Internal control

Internal control of financial reporting
The responsibility for internal control is governed by the Swedish Companies Act, which also stipulates that the Audit Committee has a particular responsibility for monitoring the effectiveness of the company’s risk management and internal control of financial reporting. Synsam Group’s internal control follow the framework established by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The framework consists of five components: control environment, risk assessment, control activities, information and communication, and monitoring activities.

Control environment
The company’s control environment consists of the organisational structure and the values, guidelines, policies, instructions, etc. that the organisation follows. Efficient Board work is the foundation for good internal control, and Synsam Group’s Board has established rules of procedure and clear instructions for its work. This also includes the Board’s Remuneration and Audit Committees.

One part of the Board’s work is to prepare and approve the policies that govern the Group’s internal control. The Board is also to create the conditions for an organisational structure with clear roles and responsibilities that enable effective management of operating risks.

The Group has regulations in place governing levels of decision-making and authority that follow the Group’s organisational structure. The aim has been to clarify who has the decision-making authority for investments, activities, signing agreements, etc. in each function as well as the limits on their amount. If the amount exceeds the function’s mandate, the decision is made by the next level in the organisation. This is intended to maintain sound corporate governance and an awareness of decisions made at various levels in the organisation. The decision-making and authority framework forms the basis of Synsam’s decision-making.

Group management is responsible for implementing guidelines for maintaining sound internal control. The Group’s internal control is continuously developed and improved. The CEO and the Audit Committee report regularly to the Board according to established procedures.

All operations are to be conducted in accordance with the Group’s Code of Conduct and business ethics guidelines.

Synsam Group has established an internal control framework documenting the key controls related to financial reporting for several central business processes: financial reporting, revenue, purchasing, inventory, tax, treasury, HR and salaries, IT – general controls and overall company controls

The goal of the framework is to ensure that there are sufficient controls to minimise the risk of error in the financial reporting and to ensure that a shared work method for internal control applies across the Group.

Risk assessment and control activities
Synsam Group works continuously in various areas that have been deemed top priorities based on materiality and risk.

Synsam Group has defined the following general risk areas, beyond merely financial, each of which entails specific risks: competition, market, IT, brand, intellectual property rights (IPR), employees, inventory, laws and regulations, goodwill, financial risks, supply chain risks and fraud risks. The specific risks in each of these areas, along with their degree of likelihood, impact and acceptability, as well as measures to manage the risks, are documented in Synsam’s risk analysis. This risk analysis includes Synsam Group’s risk areas and risk policy, and is updated annually.

The processes and control structure are documented in a financial handbook that is updated regularly. The most material processes in the Group are continuously evaluated. The largest risks in each process are identified, after which an assessment is made of whether or not the associated controls are sufficient.

Additional controls are introduced as necessary to reduce the risk to an acceptable level. The central finance function is to ensure that the financial reporting is accurate and complete. The finance function is also to ensure that legal regulations are followed and that reporting to operating management and the Board is carried out in the established time frame.

Information and communication
The key policies, guidelines, instructions and manuals that are significant for the Group’s internal control are updated regularly and communicated to the relevant employees. General guidelines and instructions are also available on the company’s intranet.

There are also formal and informal information channels where information from employees can be passed on to management and the Board. The Board receives regular feedback on internal control issues from the operations through the Audit Committee. For external communication, there are guidelines in place to help meet the requirement that all information to the stock market is accurate.

Monitoring activities 
Management and the Audit Committee report regularly to the Board according to established procedures. The Board receives updated information from the CEO through a monthly report for the Group. This report also includes information regarding the performance and financial position of the subsidiaries.

Each interim report is analysed by the Audit Committee to ensure that the financial information is accurate. The Audit Committee also has a central role in ensuring that there are sufficient control activities for the most material risk areas when it comes to financial reporting and in communicating material issues pertaining to the company’s management, Board and auditors. An important part of this involves ensuring that any issues raised by the auditors are addressed.

At least once per year, the entire Board meets with the auditors to review the external audit and discuss current issues. The auditors’ report is part of the Board’s work to form an opinion on the Group’s internal control and the accuracy of the financial information. The CEO does not participate in any questions pertaining to management.

Internal audit
To date, the Board of Directors has not found it necessary to conduct an internal audit. Synsam Group’s CFO is responsible for managing the Group’s internal control. The question of whether to introduce a special internal audit function will be reviewed annually.