The Board of Directors is ultimately responsible for ensuring that the Group has an effective system for risk management and internal control.
In accordance with the Swedish Companies Act and the Swedish Corporate
Governance Code, the Board is responsible for ensuring that the Company
has well-designed internal control and solid processes in place for determining that the Company’s financial reporting is controlled in a satisfactory manner. Internal control at Axfood is based on the COSO Internal Control Integrated Framework, which has been adapted to the operations. The framework comprises five integrated components:
- control environment
- risk assessment
- control activities
- information and communication
Axfood’s CFO has ultimate responsibility for ensuring that the work on and monitoring of the internal control are conducted in accordance with the method decided on by the Board. A steering committee under the direction of the CFO is responsible for this work. This steering committee reports its conclusions to the Board on a regular basis.
The control environment forms the basis of the internal control over financial reporting. It is important that decision-making channels, authorisations and responsibilities are clearly defined and communicated throughout the organisation. In addition, governance documents in the forms of internal
policies, guidelines, manuals and handbooks are available to all employees.
Axfood’s Board has established defined work processes and Rules of
Procedure for its work and the work of its committees. For financial reporting,
the Board has established an Audit Committee.
To create a solid foundation for internal control and to maintain a high standard in the Group, the Board has adopted a number of fundamental governance documents, including Rules of Procedure for the Board and President, a finance and credit policy, and a communication policy. In addition, the Board has ensured that the organisational structure lays out clear roles, responsibilities and processes that promote the effective management of risks in the business and also internal control, thereby enabling goal achievement.
Together with the internal control function, the steering committee works continuously on developing, adapting and improving Axfood’s control environment. The purpose of this is to maintain a control environment that is functional and effective, while also ensuring a high level of quality and reliability in the financial reporting.
Axfood continuously evaluates the risks of errors in the financial reporting to
ensure that they are managed. Risk analyses are carried out twice a year
and, based on the results, the Board’s Audit Committee evaluates and
decides which risks are material to take into consideration in order to ensure
reasonable internal control over financial reporting.
Axfood’s control activities derive from the most material risks that impact
the financial reporting. These control activities are defined in Group-wide
risk and control matrixes. The matrixes are specified by company and the
steering committee defines the business-critical processes related to the
financial reporting. There is also another Group-wide matrix that ensures
compliance with policies.
The control activities are designed according to a structure aimed at
detecting and preventing risks of errors in the reporting. This also ensures
efficiency and reasonable control in all of the Group’s processes related to
the financial reporting. Examples of control activities include reconciliation
of accounts, analyses of profit/loss items, inventory counts and user access
Information and communication
All of Axfood’s governance documents are communicated via the Group’s
intranet in the Axekon financial manual. The financial manual is updated
continuously according to changes in both internal and external requirements. Furthermore, the Audit Committee reviews governance documents such as the investment policy and finance and credit policy at least once a year.
Information and communication are to be carried out in accordance with
the Group’s communication structure and procedures as stated in Axfood’s
communication policy. The policy contains guidelines for information disclosure regarding internal and external reporting of financial information. The policy is communicated via the financial manual.
The Board, through the Audit Committee, is responsible for the quality
assurance of the Group’s monitoring of the internal control over financial
reporting. The internal control work, together with the auditors’ audit, provides support to the Board and Executive Committee in assessing and identifying material risk areas in the financial reporting, so that they can thereafter assess which efforts and follow-up initiatives to employ in selected areas. Furthermore, the Group has a central risk management function that works through the companies. Axfood does not have a separate audit function, since the functions described above fulfil this role.
The steering committee for internal control is responsible for monitoring the results and efficiency of the internal control, by using self-assessments. Any deviations are reported to the control owner and financial managers to
remediate noted deficiencies. The results of the self-assessments and the
outcome of the external audit are reported to the Audit Committee and the
Focus areas during 2021
During 2021, Axfood recruited an internal control specialist to devote greater focus to adapting and developing the internal control. The process of monitoring and reporting has been expanded to include a more in-depth dialogue with control owners and companies to ensure efficiency in all processes.