ANNUAL REPORT Corporate Governance Report
Internal control over financial reporting
The Board of Directors has overarching responsibility for internal control over financial reporting . The Board has established an audit committee tasked with preparing the Board ’ s work with control over the company ’ s financial reporting . The following description has been prepared in accordance with the Swedish Corporate Governance Code and constitutes the Board ’ s description of the company ’ s system for internal control and risk management with respect to financial reporting .
ADDNODE GROUP ’ S CONTROL ENVIRONMENT Addnode Group ’ s control environment includes the values and ethics that the Board , the President and Group Management communicate and work according to , as well as the Group ’ s organisational structure , leadership , decision-making channels , authorisations and responsibilities , and the employees ’ expertise . The Board works continuously with risk assessment and risk management . Addnode Group ’ s board has chosen to not establish a designated audit function for internal control . The Board is of the opinion that the existing organisation and existing control structures in Addnode Group enable effective operations , identify risks in the financial reporting and ensure compliance with applicable laws and regulations . The presidents and controllers regularly monitor compliance with the governance and control systems established by the company .
Responsibilities and authorisations are defined in instructions for authorisation rights , manuals , policies , routines and codes . A few examples include the Articles of Association , the Board ’ s rules of procedure , the instructions for the division of duties between the President and the Board , the instructions for financial reporting , the finance policy , the information policy and the financial manual including its accompanying accounting manual .
These guidelines , together with laws and external rules and regulations , make up the control environment . All employees are required to follow these guidelines . The Board tests the relevance and pertinence of these instructions on a regular basis . Responsibility for continuously maintaining an effective control environment and the dayto-day work with internal control over financial reporting is delegated to the President . The Group ’ s corporate governance is described on pages 73 – 77 . Group Management and other senior executives have responsibility for internal control within their respective areas of responsibility .
RISK ASSESSMENT The Audit Committee continuously assesses the Group ’ s risks and reports to the Board when necessary . The aim is to identify events in the market or in the Group ’ s operations that could result in changes in the value of assets and liabilities . Another important part of risk assessment involves staying abreast of changes in accounting rules and ensuring that any changes are correctly reflected in the financial reporting . The CFO is responsible for the preparatory work behind the Audit Committee ’ s assessments and for operational monitoring of identified risks . A key aspect of risk assessment is the company ’ s monthly financial reporting and the management reports that are submitted monthly by each business area president and their directly subordinate managers .
CONTROL STRUCTURES The company ’ s control structures have been designed to manage the risks that the Board and management deem as being the most significant for the operations and the financial reporting . Addnode Group ’ s control structures consist in part of an organisation with clear roles that facilitate an effective and suitable division of duties and responsibilities , and in part of instructions and specific control activities aimed at detecting or preventing risks for errors in the reporting in a timely fashion .
Examples of control activities include :
> Clear decision-making processes and authorisation instructions for important decisions ( e . g ., purchases , investments , agreements , and acquisitions and divestments )
> Monthly performance analyses with deviation monitoring against budgets and forecasts
> Monthly risk assessments of all fixed-price assignments in excess of SEK 100,000 > Monthly risk assessments of past due accounts receivable > Automatic controls in IT systems that are essential for the financial reporting and other analytical follow-ups and reconciliations
MONITORING Monitoring and testing of control activities are performed on a continuous basis to ensure that risks have been identified and addressed in a satisfactory manner . Monitoring is conducted both informally and formally , and involves reconciliation of monthly financial reports against budgets , forecasts and other set targets . Monitoring to ensure the effectiveness of internal control over financial reporting is conducted by the Board , the President , Group Management , the CFO and individuals in the Group ’ s business areas and companies who are responsible for operations . The Audit Committee reviews reports on internal control as well as the financial reporting processes and analyses by the CFO . The auditors report to the Audit Committee in connection with their review of the nine-month interim report , the year-end report and the annual report . In addition , the Audit Committee and the auditors maintain regular contact .
78