Under the Swedish Companies Act and the Code, the Board of Directors is responsible for the internal control. This report has been prepared in accordance with items 3.7.1 and 3.7.2 of the Code, and according to “instructions for application of the Code’s rules on internal control reporting” and is thus limited to internal control of the financial reporting rather than making any statement as to how well it has functioned and has not been reviewed by the auditor.
Control environment
The Group has produced a framework for corporate governance. The most important components in the control environment include clear terms of reference for the Board, a clear organizational structure with documented delegated decision-making from the Board to the Group Management, and a number of Group policies, routines and frameworks. Overall, the Group operates in an organization where managers are given clear goals and authority. Delegation of decision-making is documented in an authorization instruction which provides clear instructions and authority to managers at all levels. The competence and ability of the Group’s employees is developed through continuous training and practical experience and is actively encouraged by means of a broad range of action plans and programs. The Group’s more important policies, routines and frameworks include, “Financial Policies and Guidelines”, an accounting and reporting manual, a Group Treasury policy and a Risk Management policy, which states financial and business risk management mandates as well as a manual for IT security. The documents are periodically reviewed and updated. The Group’s established internal control processes embrace all countries and subsidiaries and include methods and activities for securing assets, controlling accuracy and reliability in internal and external financial reporting and for ensuring adherence to adopted guidelines.
Risk management and analysis
At each meeting the Board evaluates the future strategic opportunities, the Group’s risk exposure and adopts the Company’s strategy ahead. The overall responsibility for management of financial and business risks has been clearly delegated to the CEO who has delegated the day-to-day responsibility for identifying, evaluating and handling financial and business risks as well as for implementation and maintenance of the control system in accordance with the policies established by the Board.
Each country Management has responsibility for ensuring that there is a process within each country aimed at increasing risk awareness.
The Group’s established policies and processes aim to ensure that risk management constitutes a part of the local business culture at all levels. The Group has an established process for management of business risks which is integrated in the Group’s business planning and review of results. There are clear escalation procedures for ensuring that the Group Management and the Board are continually notified of potential control deficiencies and significant risk exposures.
Information and communication
There is a program for communication that is continuously developed in order to give the staff a clear definition of the Group’s goals, liability and the framework for permissible activities. Information systems and processes have been established to furnish the Management with adequate reports of the business results in relation to established objectives and in order to ensure that reliable and up-to-date information is available for Management so that they can perform their duties in a correct and efficient manner.
Self-assessment
Every local Country Management performs an annual self-assessment with regard to the observance of Financial Policies and Guidelines and adopted Corporate Governance documents. Evaluation and follow-up take place to determine to what extent the defined responsibilities and requirements have been fulfilled. The self-assessment is signed by the respective country’s President and controller.
Financial reporting
The local country organization is responsible for ensuring observance of approved policies and frameworks as well as routines for internal control with regard to the establishment of financial reporting. The responsibility also includes ensuring that all financial information is correct, complete and in accordance with internal and external requirements. All reporting units report monthly financial outcomes, accounted for in accordance with the Group’s accounting principles, International Financial Report Standards (IFRS). The reporting is consolidated and forms the basis for quarterly reports and monthly operational follow-up. The operational follow-up takes place according to an established structure where sales, results cash flow and other important key ratios and trends for the Group are compiled and form the basis for analysis and actions from Management at a Group and local level. Other important and Company-wide elements of the internal control are the annual business planning and budgetary processes as well as quarterly forecasts of the financial outcome for the current calendar year.
Letter of Representation
The country management confirms the financial statements annually by certifying a Letter of Representation aimed at securing the control environment, which reports the Management’s opinion on whether the internal control relating to financial reporting and other Group-wide reporting provides a true and fair view of the unit’s financial position.
Routines for acquisitions
The Group has adopted specific policies and routines in order to ensure that all acquisitions of operations are duly approved and carefully analyzed with regard to the financial and operational consequences of the acquisition. The Group conducts regular follow-ups and evaluations of completed acquisitions.
Internal audit
The Board evaluates on an ongoing basis the Group’s need for introducing an internal audit function.
The starting point in the Board of Directors’ assessment is to consider how an internal audit function would facilitate the Board’s achievement of targets and create value for shareholders through providing an objective analysis of how the Board and Group Management handle risks and monitor the operations. In the light of this evaluation, a special internal audit function has not been deemed necessary. The Board’s evaluation will continue to be conducted annually as a part of the corporate governance process within the Group in accordance with the requirements in item 3.7.3 of the Code.