Internal control of financial reporting
The Board of Directors has established operating procedures with instructions on internal financial reporting. All interim reports and press releases are published on AddLife’s website, www.add.life directly adjacent to the announcement.
The Board of Directors’ and the CEO’s responsibility for internal control is regulated by the Companies Act. The Board of Directors’ responsibilities are also regulated in the Code and the Annual Accounts Act. The Board of Directors has overall responsibility for ensuring that the Group has an effective system for management and internal control. This responsibility includes annually evaluating the financial reporting the Board receives and stipulating the content and format of these reports to ensure their quality. This requirement means that the financial reporting must fulfil its purpose and comply with applicable accounting rules and other requirements incumbent on listed companies. The Chief Financial Oficer (CFO) has presented reports to the Board on the Group’s internal control.
AddLife builds and organises its business on the basis of decentralised responsibility for profitability and earnings.
In decentralised operations, the basis for internal control consists of a well-established process aimed at defining targets and strategies for each business. Internal guidelines and policies approved by the Board communicate defined decisionmaking channels, powers of authority and responsibilities. The Group’s foremost financial control documents include its financial policy, financial manual and instructions for each financial closing. A Group-wide reporting system with related analysis tools is used for the Group's closing procedures. On a more general level, all operations within the AddLife Group are conducted in accordance with the Group’s Code of Conduct.
AddLife has established procedures for managing risks that the Board of Directors and senior management have deemed essential for the internal control of the Company’s financial reporting.
The Board holds the opinion that the Group’s exposure to a variety of market and customer segments, and the fact that the operations are conducted in over 80 operating companies, entail significant risk diversification. The risk assessment shall be based on the Group’s income statement and balance sheet to identify the risk of significant errors. For the AddLife Group as a whole, the greatest risks are linked to the reported value of intangible assets in relation to acquisitions, inventories and revenue.
Control activities include transaction related controls such as spending authorisation and investments, as well as clear disbursement procedures, but can also be analytical controls performed by the Group’s controllers and central finance and accounting function.
Controllers and financial managers at all levels of the Group play a key role in creating the right environment for transparent and accurate financial reporting. The key roles place high demands on integrity, competence and abilities of individuals.
In order to ensure an efficient exchange of knowledge and experience between the financial functions, regular financial conferences will be held where current issues will be discussed. An important overall control activity is the monthly performance review performed via the internal reporting system and analysed and commented on in the internal work of the Board. The performance review includes reconciliation against set targets and previously achieved results, as well as the review of a number of important key figures.
Each year a “self-assessment” is performed of all Group companies with respect to internal control issues. Companies comment on how important issues have been handled, such as the terms of business in customer contracts, customer credit ratings, valuation and documentation of inventories, payment procedures, documentation and analysis of financial statements and compliance with internal policies and procedures. An accepted minimum level must be established for critical issues and processes, which all companies are expected to meet. Each company’s response should be validated and commented on by the relevant company’s external auditor in connection with the regular audit. The responses should subsequently be compiled and analysed, after which they are presented to the business area and Group Management teams. The result of the self-evaluations will be taken into account in the planning of the following year’s self-evaluations and external auditing.
In addition to the “self-assessment” work, an in-depth analysis of internal control in six of the operating companies was conducted during the year. This work is referred to as an “analysis of internal control” and is performed by the companies’ business controllers and colleagues from the Parent Company’s finance function.
The companies’ key processes and their control activities have been identified and tested. The external auditors have read the records of the internal control in connection with their audit of the companies. The process is expected to provide a good basis to identify and assess the internal controls within the Group. KPMG provided the Board with a review and accounted for its assessment of the Group’s internal control process.
Review, information and communication
The Board has received monthly comments from the CEO regarding the business situation and the development of the operations. The Board has discussed the quarterly financial statements before these have been published.
The Board has received updates on the work on internal controls and its outcome. The Board has also read the assessment made by KPMG of the Group’s internal control processes. The outcome of the internal control has been analysed by the Group’s CFO together with the business controller. An assessment has been made of the improvement measures to be implemented in the various companies. The boards of the various Group companies have been informed of the outcome of the internal control in each company and the improvement measures that should be implemented. The business controller will then continuously follow up the work during the following year together with the Boards of Directors of the Group companies.
Governing guidelines, policies and instructions are available on the Group’s intranet. The documents are regularly updated as needed. Changes are communicated separately via email and at meetings for controllers and financial managers.
For internal information via the intranet, access to the documents is controlled through authorisations. The Group’s employees are divided into various groups whose access to information differs. All financial guidelines, policies and instructions are available for each company’s CEO and CFO, business area managers, business controllers and the central finance staff. Access to Group financial data is also controlled centrally through authorisation.
In light of the risk assessment described above and the structure of control activities, including the process of the “self-evaluation” and the in-depth analysis of the internal control, the Board of Directors has chosen to not have a dedicated internal audit function.