been verified.

13.5 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you consider the processing of personal data to be in breach of data protection legislation. You can lodge a complaint with the office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home

The Audit Committee is a statutory body, and the minutes of its meetings must be stored permanently. The minutes are stored in the City Archives. Other documents to be archived are stored for the required period in the committee’s own archive. This includes the agendas and minutes of the Audit Committee’s subcommittees, the Audit Committee’s agendas, the External Auditing unit’s personnel matters, tendering documents related to auditing as well as project audits carried out by the External Auditing unit concerning EU projects and other projects that have received external funding. The latest statutory task of the Audit Committee is to maintain a register of interests and monitor the declarations of interests. The data in the register of interests must be stored permanently in accordance with the instructions of the National Archives of Finland.