Internal control

Effective Board work is the foundation for good internal control. The Board’s work plan and the instructions for the CEO and the Board’s committees ensure a clear delegation of roles and responsibilities to the benefit of effective management of risks in the Company’s operations.

In addition, the Board has adopted a number of fundamental guidelines and policies designed to create the conditions for a good control environment. These include, among other things, Indutrade’s Code of Conduct, Finance Policy and Investment Policy. These policies are followed up and revised as needed. The Group Management continuously draws up instructions for the Group’s financial reporting which, together with the policies adopted by the Board, are included in the Group’s manual of instructions and policies.

The Group has a joint reporting system that serves as the base for the Group’s monthly reporting, consolidation work and monitoring of earnings performance.

The Company has implemented a structured process for assessing risks that could affect financial reporting. This is an annually recurring process and is evaluated by the Audit Committee and the Board.

Through this risk assessment it has been ascertained that the Group’s structure, consisting of a large number of standalone companies of varying size that are independent from each other in various sectors and geographic markets, entails a considerable diversification of risk. The risk assessment also covered the Group’s income statement and balance sheet items to identify areas in which the aggregate risk for error and the effects of these would be greatest. The areas identified consisted primarily of revenue recognition, acquisition reporting, trade receivables and inventories.

In addition, continuous risk assessment is conducted in connection with strategic planning, budgeting, forecasts and acquisition activities, aimed at – among other things – identifying events in the market or operations that could give rise to changes in e.g., revenue streams and valuations of assets or liabilities.

The Indutrade Group was organised in eight business areas in 2023. In addition to a business area director, each business area management team also includes a controller function. The business area controller plays a central role in analysing and monitoring the business area’s financial reporting and in ensuring compliance by the companies in the business area with Group policies. The Parent Company has additional functions for continuous analysis and monitoring of financial reporting by the Group, the business areas and subsidiaries. The Parent Company’s finance department also initiates work on the annual self assessment routine regarding internal control over financial reporting.

At the start of 2023, all companies owned by Indutrade were required to respond to a questionnaire designed to evaluate internal control based on the risk analysis. The responses were compiled and evaluated. As a complement to this work, the auditors validated parts of the respective companies’ completed questionnaires. In addition to this, the controllers of the business areas and Parent Company monitor internal control through visits to a number of companies each year. Both the evaluation performed by the Company and the result of the auditors’ validation were reported and discussed with the Audit Committee. Feedback is provided to the companies in the Group where a need for improved routines has been identified.

The audit committee also presented the results to the Board. The evaluation of internal control over the Group’s financial reporting will serve as documentation for the subsequent years’ self assessment and work on further strengthening internal control.

The Company’s governing documents, consisting of policies, guidelines and manuals – to the extent that these pertain to financial reporting – are updated on a regular basis and communicated to the companies within the Group. A number of trainings and informational meetings were held during 2023, both in person and in digital formats. Systems and routines have been established to provide management with reports on the results of operations and financial position in relation to set targets, among other things.

The Board conducts a monthly evaluation of business development, earnings, position and cash flow using a report pack containing comments on outcomes and certain key ratios.

The Audit Committee has an oversight role regarding the Company’s financial reporting, risk management, and governance and control. In addition, the Audit Committee maintains regular contact with the Company’s auditors to ensure that the Company’s internal and external reporting satisfies requirements made on market-listed companies and to monitor any observations that emerge from the audit.

The Group has a simple operative structure consisting primarily of small and medium-sized standalone businesses that are independent of each other, with varying conditions for internal control.

Compliance with governance and internal control systems that have been drawn up by the Group is checked by the company Boards of Directors and controllers on a regular basis at the business area and Parent Company levels. It is done in a variety of ways, such as special internal control visits. In addition, the controllers perform continuing analyses of the companies’ reporting and financial outcomes to identify deviations and errors.

Added to this is the routine for annual self assessment of internal control over financial reporting. In view of the above, the Board has opted to not have a dedicated internal audit function.