The board of directors’ and the CEO’s responsibilities for internal control is governed by the Swedish Companies Act and the Code.
According to the Swedish Companies Act, the board of directors is responsible for the company’s organisation and management of the company’s affairs and shall ensure that the company’s organisation is structured in such a way that accounting, asset management and the company’s financial conditions are controlled in a satisfactory manner.
The CEO shall, according to the Swedish Companies Act, manage the day-to-day business according to the guidelines and instructions issued by the board of directors. Furthermore, the CEO shall take necessary measures to ensure that the Company’s bookkeeping is done in accordance with the law and that the asset management is handled in a satisfactory manner.
According to the Code, it is the responsibility of the board of directors to ensure that there are effective systems for follow-up and control of the company’s operations.
Internal control is by practice defined as a process affected by the board of directors, the CEO, other members of the executive management and other employees and which is intended to provide a reasonable assurance that a company’s goals are met, with respect to: appropriate and efficient operations, reliable reporting and compliance with applicable laws and regulations. The process for the Company’s internal control is based on the control environment which provides the discipline and structure for the other four components of the process: risk assessment, control activities, information and communication, and monitoring.
Internal control over financial reporting is intended to provide reasonable assurances regarding the reliability of the external financial reporting in the form of quarterly and annual reports and financial statements as well as that the external financial reporting is prepared in accordance with applicable legislation and accounting standards and other requirements for listed companies. Ultimately, the responsibility for the internal control rests with the board of directors, which continuously evaluates the Company’s risk management and internal control.
As a part of the assignment and of the yearly calendar, the board and executive team work to evaluate risk including all areas, including but not limited to financial risks and key business risks. Risks have been regularly reported to the board. The board and the audit committee have regularly discussed a the audit committee is integrated in the risk evaluation work. As a part of the yearly routine the risk map is updated by the executive management team and the updated risk policy is adopted by the board as part of the Board calendar
Control activities are implemented at all levels, both in group functions and in local companies as well in the relation between the two. The internal control starts with the division of work between the board and the CEO and management team as described in the CEO work instruction. The responsibilities are further divided within the management team and documented to the board.
The group and local routines for control are impemented in policies and work instructions for the financial and accounting team as well as other functions and relates to such areas as four eye verifications, approval policies and routines.
All policies and instruction are available to all relevant staff in the company and are introduced to employees both as part of the onboarding process and training periods as well as on a regular basis when evaluating work and routines on the teams.
The board and management team regularly evaluates the control policies that are adopted for the respective areas.