System for internal control and risk management in financial reporting
Internal control
The Board of Directors has overall responsibility for ensuring that the Group has an effective system for management and internal control. This responsibility includes annually evaluating the financial reports it receives and stipulating the content and format of these reports to ensure their quality. This requirement means that the financial reporting must fulfil its purpose and comply with applicable accounting rules and other requirements incumbent on listed companies. The CFO annually reports on the Group's internal control work to the Board.
Control environment
Addtech builds and organises its business on the basis of decentralised responsibility for profitability and earnings. Internal control in a decentralised operation is founded on a firmly established process for defining goals and strategies for each operation. Internal directives and Board-approved policies convey defined decision-making channels, powers of authority and responsibilities. The financial policy, reporting manual and instructions for each annual/quarterly accounts are the Group's primary financial policy documents. A Group-wide reporting system with related analysis tools is used in the Group's annual/quarterly accounts process. At a more comprehensive level, all operations in the Addtech Group must comply with the Group's Code of Conduct.
Risk assessment
Addtech has set procedures for managing the risks that the Board and Company management deem pertinent to internal control of financial reporting. The Group's exposure to several market and customer segments and the fact that operations are run in approximately 120 companies constitute a substantial distribution of risks. Risk assessments begin with the Group's income statement and balance sheet to identify the risk of material errors. For the Addtech Group as a whole, the greatest risks are linked to inventories and carrying amounts of intangible non-current assets related to business acquisitions.
Control activities
Control activities include transaction-related controls such as authorisation and investment rules and clear payment procedures, but also analytical controls performed by the Group controller function and the central finance and accounting function. Controllers and financial managers at all levels of the Group play a key role in creating the right environment for transparent and accurate financial reporting. This role places great demands on integrity, expertise and the capabilities of individuals.
Regular finance conferences are held to discuss current issues and safeguard effective sharing of knowledge and experience within the finance and accounting functions. The monthly review of results that is performed via the internal reporting system and is analysed and commented on internally by the Board is a key overall control activity. The review includes an evaluation of results compared to targets set and previous performance as well as a follow-up of key indicators.
A 'self-evaluation' of internal control issues is performed in all Group companies each year. The companies comment on how important issues were handled, such as business terms and conditions in customer contracts, assessments of customers' credit ratings, valuation and documentation of inventories, payment procedures, documentation and analysis of financial statements/closing accounts, and compliance with internal policies and procedures. An accepted minimum level has been set for critical issues and processes, and all companies are expected to meet this level. The responses of each company are validated and commented on by that company's external auditor in conjunction with the ordinary audit. The responses are then compiled and analysed, after which they are presented to business area management and Group management. The results of self-evaluation are taken into consideration in planning the self-evaluation and external auditing for the coming year.
In addition to the 'self-evaluation' work, a more in-depth analysis of the internal control in about 25 operating companies takes place each year. This is classed as 'internal auditing' and is performed at the companies by business area controllers and employees from the Parent Company's central finance and accounting function. This audit work involves charting and testing the companies' key processes and control points in such processes. The external auditors study the records kept of the internal audits in conjunction with their audit of the companies. The process provides a good foundation on which to chart and assess the internal control in the Group. KPMG also performs an annual review and assessment of the Group's internal control process.
Information and communication
Governance guidelines, policies and instructions are available on the Group intranet. The documents are regularly updated as needed. Changes are communicated separately via email and at meetings for controllers and financial managers.
Access to the documents for internal information on the intranet is governed via levels of authorisation. The Group's employees are divided into different groups and the groups have various levels of access to information. All financial guidelines, policies and instructions are available for each company's managing director and financial manager, business unit managers, business area managers, business area controllers and the central finance and accounting function. Access to financial data for the Group is also governed centrally via levels of authorisation.
Follow-up
The Group CFO, Group controller and business area controllers analyse the outcome of the internal control each year. An assessment is made of the improvement measures that are to be implemented in the various companies. The boards in the Group companies are informed of the outcome of the internal control in each company and the improvement measures that should be implemented. The business area controllers and company boards subsequently follow up this work on a continual basis during the following year.
The Board receives monthly comments from the CEO regarding the business situation and development of operations. The Board reviews all quarterly reports and the annual report before their publication. The Board is updated annually about the internal control work and its results. The Board also examines the assessment made by KPMG of the Group's internal control processes.
Internal auditing
In light of the above risk assessment and structure of control activities, including self-evaluation and a more in-depth analysis of internal control, the Board has chosen not to have a separate internal auditing function.