Internal control of financial reporting

The Board of Directors has adopted rules of procedure with instructions regarding internal financial reporting. All interim reports and press releases are published on AddLife’s website, www.add.life, immediately upon disclosure.

The responsibilities of the Board of Directors and the CEO for internal control are governed by the Swedish Companies Act. The responsibilities of the Board are further governed by the Code and the Annual Accounts Act. The Board has the overall responsibility for ensuring that the Group has an effective system for management and internal control. This responsibility includes annually evaluating the financial reporting received by the Board and setting requirements for its content and design in order to ensure the quality of the reporting. These requirements imply that the financial reporting must be fit for purpose, in compliance with applicable accounting standards and other requirements for listed companies. The CFO has reported to the Board on the Group’s work with internal control.

Control environment

AddLife structures and organises its operations based on a decentralised responsibility for profitability and performance.

The foundation of internal control in a decentralised organisation is a well‑established process aimed at defining goals and strategies for each business. Defined decision‑making paths, authorities and responsibilities are communicated through internal instructions and Board‑adopted policies. The Group’s most important financial steering documents include the finance policy, the finance manual and the instructions issued ahead of each closing of the books. The Group’s closing process is supported by a Group‑wide reporting system with associated analysis tools. At a more overarching level, all operations within the AddLife Group are conducted in accordance with the Group’s Code of Conduct.

Risk assessment

AddLife has established procedures to manage risks that the Board and Group Management have assessed as material to internal control over the Company’s financial reporting.

In the Board’s opinion, the Group’s exposure to a wide range of market and customer segments, and the fact that operations are conducted in about 85 operating companies, results in significant risk diversification. The risk assessment is based on the Group’s income statement and balance sheet in order to identify the risk of material misstatements. For the AddLife Group as a whole, the principal risks relate to the recognised values of intangible assets arising from business combinations, inventories, trade receivables and revenue.

As an integrated part of the Group’s risk assessment, material sustainability‑related risks and opportunities are also identified and assessed, such as climate‑related risks, environmental matters, work environment and safety, business ethics and corruption, as well as risks related to human rights in the supply chain. These risks are assessed both from an impact perspective (how AddLife’s operations affect the outside world) and from a financial perspective (how sustainability matters may affect the Group’s earnings, financial position and cash flow).

The results of this assessment form the basis for the double materiality analysis, which constitutes the foundation of the Group’s sustainability strategy and sustainability reporting under the CSRD.

Control activities

Examples of control activities include transaction‑related controls, such as rules governing authorisation and investments and clearly defined payment procedures, as well as analytical controls performed by the Group’s controllers and central finance function.

Controllers and finance managers at all levels within the Group have a key role in creating the environment required to achieve transparent and reliable financial reporting. This role places high demands on the integrity, competence and capabilities of individual employees.

To ensure effective exchange of knowledge and experience within the finance functions, regular finance conferences are held where current topics are discussed. An important overarching control activity is the monthly performance follow‑up conducted via the internal reporting system and analysed and commented on in the Board’s internal work. The performance follow‑up includes comparisons with established targets, previously achieved outcomes and follow‑up of a number of key financial indicators.

An annual “self‑assessment” is carried out in all of the Group’s companies with regard to issues relating to internal control. In this self‑assessment, the companies comment on how material issues have been handled, for example terms and conditions in customer contracts, credit checks on customers, valuation and stocktaking of inventories, payment procedures, documentation and analysis of financial statements, as well as compliance with internal policies and procedures. For critical issues and processes, an acceptable minimum level is defined, which all companies are expected to meet. The responses are then compiled and analysed, after which they are presented to the business unit managers and the Board. The results of the self‑assessment are taken into account when planning the following year’s self‑assessment and the scope of the external audit.

In addition to the self‑assessment, an in‑depth analysis of internal control has also been carried out during the year in four operating companies. This work is referred to as an “internal control analysis” and is performed by the companies’ controllers and the Parent Company’s finance function.

The companies’ key processes and the control points within these processes have been mapped and tested. The external auditors have reviewed the minutes from the internal control analyses in connection with their audit of the companies. The process is considered to provide a solid basis for mapping and assessing internal control within the Group. The Company’s auditors have reviewed and reported their assessment of the Group’s internal control processes to the Board.

Follow‑up, information and communication

Each month, the Board has received comments from the CEO on the business situation and the development of operations. The Board has reviewed the quarterly reports before they were published.

The Board has been updated on the work with internal control and the outcomes thereof. The Board has also reviewed the assessment made by the Company’s auditors of the processes the Group has in place for internal control. The results of the internal control have been analysed by the Group’s CFO together with the controllers.

An assessment has been made of which improvement measures are to be implemented in the various companies. The Boards of Directors of the subsidiaries have been informed of the outcome of the internal control in each company and of the improvement measures that should be implemented. The controllers, together with the Boards of the respective subsidiaries, then follow up on this work on an ongoing basis in the coming year.

Governing guidelines, policies and instructions are available on the Group’s intranet. The documents are continuously updated as needed. Changes are communicated separately by e‑mail and at meetings for controllers and finance managers.

Access to documents for internal information is controlled via authorisations. The Group’s employees are divided into different groups, and each group has different levels of access to information. All financial guidelines, policies and instructions are available to each company’s Managing Director and finance manager, business unit managers, controllers and the Parent Company’s finance function. Access to the Group’s financial data is also centrally controlled via authorisations.

Internal audit

In light of the risk assessment and design of the control activities described above, including the self‑assessment and the in‑depth analyses of internal control, the Board has decided not to establish a separate internal audit function.

Internal control over sustainability reporting