Risk management and internal control over financial reporting

The Board of Directors is responsible for internal control over financial reporting pursuant to the Swedish Companies Act and the Swedish Corporate Governance Code. 

The Audit Committee has a specific responsibility for monitoring the effectiveness of risk management and internal controls regarding financial reporting. This report describes the Group’s system for internal control and risk management regarding financial reporting.

Control environment

The foundation for internal control over financial reporting is the control environment that has been documented and communicated. It includes the Swedish Match Code of Conduct and internal policies and instructions on delegation of authority, accounting and reporting, internal control and information security. All governing documents are regularly updated and distributed to key individuals who implement them within their area of responsibility. Fundamental to creating an effective control environment is the Board of Directors´, the Audit Committee’s and management’s unyielding dedication to reliable financial reporting. Swedish Match has established clear decision-making and review structures, including a system of regular review meetings between the Group, operating units and local management during which the Group values are reinforced.

Risk assessment

The Group applies a risk assessment and a risk management method to ensure that the risks to which the Group is exposed are managed within the established framework. Based on the risk assessment, the Group defines a standardized system of controls to ensure reliable financial recordkeeping, transparent financial reporting and disclosure, and protection of physical and immaterial assets. These standardized controls are reviewed and updated annually. In addition, each operating unit is charged with the responsibility to assess company-specific risks and identify additional key internal controls not covered by the standardized system of controls.

Control activities

Based on the framework of Group policies and instructions, the heads of Swedish Match’s operating units are charged with the responsibility to establish internal controls over financial reporting to meet the requirements of the standardized system of controls as well as to mitigate material company specific financial reporting risks. Control activities are established in all business processes and systems supplying information to the financial accounts in order to safeguard the reliability of the information.

Information and communication

The information and communication component includes the systems and procedures that support the identification, capture, and exchange of information in a form and timeframe that enable personnel to carry out their responsibilities and reliable financial reports to be generated. Management has established communication channels and forums to allow for an effective information flow relating to business conditions and changes affecting financial reporting. The Swedish Match Code of Conduct encourages employees to raise compliance concerns promptly and prohibits retribution for doing so.

Monitoring

The Group monitors compliance with governing documents in the form of internal policies and instructions, and evaluates the effectiveness of the control structure. The Group Internal Audit department is established with the primary task of independently evaluating the effectiveness of internal controls. Internal Audit’s work is based on annual risk-focused plans that are updated throughout the year based on changes and events which influence the risks relating to the system for internal control. These plans are reviewed and approved by the Audit Committee and Internal Audit reports regularly on the results directly to the Audit Committee and to company management. The Audit Committee monitors that recommended actions are taken to improve the internal control regarding financial reporting. The head of Internal Audit reports directly to the Chairman of the Audit Committee and to the CFO. The Audit Committee also receives regular reports from the external auditor.

Financial accounts are provided on a monthly, quarterly and annual basis to the Group and operating unit management through a common reporting and consolidation system. Financial and operating management review the financial information to validate completeness and accuracy. The Board receives monthly reports, and the financial status of the Group is discussed at every scheduled Board meeting. At these Board meetings the Chairman of the Audit Committee also informs the Board on the work of the Audit Committee relating to the monitoring of the effectiveness of internal controls regarding financial reporting. The Disclosure Committee monitors the sufficiency of financial reports with regard to dis­closure requirements.

Stockholm, February 13, 2018

The Board of Directors of Swedish Match AB

Source: Swedish Match Annual Report 2017