The Board has overall responsibility for the company’s systems pertaining to internal control.
The responsibility is regulated by the Swedish Companies Act, which also states that the Audit Committee has a specific responsibility for monitoring quality assurance in risk management and internal control of the financial reporting.
The company’s work on internal control follows the framework developed by The Committee of Sponsoring Organisations of the Treadway Commission (COSO). The framework consists of five individual areas: control environment, risk assessment, control activities, information and communication and follow-up.
The control environment comprises the organisational structure and the values, guidelines, policies, instructions and so on, according to which the organisation works. Effective Board work forms the basis of good internal control and the Board of Clas Ohlson has established rules of procedure and clear instructions for its work. This also includes the Board’s Remuneration and Audit Committees.
Part of the Board’s work involves drawing up and approving the policies that govern the Group’s work on internal control. Another part involves creating the necessary conditions for an organisational structure with clear roles and responsibilities, leading to effective management of the risks in the operation.
The Group has regulations governing decision-making and authorisation levels that parallel the Group’s organisational structure. The focus is on clarifying who has a mandate to decide on investments, activities, signing of agreements and so forth in each function and the limits in terms of the amounts involved. In the event that the amount exceeds the function’s mandate, the decision is assigned to the next level in the organisation. This has been done in order to further improve the corporate governance and awareness at the various levels in the organisation. The regulations governing decision-making and authorisation constitute the basis for decision-making at Clas Ohlson.
The senior management is responsible for implementing guidelines for the maintenance of good internal control. An ongoing work is being done in developing and improving internal control. The senior management and the Audit Committee report continuously to the Board according to approved procedures.
All activity is undertaken in accordance with the ethical guidelines drawn up in the Group’s Code of Conduct.
Risk assessment and control activities
A model has been devised in the company to assess the risk of errors in financial reporting. The purpose of the model is to identify a number of items in the income statement and balance sheet and processes for preparation of financial information where the risk of errors is judged to be elevated.
The Group’s income consists of sales in stores and online shopping where payment is principally made by credit card or in cash. This income is documented in its entirety in bank accounts which are reconciled daily. The risk of errors in the reporting of income is limited. Group expenses primarily comprise goods-related expenses, freights, salaries and social security contributions, rental expenses and marketing. Income and expenses are forecasted for each store and department. The outcome is checked monthly against both the forecast and the preceding year.
About 78 per cent of Clas Ohlson’s assets consist of inventories and non-current assets. Accordingly, particular emphasis has been placed on preventing and detecting deficiencies in these areas when designing internal controls.
The processes and the control structure are documented in a separate financial manual, which is updated regularly. Work is continuously in progress to evaluate the most essential processes in the Group. The greatest risks in each process are documented.
An assessment is then made of whether the controls that take place are adequate. If there is a need, further compensatory controls are introduced to reduce the risk to an acceptable level.
The subsidiaries have accounting managers and controllers who ensure that financial reporting is correct and complete. In addition, they ensure that legislation is observed and that financial reporting is completed within the time frames to senior management and to the Group accounting function. Moreover, there are controllers at major Group functions and on the Group finance function with equivalent working tasks. The Group finance function has a close and well-functioning cooperation with subsidiaries as regards reporting and closing accounts. Each month, all subsidiaries report complete closing accounts, which constitute the basis for the Group’s consolidated financial reporting.
Information and communication
Major policies, guidelines, instructions and manuals that are of significance to internal control are regularly updated and communicated to employees concerned. General guidelines and instructions are also available on the company’s intranet. There are both formal and informal information channels to the senior management and the Board for information from staff. The Board receives regular feedback from the operations on questions that relate to internal control through the Audit Committee. For external communication, there are guidelines that support the requirement to provide the equities market with correct information.
Follow-up of internal control
Senior management and the Audit Committee regularly report to the Board on the basis of established procedures. The Board receives regular information from the CEO every month through a monthly report for the Group. This monthly report also contains information on the results and financial positions of the subsidiaries.
Each interim report is analysed by the Audit Committee with regard to the correctness of the financial information. The Audit Committee also plays a key role in monitoring to ensure that there are sufficient control activities for the most essential areas of risk pertaining to the financial reporting and communicating material issues to the senior management, Board and auditors. An important aspect is to ensure that any viewpoints from the auditors are rectified.
Twice a year, the entire Board meets the company’s auditors to be informed of the external audit and discuss relevant issues. On the basis of the auditors’ reporting, the Board forms a picture of the internal control and the correctness of the financial information. The CEO does not take part in any issues that relate to company management.
Following evaluations in the financial year and preceding years, the Board has not found it necessary to date to establish an internal audit function. The company’s Group-wide controller function has instead been adapted to also deal with work regarding internal control. The question of whether to establish a separate internal audit function is re-examined annually. Furthermore, the company has a Risk Committee that continuously evaluates material risks and control activities.