The board of directors’ responsibility for internal control is governed by the Swedish Companies Act and the Swedish Annual Accounts Act (1995:1554). Information about Catella’s internal control and risk management system and measures taken by the board of directors to ensure effective internal control must be disclosed each year in Catella’s corporate governance statement.
Catella’s corporate governance statement. Catella’s internal control process is based on the COSO framework developed by the Committee of Sponsoring Organizations of the Treadway Commission. The process was designed to ensure adequate risk management including reliable financial reporting in compliance with IFRS, applicable laws and regulations and other standards that must be applied by companies listed on Nasdaq Stockholm and which are the parent company in a consolidated financial situation. This work involves the board of directors, group management and other staff.
The board of directors has adopted policy documents that govern the roles and allocation of responsibilities between the CEO and the board of directors. The board of directors monitors and assures the quality of internal control in accordance with the board charter. In addition, the board has adopted a number of fundamental guidelines that govern risk management and internal control processes. These include risk assessment, mandatory control activities to manage the most material risks, an annual plan for internal control performance, self-assessment and reporting. The control environment within Catella encompasses these responsibility and authority, along with laws and regulations. All employees are responsible for compliance with adopted policy documents.
Group management performs a comprehensive risk analysis each year, which identifies macroeconomic, strategic, operational, financial and compliance risks. Risks are evaluated based on estimated probability and impact, as well as the effectiveness of established measures to manage the risks.
The structure of control activities is profoundly important to Catella’s work to manage risks and assure internal control. Control activities are linked to the company’s business processes and each unit ensures that control activities are executed in compliance with established standards.
Information and communication
Guidelines, instructions and manuals pertinent to financial reporting are communicated to relevant employees via the group’s intranet. The board receives regular financial reports covering the group’s financial position and profit trend. The company holds meetings at the management level and, thereafter, at the level each unit considers appropriate. A corporate communications policy has been adopted by the board of directors concerning external information, which was designed to ensure that the company complies with requirements for disclosure of accurate information to the market.
The board of directors continuously evaluates the information provided by group management. Catella’s financial position and investments and ongoing operations within Catella are discussed at all board meetings. The board of directors is also responsible for monitoring internal control. This work includes ensuring that measures are taken to correct any shortcomings, as well as following up on recommended actions noted in connection with the external audit, and, with regard to the consolidated financial situation, also from internal audit, the risk management function and the compliance function, which are further described below. The company performs an annual selfassessment of its risk management and internal control performance. This process involves self-assessment of the effectiveness of control activities each year for all operational business processes in each reporting unit. The CFO is responsible for the selfassessment. The board of directors is informed of the key conclusions of the assessment process, as well as any actions concerning the company's internal control environment.
Internal control and monitoring in the consolidated financial situation
Several subsidiaries of the group conduct operations that are regulated by the financial supervisory authority in their respective jurisdictions. Parts of the group thus constitute a consolidated financial situation that is subject to applicable regulations, which require the establishment of control functions. In respect of the consolidated financial situation, the board of directors of Catella AB has appointed risk management, compliance and internal audit functions that regularly report to the board and the CEO. In respect of companies outside the consolidated financial situation, the board has judged that internal audit is not necessary at present. The regulations applicable to subsidiaries affect their organisations and structures.
In companies within the consolidated financial situation there are, for example, risk management, compliance and internal audit functions that are independent of business operations and report to the respective subsidiary’s managing director, directly to the board of directors and to the heads of each function in the group’s consolidated financial situation. Group management is represented on the boards of directors of subsidiaries and reports to the board of directors of the parent company. Subsidiary boards also include independent directors.
A corporate whistleblowing function gives all employees a means to anonymously report serious wrongdoing that conflicts with Catella’s values, business ethics, policies or the law. The purposes of this function include to uphold good ethics and prevent irregularities within Catella to the benefit of the company's employees, clients, suppliers and owners. No issues were reported to Catella’s whistleblowing function during 2018.
Compliance with the Swedish Corporate Governance Code
As a Swedish limited liability company listed on Nasdaq Stockholm, application of the Swedish Corporate Governance Code (the Code) began at Catella on 19 December 2016. Catella is obliged to follow the Code’s principle of “comply or explain” and has not deviated from the Code in 2018.