Corporate Governance

Internal control of financial reporting

The Board of Directors has established operating procedures with instructions on internal financial reporting. All interim reports and press releases are published on AddLife's website, immediately after publication.

The Board of Directors’ and the CEO’s responsibility for internal control is regulated by the Companies Act. The Board of Directors’ responsibilities are also regulated in the Code and the Annual Accounts Act. The Board of Directors has the overall responsibility for ensuring that the Group has an effective system for management and internal control. This responsibility includes annually evaluating the financial reporting the Board receives and stipulating the content and format of these reports to ensure their quality. This requirement means that the financial reporting must fulfil its purpose and comply with applicable accounting rules and other requirements incumbent on listed companies. The CFO has presented reports to the Board on the Group’s internal control.

Control environment
AddLife builds and organises its business on the basis of decentralised responsibility for profitability and earnings.

The basis for internal control in a decentralised operation is a well-established process aimed at defining objectives and strategies for each operation. Internal guidelines and Board-approved policies communicate defined decision-making channels, powers of authority and responsibilities. The Group’s main financial control documents include its financial policy, financial manual and instructions for each financial closing. A Group-wide reporting system with related analysis tools is used for the Group's closing procedures. On a more general level, all operations within the AddLife Group are conducted in accordance with the Group’s Code of Conduct.

Risk assessment
AddLife has established procedures for managing risks that the Board of Directors and senior management have deemed essential for the internal control of the company’s financial reporting.

The Board holds the opinion that the Group’s exposure to a variety of market and customer segments, and the fact that the operations are conducted in over 80 operating companies, entail significant risk diversification. The risk assessment shall be based on the Group’s income statement and balance sheet to identify the risk of significant errors. For the AddLife Group as a whole, the greatest risks are linked to the recognised value of intangible assets in relation to acquisitions, inventories, accounts receivable and revenue.

Control activities
Control activities include transaction-related controls such as spending authorisation and investments, as well as clear disbursement procedures, but can also be analytical controls performed by the Group’s controllers and central finance and accounting function.

Controllers and financial managers at all levels of the Group play a key role in creating the right environment for transparent and accurate financial reporting. The key roles place high demands on integrity, competence and abilities of individuals.

In order to ensure an efficient exchange of knowledge and experience between the financial functions, regular financial conferences will be held where current issues will be discussed. An important overall control activity is the monthly performance review performed via the internal reporting system and analysed and commented on in the internal work of the Board. The performance review includes reconciliation against set targets and previously achieved results, as well as the review of a number of important key figures.

Each year a “self-assessment” is performed of all Group companies with respect to internal control issues. Companies comment on how important issues have been handled, such as the terms of business in customer contracts, customer credit ratings, valuation and documentation of inventories, payment procedures, documentation and analysis of financial statements and compliance with internal policies and procedures. An accepted minimum level must be established for critical issues and processes, which all companies are expected to meet. Each company’s response should be validated and commented on by the relevant company’s external auditor in connection with the regular audit. The responses should subsequently be compiled and analysed, after which they are presented to the business area manager and Group Management teams. The result of the self-evaluations will be taken into account in the planning of the following year’s self-evaluations and external auditing.

In addition to the “self-assessment” work, an in-depth analysis of internal control in twelve of the operating companies was conducted during the year. This work is referred to as an “analysis of internal control” and is performed by the companies’ controllers and colleagues from the parent company’s finance function.

The companies’ key processes and their control points have been identified and tested. The external auditors have read the records of the internal control in connection with their audit of the companies. The process is expected to provide a good basis to identify and assess the internal controls within the Group. KPMG has reviewed and reported its assessment of the Group's internal control process to the Board of Directors.

Monitoring, information and communication
The Board has received monthly comments from the CEO regarding the business situation and the development of the operations. The Board has discussed the quarterly financial statements before these have been published.

The Board has received updates on the work on internal controls and its outcome. The Board has also reviewed KPMG's assessment of the Group's internal control processes. The outcome of the internal control has been analysed by the Group’s CFO together with the controllers. An assessment has been made of the improvement measures to be implemented in the various companies. The boards of the various subsidiaries have been informed of the outcome of the internal control in each company and the improvement measures that should be implemented. The controller, together with the boards of the respective subsidiaries, will then follow up the work on an ongoing basis in the coming year.

Governing guidelines, policies and instructions are available on the Group’s intranet. The documents are regularly updated as needed. Changes are communicated separately via email and at meetings for controllers and financial managers.

For internal information via the intranet, access to the documents is controlled through authorisations. The Group’s employees are divided into various groups whose access to information differs. All financial guidelines, policies and instructions are available for each company’s CEO and CFO, business unit managers, controllers and the central finance staff. Access to financial data for the group is also centrally controlled via authorisations.

Internal audit
In light of the risk assessment and design of control activities described above, including the self-assessment and in-depth analysis of internal control, the Board has chosen not to have a separate internal audit function.

Latest updated: 4/2/2024 5:35:53 PM by Marcus Svensson