Risk management and internal control over financial reporting

The Audit Committee has a specific responsibility for monitoring the effectiveness of risk management and internal controls regarding financial reporting.

Control environment

The basis for internal control over financial reporting is the control environment that has been documented and communicated in governing documents. These include internal policies on business ethics, delegation of authority, related party transactions and fraud response. In addition, a set of policies and instructions for accounting and reporting, as well as for internal control and IT security, has been established. All policies are regularly updated and distributed through a system whereby key individuals confirm implementation within their area of responsibility. Fundamental to creating an effective control environment is the establishment of clear decision-making and review structures. Swedish Match has established a system of ­regular review meetings between the Group, operating units and local management during which the Group values are reinforced.

Risk assessment

The Group applies a risk assessment and a risk management method to ensure that the risks to which the Group is exposed are managed within the established framework. Based on the risk assessment, the Group defines a standardized system of controls to ensure that essential risks pertaining to financial reporting are properly mitigated. These standardized controls are reviewed and updated annually. In addition, each operating unit is charged with the responsibility to assess company-specific risks and identify additional key internal controls not covered by the standardized system of controls.

Control activities

Based on the framework of Group policies and instructions, the heads of Swedish Match’s operating units are charged with the responsibility to establish internal controls over financial reporting. Control activities are established in all business processes and systems supplying information to the financial accounts in order to safeguard the reliability of the information.

Information and communication

Management has established communication channels and forums to allow for an effective information flow relating to business conditions and changes affecting financial reporting.

Monitoring

The Group monitors compliance with governing documents in the form of internal policies and instructions, and evaluates the effectiveness of the control structure. The Group Internal Audit department is established with the primary task of independently evaluating the effectiveness of internal controls. Internal Audit’s work is based on risk-driven plans that are triggered by specific changes and events. The head of Internal Audit reports directly to the Chairman of the Audit Committee and to the CFO.

Financial accounts are provided on a monthly, quarterly and annual basis to the Group and operating unit management through a common reporting and consolidation system. Financial and operating management review the financial information to validate completeness and accuracy. The Board receives monthly reports, and the financial status of the Group is discussed at every scheduled Board meeting. The Disclosure Committee monitors the sufficiency of financial accounts with regard to disclosure requirements.

Stockholm, February 19, 2013 

The Board of Directors of Swedish Match AB

Source: Swedish Match Annual Report 2012