Board of directors’ report on internal control

Under the Swedish Companies Act, the Board shall ensure that the company’s organisation is structured so that accounting, financial management and the company’s financial affairs otherwise can be adequately controlled. The Swedish Corporate Governance Code (“the Code”) clarifies this and prescribes that the Board is responsible for internal control. This report is prepared in accordance the Annual Accounts Act and the Code. The reporting is limited to addressing internal control concerning financial reporting in accordance with the Code, item 7.4.

The Board supervises the quality of the financial reporting through instructions to the President. It is the President’s duty, jointly with the Group’s CFO, to review and quality-assure all external financial reporting including financial statements, interim reports, annual reports and press releases with financial content, as well as presentation material in connection with meetings with the media, shareholders and financial institutions.

The rules of procedure decided annually by the Board include detailed instructions on, for example, the financial reports and the type of financial information to be submitted to the Board. In addition to financial statements, interim reports and annual reports, the Board examines and evaluates comprehensive financial information that pertains to the Group as a whole and to the various units included in the Group.

The Board also examines, primarily through the Board’s Audit Committee, the most significant accounting policies applied to the financial reporting by the Group, and significant changes to policies in the reporting. The Audit Committee’s duties also include examining internal and external audit reports regarding internal control and the processes for financial reporting.

The Group’s external auditors report to the Board as required, but at least once a year. At least one of these meetings, the President and CFO leave after presenting their formal reports to enable Board members to conduct discussions with auditors without the participation of senior executives. The Group’s external auditors also participate at the meetings of the Audit Committee. The Audit Committee reports back to the Board after every meeting. All Audit Committee meetings are minuted and the minutes are available for all Board members and the auditors.

Control environment
The control environment represents the basis for the internal control over financial reporting. An important part of the control environment is that decision paths, authorities and responsibilities must be clearly defined and communicated between various levels in the organisation and that the control documents are available in the form of internal policies, handbooks, guidelines and manuals. Thus, a key part of the Board’s work is to prepare and approve a number of fundamental policies, guidelines and frameworks. These include, among other things, the Board’s rules of procedure, Instructions for the President, Investment policies, Financial policies and the Insider policy. The aim of these policies is to create a basis for sound internal control.

Furthermore, the Board focuses on ensuring that the organisational structure provides distinct roles, responsibilities and processesthat benefit the effective management of the operation’s risks and facilitate goal fulfilment. Part of the responsibility structure includes an obligation for the Board to evaluate the operation’s performance and earnings on a regular basis, through appropriate report packages containing income statements, balance sheets, analyses of important key figures and comments pertaining to the business status of each operation. The Board has established an Audit Committee to assist the Board specifically in the financial reporting. To help strengthen the internal control, Mekonomen Group has prepared a financial handbook that provides an overall view of existing policies, rules and regulations and procedures within the financial area. This is a living document, which is updated regularly and adapted to internal and external changes. In addition to the financial handbook, there are instructions that provide guidance on daily work in branches and the rest of the organisation, for example, pertaining to stock taking and cash-register reconciliation, etc.

Risk assessment
Mekonomen Group conducts continuous surveys of the Group’s risks. In these surveys, a number of items are identified in the financial statements and administrative flows and processes where there is an elevated risk of error. The company works continuously to reduce these risks by strengthening controls. Furthermore, risks are addressed in a special forum, including questions related to start-ups and acquisitions. For a more detailed description of risks, refer to Risks and uncertainties in the Administration Report and in Note 35 Financial risks in the 2018 Annual Report.

Control activities
Risks of errors in the financial reporting are reduced through a high level of internal control over the financial reporting, with specific focus on significant areas defined by the Board. Within Mekonomen Group, the control structures comprise an organisation with clear roles that enables effective and, from an internal control perspective, suitable division of responsibilities, specific control activities that aim to identify and prevent risks of misstatements in the reporting in time.

Examples of control activities include clear decision-making processes and decision orders for significant decisions, results analyses and other control activities within significant processes. Control activities within these processes include analytical follow-up, spot checks, account reconciliation, inventory checks in stock and branches and engagement reviews.

Internal audit
In 2018, Mekonomen Group hired the auditing firm Deloitte to conduct the internal audit in the Group. The internal audit function as an independent and objective assurance and advisory function, which creates value and increases certainty in internal control. This is done by evaluating and proposing improvement in such areas as risk management, compliance with policies and efficiency in the internal control over the financial reporting. The function works throughout the Group. Reporting is done to the Audit Committee, the President and the CFO and information is provided to management in each business area and other units on the results of the audits performed.

Information and communication
Policies and guidelines are particularly important for accurate accounting, reporting and dissemination of information. Policies and guidelines on the financial process are continuously updated at Mekonomen Group. Such updates mainly take place in each Group function for the various operations through e-mails, but also at regular CFO meetings in which representatives from the Group finance function participate. For communication with internal and external parties, a communications policy is in place that states guidelines for conducting communication. The aim of the policy is to ensure that all information obligations are complied with in a correct and complete manner.

Follow-up
The Board evaluates the information submitted by the Group Management Team and auditors. In conjunction with this, the Audit Committee was responsible for the preparation of the Board’s work to quality assure the Group’s financial reporting. The CEO and CFO hold monthly reviews of financial position with each Head of Operations. Group finance function also cooperates closely with the Group company finance managers and controllers of Group companies on matters pertaining to accounting and reporting. The follow-up and feedback concerning possible deviations arising in the internal controls are a key part of the internal control work, since this is an efficient manner for the company to ensure that errors are corrected and that the control is further strengthened.

Internal control

Mekonomen Group’s internal control process is designed to manage and minimise the risk of errors in the financial reporting