Internal control
The Board of Directors is ultimately responsible for ensuring that the Group has an effective system for risk management and internal control.
In accordance with the Swedish Companies Act and the Swedish Corporate Governance Code, the Board is responsible for ensuring that Axfood has well-designed internal control and solid processes in place for determining that the Company’s financial reporting is controlled in a satisfactory manner. Internal control at Axfood is based on the COSO Internal Control Integrated Framework, which has been adapted to the operations. The framework comprises the following components: control environment, risk assessment, control activities, information and communication, and monitoring.
Axfood’s CFO has ultimate responsibility for ensuring that the work on and monitoring of the internal control are conducted in accordance with the method decided on by the Board. A steering committee is responsible for this work and reports the results and its conclusions to the Audit Committee and the Board.
Control environment
The control environment forms the basis of the internal control over financial reporting. It is important that decision-making channels, authorisations and responsibilities are clearly defined and communicated throughout the organisation. In addition, governance documents in the forms of internal policies, guidelines, manuals and handbooks are available to all employees. Axfood’s Board has established defined work processes and rules of procedure for its work and the work of its committees. For financial reporting, the Board has established an Audit Committee.
To create a solid foundation for internal control and to maintain a high standard in the Group, the Board has adopted a number of fundamental governance documents, including rules of procedure for the Board and President, a finance and credit policy, and a communication policy. In addition, the Board has ensured that the organisational structure lays out clear roles, responsibilities and processes that promote the effective management of risks in the business and also internal control, thereby enabling goal achievement.
Together with the internal control function, the steering committee works continuously on developing, adapting and improving Axfood’s control environment. The purpose of this is to maintain a control environment that is functional and effective, while also ensuring a high level of quality and reliability in the financial reporting.
Risk assessment
Axfood continuously evaluates the risks of errors in the financial reporting to ensure that they are managed. Risk analyses are carried out twice a year and, based on the results, the Board’s Audit Committee evaluates and decides which risks are material to take into consideration in order to ensure reasonable internal control over financial reporting.
Control activities
Axfood’s control activities derive from the most material risks that impact the financial reporting. These control activities are defined in the Group’s risk and control matrixes. The matrixes are specified by company and the steering committee defines the business-critical processes related to the financial reporting. There is also another risk and control matrix that ensures that risks in Group-wide processes are managed effectively.
The control activities are designed according to a structure aimed at detecting and preventing risks of errors in the reporting. This also ensures efficiency and reasonable control in all of the Group’s processes related to the financial reporting. Examples of control activities include reconciliation of accounts, analyses of profit/loss items, inventory counts and user access reviews.
Information and communication
All of Axfood’s governance documents are communicated via the Group’s intranet and are updated annually to reflect any changes to internal and external requirements. Guidelines for internal governance and control are announced in accordance with the Group’s communication structure and procedures for governance documents.
The steering committee for internal control reports the results of the year’s internal control work to the Audit Committee, primarily focusing on observations, recommendations and measures.
Monitoring
The Board, through the Audit Committee, is responsible for the quality assurance of the Group’s monitoring of the internal control over financial reporting. The internal control work, together with the auditors’ audit, provides support to the Board and Executive Committee in assessing and identifying material risk areas in the financial reporting, so that they can thereafter assess which efforts and follow-up initiatives to employ in selected areas. Furthermore, the Group has a central risk management function.
The steering committee for internal control is responsible for monitoring the results and efficiency of the internal control by using self-assessments. Any deviations are reported to the control and process owner to remediate noted deficiencies. The results of the self-assessments and the outcome of the external audit are reported to the Audit Committee and the Board.
Focus areas during 2022
During 2022, Axfood actively worked to improve and strengthen the Group’s internal control by further developing and clarifying the Group’s control framework. The employees involved received additional training in the area to improve their understanding. Closer cooperation with the control owners also resulted in positive changes to the evaluation and reporting process, thereby ensuring the effectiveness of the entire process.