Internal control – financial reporting

ASSA ABLOY’s internal control process for financial report­ing is designed to provide reasonable assurance of reliable financial reporting, which is in compliance with generally accepted accounting principles, applicable laws and regula­tions, and other requirements for listed companies.

Control environment

The Board of Directors holds ultimate responsibility for effective internal control and has therefore established fundamental documents of significance for financial reporting. These documents include the Board of Directors’ rules of procedure and instructions to the CEO, the Code of Conduct, financial policy, an annual financial evaluation plan etc. Regular meetings are held with the Audit Committee. The Group has an internal audit function whose primary objective is to ensure reliable financial reporting and good internal control.

Financial reporting is governed by the ASSA ABLOY Ac­counting and Reporting Manual. It contains detailed instruc­tions on accounting policies and procedures for financial reporting that must be applied by all units. The entire Group uses a financial reporting system with pre-defined report templates. ASSA ABLOY has an internal control framework containing business-critical parts defining a minimum of mandatory control activities that help reduce the level of risk. The framework must be applied by all companies in the Group, and compliance with controls is reviewed annually by means of self-assessment at selected companies.

Risk assessment

Risk assessment is built in to the processes in question and a variety of methods are used to assess and limit risk, as well as to ensure that risks are managed in compliance with es­tablished policies and guidelines. Risk assessment includes identifying and evaluating the risk of material errors in accounting and financial reporting at Group, division and local levels. The specific material risks that ASSA ABLOY has identified associated with financial reporting are errors in business-critical processes such as sales, purchases, financial statements, inventories, facilities management, taxes, legal issues, occupational injuries and the risk of fraud, loss or embezzlement of assets.

Control activities

The Group’s controller and accounting organization at both central and division levels plays a significant role in ensuring reliable financial information. It is responsible for complete, accurate and timely financial reporting. An internal audit function has been established and carries out audits in accordance with the plan annually adopted by the Audit Committee. The results of the audits are communicated to the Audit Committee and the external auditors. Each division has employed full-time internal auditors who audit the companies and monitor internal control.

Information and communication

Reporting and accounting manuals as well as other financial reporting guidelines are available to all employees concerned on the Group’s intranet. A regular review and analysis of financial outcomes is carried out at both business unit and division levels and as part of the established operating Board structure. The Group also has established procedures for ex­ternal communication of financial information, in accordance with the rules and regulations for listed companies.

Review process

The Board of Directors and the Audit Committee evaluate and review the Annual Report and Interim Reports prior to publication. The Audit Committee monitors the financial reporting and other related issues, and regularly discusses these issues with the external auditors. All business units report their financial results monthly in accordance with the Group’s accounting principles. This reporting serves as the basis for Interim Reports and a monthly legal and operating review. Operating reviews conform to a structure in which sales, earnings, cash flow, capital employed and other im­portant key figures and trends for the Group are compiled, and form the basis for analysis and actions by management and controllers at different levels. Financial reviews take place quarterly at divisional Board meetings, monthly in the form of performance reviews and through more informal analysis. Other important Group-wide components of internal control are the annual business planning process and regular forecasts.

Divisions, local company management teams and process owners are responsible for ongoing testing of internal controls by means of annual self-assessment in accordance with the requirements in ASSA ABLOY’s internal control framework. The results of the self-assessment and action plans are monitored annually and reported to the Audit Committee. The divisions, management of local companies and process owners are responsible for ensuring that agreed measures are implemented.

Internal audit

The internal audit function is part of the Group’s financial organization, and the head of the internal audit function reports to the Chief Financial Officer. Each division has em­ployed full-time internal auditors who audit the companies and monitor internal control. The aim of these audits is to evaluate internal processes, systems and controls and en­sure that they are effective and comply with ASSA ABLOY’s policies and guidelines. Detailed audit reports are issued to the local company management team, process owners and divisions after each audit. The reports contain observations and recommendations with a view to improving operations and reducing potential risks.

The internal audit function also provides regular updates on the status of the audit plan, agreed measures and com­pliance with internal control to management and the Audit Committee.