In accordance with the Swedish Companies Act and the Code, the Board is responsible for ensuring that the Company has well-designed internal controls and solid processes in place to ensure that the financial and sustainability reporting is controlled in a satisfactory manner. Internal control at Axfood is based on the COSO Internal Control Integrated Framework, which has been adapted to the operation. The framework consists of five components: control environment, risk assessment, control activities, information and communication, and monitoring.

Axfood’s CFO has the primary responsibility for ensuring that the work with and monitoring of the internal controls are conducted in accordance with the method decided on by the Board through the Audit Committee. The internal control function is responsible for the ongoing work and for reporting results and conclusions to the Audit Committee.

Control environment

The control environment forms the basis of the internal control framework. Decision-making channels, authorisations and responsibilities are clearly defined and communicated throughout the organisation. In addition, governance documents such as internal policies, guidelines and manuals are available to all employees. Axfood’s Board has established defined processes and rules of procedure for the Board and its committees. An Audit Committee has been established for the reporting.

To create a solid foundation for internal control and to maintain a high standard within the Group, the Board has adopted a number of fundamental governance documents, including rules of procedure for the Board and instructions for the President and CEO, codes of conduct for employees and for supplies and policies for risk and regulatory compliance, finance, security, communication, sustainability, insider information, and HR and work environment. In addition, the Board has ensured that the organisational structure lays out clear roles, responsibilities and processes that ensure effective management of risks and internal control, thereby enabling goal achievement.

The internal control function works continuously on developing, adapting and improving Axfood’s control environment in order to maintain a control environment that is functional and effective, while also ensuring high-quality and reliable reporting.

Risk assessment

Axfood continuously evaluates the risk of errors in the financial and sustainability reporting to ensure that they are managed. Risk are assessments at least twice a year and on a continuing basis as needed. Based on the results, the Audit Committee evaluates and decides which risks to take into consideration in order to ensure reasonable internal control over reporting.

Control activities

Axfood’s control activities derive from the most material risks that impact the Group’s reporting. These control activities are defined in the Group’s risk and control matrixes. The matrixes are specified by company and business-critical processes related to the reporting defined by the steering committee. Furthermore, an additional risk and control matrix is implemented to ensure that risks within Group-wide processes are effectively managed.

The control activities are designed according to a structure aimed at detecting and preventing risks of errors in the reporting. This also ensures efficiency and reasonable control in all of the Group’s processes related to financial and sustainability reporting. Examples of control activities include reconciliation of accounts, inventory counts, quality assurance and user access reviews.

Information and communication

All of Axfood’s governance documents are communicated via the Group’s intranet and are updated annually to reflect any changes to internal and external requirements. Guidelines for internal governance and control are announced in accordance with the Group’s communication structure and procedures for governance documents.

The internal control function reports the results of the year to the Audit Committee, primarily focusing on observations, recommendations and mitigating activities.

Monitoring

The Board, through the Audit Committee, is responsible for quality assurance of the Group’s monitoring of internal control. The internal control work, together with the external audit, provides support to the Board and Executive Committee in assessing and identifying material risk areas in the reporting process. This enables the possibility to assess efforts and follow-up initiatives in selected areas. Furthermore, the Group has a central risk management function.

The internal control function is responsible for the results and efficiency of the internal control, which is monitored through self-assessments. Any deviations are reported to the control and process owner to remediate noted deficiencies. The results of the self-assessments and the outcome of the external audit are reported to the Audit Committee and the Board.

Focus areas during 2024

During 2024, Axfood worked to further develop the control framework for sustainability reporting to meet the requirements in the ESRS. In addition, system support was implemented to ensure an effective and secure internal control process in all areas.