Internal control

THE BOARD’S DESCRIPTION OF INTERNAL CONTROLS IN RELATION TO FINANCIAL REPORTING

According to the Swedish Companies Act and Swedish Corporate Governance Code, the Board is responsible for the company’s internal controls. In the description, the Board does not issue any statement on the effectiveness of internal controls.

Nolato’s internal audit in relation to financial reporting includes five main activities: creating a control environment, risk assessment, control activities, information and communication, and monitoring.

Control environment

Effective Board work forms the foundation for good internal controls. The Board has established clear processes and rules of procedure for its work. One key element of the Board’s work is deciding on and approving a number of fundamental policies, guidelines and frameworks for financial reporting. These include the Code of Conduct, Information Policy and Financial Policy.

The Board evaluates the operating activities’ performance and results on an ongoing basis, via reporting which includes business outcomes, earnings, rolling forecasts, the analysis of key performance indicators and other significant operating and financial information.

Nolato has a simple legal and operational structure, with established management and internal audit systems. This enables the business to react swiftly in the event of changes in the conditions in the Group’s market or in other areas. Operational decisions are taken at company or business area level, while decisions on overall strategy, focus, acquisitions, major investments and overall financial issues are taken by Nolato’s Board and Group management. Internal controls in relation to Nolato’s financial reporting are tailored to work within this organizational structure. Within the Group, there is a clear regulatory framework for delegating responsibility and authorization, and this follows the Group structure.

The basis for internal controls in relation to financial reporting is a control environment consisting of the organization, decision-making paths, authorization and responsibilities communicated, as well as the culture within which the Board and company management communicate and operate.

Policy document

Nolato’s group-wide regulations are defined in eight policy documents, as detailed in the list on page 106. These documents are an important part of creating an effective control environment within Nolato.

The documents relating to the Group’s core values are based on the combination of ethical and professional values that Nolato has upheld for many years, and that are communicated to all employees, including in the form of a publication entitled ‘The Nolato Spirit’.

In addition to these policy documents, rules of procedure for the Board and CEO instructions have been drawn up. These describe matters such as the division of work within the Board and the duties of the Chairperson of the Board and the President and CEO.

Rules of procedure have also been drawn up for the managing director of each subsidiary. Managers at various levels within the company are responsible for dealing with internal controls on an ongoing basis within their own particular areas of responsibility.

Risk assessment

The company carries out a risk analysis of its financial reporting, which is evaluated and adopted by the Board. In connection with this risk analysis, income statement and balance sheet items are identified where there is a heightened inherent risk of serious errors.

Within the company’s operations, these risks are mainly present in non-current assets, financial instruments, inventories, trade receivables, accrued expenses, taxes and revenue recognition.

These risk assessments are based on effects on financial reporting, the outcome of the income statement, business processes, external factors and the risk of fraud.

Control activities

Those risks that have been identified in relation to financial reporting are dealt with via the company’s control activities, e.g. authentication checks for IT systems and authorization controls.

These operational-specific controls are supplemented by detailed financial analyses of earnings and monitoring against business plans and forecasts, providing an overall assessment of the quality of the reporting.

Information and communication

The company’s steering documents for financial reporting consist mainly of policies and guidelines, which are kept up-to-date and communicated via the relevant channels. Information is obtained from the subsidiaries through financial and operational reports to the boards of the subsidiaries, the business area management and Group management.

There is an information policy for communication with external parties, which provides guidelines on how such communication should be carried out. The aim of the policy is to ensure that all information obligations are complied with in a correct and complete manner.

Monitoring

The President and CEO is responsible for internal controls being organized and monitored in accordance with the guidelines established by the Board. Financial control is carried out by the Group financial function. Financial reporting is analyzed in detail each month.

The Board  has monitored the financial reporting at its meetings, and the company’s auditors have reported back their observations to the Board and the Audit Committee. The Audit Committee has received regular reports from the auditor, and monitors measures taken to improve or amend controls. The Board has received monthly financial reports and the company’s financial situation has been addressed at each Board meeting.

The Board and the Audit Committee review all interim and annual reports prior to publication.

Internal audit

Nolato has a simple legal and operating structure and established management and internal audit systems. The Board and the Audit Committee monitor the organizational assessment of internal controls, including through contact with Nolato’s auditors. In view of the above, the Board has chosen not to carry out any separate internal audit.