Risk management and internal control over financial reporting

The Board of Directors is responsible for internal control over financial reporting pursuant to the Swedish Companies Act and the Swedish Corporate Governance Code.

The Audit Committee has a specific responsibility for monitoring the effectiveness of risk management and internal controls regarding financial reporting. This report describes the Group´s system for internal control and risk management regarding financial reporting.

Control environment

The foundation for internal control over financial reporting is the control environment that has been documented and communicated in governing documents. These include internal policies on business ethics, delegation of authority, related party transactions and fraud response. In addition, a set of policies and instructions for accounting and reporting, as well as for internal control and IT security, has been established. All policies are regularly updated and distributed to key individuals who confirm implementation within their area of responsibility. Fundamental to creating an effective control environment is the establishment of clear decision-making and review structures. Swedish Match has established a system of regular review meetings between the Group, operating units and local management during which the Group values are reinforced.

Risk assessment

The Group applies a risk assessment and a risk management method to ensure that the risks to which the Group is exposed are managed within the established framework. Based on the risk assessment, the Group defines a standardized system of controls to ensure that essential risks pertaining to financial reporting are properly mitigated. These standardized controls are reviewed and updated annually. In addition, each operating unit is charged with the responsibility to assess company-specific risks and identify additional key internal controls not covered by the standardized system of controls.

Control activities

Based on the framework of Group policies and instructions, the heads of ­Swedish Match’s operating units are charged with the responsibility to establish internal controls over financial reporting. Control activities are established in all business processes and systems supplying information to the financial accounts in order to safeguard the reliability of the information.

Information and communication

The information and communication component includes the systems and procedures that support the identification, capture, and exchange of information in a form and timeframe that enable personnel to carry out their responsibilities and reliable financial reports to be generated. Management has established communication channels and forums to allow for an effective information flow relating to business conditions and changes affecting financial reporting.

Monitoring

The Group monitors compliance with governing documents in the form of internal policies and instructions, and evaluates the effectiveness of the control structure. The Group Internal Audit department is established with the primary task of independently evaluating the effectiveness of internal controls. Internal Audit’s work is based on annual risk-focused plans that are updated throughout the year based on changes and events which influence the risks relating to the system for internal control. These plans are reviewed and approved by the Audit Committee and Internal Audit reports regularly on the results directly to the Audit Committee and to company management. The Audit Committee monitors that recommended actions are taken to improve the internal control regarding financial reporting. The head of Internal Audit reports directly to the Chairman of the Audit Committee and to the CFO. The Audit Committee also receives regular reports from the external auditor.

Financial accounts are provided on a monthly, quarterly and annual basis to the Group and operating unit management through a common reporting and consolidation system. Financial and operating management review the financial information to validate completeness and accuracy. The Board receives monthly reports, and the financial status of the Group is discussed at every scheduled Board meeting. At these Board meetings the Chairman of the Audit Committee also informs the Board on the work of the Audit Committee relating to the monitoring of the effectiveness of internal controls regarding financial reporting. The Disclosure Committee monitors the sufficiency of financial accounts with regard to dis­closure requirements.

Stockholm, February 16, 2017

The Board of Directors of Swedish Match AB

Source: Swedish Match Annual Report 2016