Internal control
The Board of Directors is ultimately responsible for ensuring that the Group has an effective system for risk management and internal control.
In accordance with the Swedish Companies Act and the Code, the Board is responsible for ensuring that the Company has well-designed internal controls and solid processes in place to ensure that the financial reporting is controlled in a satisfactory manner. Internal control at Axfood is based on the COSO Internal Control Integrated Framework, which has been adapted to the operation. The framework consists of the following components: control environment, risk assessment, control activities, information and communication, and monitoring.
Axfood’s CFO has the primary responsibility for ensuring that the work with and monitoring of the internal controls are conducted in accordance with the method decided on by the Board. The internal control function is responsible for the ongoing work and for reporting results and conclusions to the Audit Committee and the Board.
Control environment
The control environment forms the basis of the internal control framework. Decision-making channels, authorisations and responsibilities are clearly defined and communicated throughout the organisation. In addition, governance documents such as internal policies, guidelines, manuals and handbooks are available to all employees. Axfood’s Board has established defined processes and rules of procedure for the Board and its committees. An Audit Committee has been established for the reporting.
To create a solid foundation for internal control and to maintain a high standard within the Group, the Board has adopted a number of fundamental governance documents, including rules of procedure for the Board and President, a finance and credit policy, and a compliance policy. In addition, the Board has ensured that the organisational structure lays out clear roles, responsibilities and processes that ensure effective management of risks and internal control, thereby enabling goal achievement.
The internal control function works continuously on developing, adapting and improving Axfood’s control environment. The purpose of this is to maintain a control environment that is functional and effective, while also ensuring high-quality and reliable reporting.
Risk assessment
Axfood continuously evaluates the risk of errors in the financial reporting to ensure that they are managed. Risk are assessments at least twice a year and on a continuing basis as needed. Based on the results, the Audit Committee evaluates and decides which risks to take into consideration in order to ensure reasonable internal control over financial reporting.
Control activities
Axfood’s control activities derive from the most material risks that impact the reporting. These control activities are defined in the Group’s risk and control matrixes. The matrixes are specified by company and business critical processes related to the financial reporting defined by the steering committee. Furthermore, an additional risk and control matrix is implemented to ensure that risks within Group-wide processes are effectively managed.
The control activities are designed according to a structure aimed at detecting and preventing risks of errors in the reporting. In addition, the structure also ensures efficiency and reasonable control in all of the Group’s processes related to financial reporting. Examples of control activities include reconciliation of accounts, analyses of profit/loss items, inventory counts and user access reviews.
Information and communication
All of Axfood’s governance documents are communicated via the Group’s intranet and are updated annually to reflect any changes to internal and external requirements. Guidelines for internal control are announced in accordance with the Group’s communication structure and procedures for governance documents.
The internal control function reports the results of the year to the Audit Committee, primarily focusing on observations, recommendations and mitigating activities.
Monitoring
The Board, through the Audit Committee, is responsible for the quality assurance of the Group’s monitoring of internal control. The internal control work, together with the external audit, provides support to the Board and Executive Committee in assessing and identifying material risk areas in the reporting process. This enables the possibility to assess efforts and follow-up initiatives in selected areas. Furthermore, the Group has a central risk management function.
The internal control function is responsible for the results and efficiency of the internal control, which is monitored through self-assessments. Any deviations are reported to the control and process owner to remediate noted deficiencies. The results of the self-assessments and the outcome of the external audit are reported to the Audit Committee and the Board.
Focus areas during 2023
During 2023, Axfood worked to further improve and strengthen the shared control framework, with a particular focus on sustainability reporting. In addition, training in internal control was carried out to create a better understanding and basis for a solid performance in this area.