Systems for internal control and risk management in financial reporting
Internal control
The Board of Directors has overall responsibility for ensuring that the Group has an effective system for management and internal control. This responsibility includes annually evaluating the financial reports it receives and stipulating the content and format of these reports to ensure their quality. This requirement means that the financial reporting must fulfil its purpose and comply with applicable accounting rules and other requirements incumbent on listed companies. The CFO annually reports on the Group's internal control work to the Board.
Control environment
Addtech builds and organises its business on the basis of decentralised responsibility for profitability and earnings. Internal control in a decentralised operation is founded on a firmly established process for defining goals and strategies for each operation. Internal directives and Board-approved policies convey defined decision-making channels, powers of authority and responsibilities. The financial policy, reporting manual and instructions for each annual/quarterly accounts are the Group's primary financial policy documents. A Group-wide reporting system with related analysis tools is used in the Group's annual/quarterly accounts process. At a more comprehensive level, all operations in the Addtech Group must comply with the Group's Code of Conduct.
Risk assessment
Addtech operates well-established routines for internal control and risk management in financial reporting with regard to the risks that the Board of Directors and Group management see as significant. Risk assessments start with the Group's income statement and balance sheet to identify the risk of material errors. In the Addtech Group as a whole, the greatest risks in financial reporting are linked to intangible non-current assets related to business acquisitions. The degree of exposure is determined by the degree of dependence on internal control or judgements that may affect financial reporting. The Group operates annual procedures for impairment testing in order to identify any indications of impairment.
Control activities
Control activities include transaction-related controls such as authorisation and investment rules and clear payment procedures, but also analytical controls performed by the Group controller function and the central finance and accounting function. Controllers and financial managers at all levels of the Group play a key role in creating the right environment for transparent and accurate financial reporting. This role places great demands on integrity, expertise and the capabilities of individuals.
Regular finance conferences are held to discuss current issues and safeguard effective sharing of knowledge and experience within the finance and accounting functions. The monthly review of results that is performed via the internal reporting system and is analysed and commented on internally by the Board is a key overall control activity. The review includes an evaluation of results compared to targets set and previous performance as well as a follow-up of key indicators.
A 'self-evaluation' of internal control issues is performed in all Group companies each year. The companies comment on how important issues were handled, such as business terms and conditions in customer contracts, assessments of customers' credit ratings, valuation and documentation of inventories, payment procedures, documentation and analysis of financial statements/closing accounts, and compliance with internal policies and procedures. An accepted minimum level has been set for critical issues and processes, and all companies are expected to meet this level. The responses of each company are validated and commented on by that company's external auditor in conjunction with the ordinary audit. The responses are then compiled and analysed, after which they are presented to business area management and Group management. The results of self-evaluation are taken into consideration in planning the self-evaluation and external auditing for the coming year.
In addition to the work of self-assessment, a more in-depth analysis of the internal control in about 25 operating companies takes place each year. This is termed ‘internal auditing’ and is performed at the companies by business area controllers and employees from the Parent Company's central finance and accounting function. Central processes at the companies, and control points for the latter, are analysed, tested and recorded. The external auditors study the records kept in conjunction with auditing of the companies. The process provides a solid basis on which to chart and assess the internal control in the Group. An external party also regularly reviews and assesses the Group's internal control processes.
Information and communication
Governing guidelines, policies and instructions are available on the Group intranet. The documents are regularly updated as needed. Changes are communicated separately via e-mail and at meetings for those concerned.
Access to the documents for internal information on the intranet is governed via levels of authorisation. The Group's employees are divided into different groups and the groups have various levels of access to information. All financial guidelines, policies and instructions are available for each company's managing director and financial manager, business unit managers, business area managers, business area controllers and the central finance and accounting function. Access to financial data for the Group is also governed centrally via levels of authorisation.
Assessment
The outcome of the internal control is analysed and communicated annually. An assessment is made of the improvement measures that are to be implemented in the various companies. The boards in the Group companies are informed of the outcome of the internal control in each company and the improvement measures that should be implemented. The business area controllers and company boards subsequently follow up this work on a continual basis during the following year.
The Board receives monthly comments from the CEO regarding the business situation and development of operations. The Board reviews all quarterly reports and the annual report before their publication. The Board is updated annually about the internal control work and its results. The Board also examines the assessment made by KPMG of the Group's internal control processes.
Internal auditing
In light of the above risk assessment and structure of control activities, including self-evaluation and a more in-depth analysis of internal control, the Board has chosen not to have a separate internal auditing function.