Internal control

Internal control over financial reporting

Alleima’s processes for internal control, risk assessment, control activities, information and communication, and monitoring regarding the financial reporting are designed to ensure reliable overall financial reporting and external financial statements in accordance with IFRS, applicable laws and regulations and other requirements. Alleima’s Board of Directors is ultimately responsible for the governance of risk management including internal control over financial reporting. The Alleima Audit Committee are to oversee and examine the internal control program, this is done by regularly reviews and evaluation of the adequacy of the internal control framework. The CEO and the Group Executive Management have the ultimate responsibility for internal controls within their areas of responsibility. Alleima’s risk management including internal control forms an integral part of the operations, described in The Alleima Way, which also includes risk assessments, policies, procedures and compliance.

Risk assessment and risk management

The Enterprise Risk Management (ERM) process at Alleima ensures that risk assessment is conducted regularly through-out the organization, i.e. the Group, the divisions, the business units and Group functions, including finance and IT. Key risks noted in the assessments and observations made by internal and external audit are taken into consideration in the design of Alleima’s internal control framework to ensure that adequate controls exist to mitigate these risks.

Control activities

Based on the identified risks, the internal control framework is designed in different control perspectives covering financial reporting - ICFR (Group function and Alleima entities) and IT general controls. Each control perspective has an appointed lead within the organization that is overall responsible to ensure that internal controls are performed as decided. For internal control and financial reporting, every entity and Group function has an appointed local entity internal control lead responsible for monitoring and managing the internal control set-up.

Information and communication

The result of the internal controls performed, as well as identified deficiencies, analysis and action plans are included in the CFO report which is part of the agenda for the Audit Committee meetings.

Monitoring and follow-up

Monitoring and self-assessments according to the requirements in the internal control framework are performed periodically to ensure that risks are properly mitigated. Results of the self-assessment testing of controls including test evidence are to be reported and any identified internal control deficiency requires an action plan with the purpose to remediate ineffective controls.

Internal audit

The Group internal audit is an independent and objective assurance function with the purpose of ensuring that Alleima’s operating model is designed and operating effectively. It assists Alleima in accomplishing its strategic objectives by bringing a systematic, disciplined and risk based approach to evaluate and contribute to the effectiveness of Alleima’s governance, risk management and internal controls. Moreover, the Group internal audit adds value to Alleima’s operations by providing recommendations for possible improvements.

The Group internal audit assignments are to be conducted according to a risk-based internal audit plan developed annually and approved by the Audit Committee. The audit plan is derived from an independent risk assessment conducted by the Group internal audit to identify and evaluate risks associated with the execution of the Company’s strategy, operations and processes. The audits are to be executed using a methodology for evaluating the design and effectiveness of internal controls to ensure that risks are adequately addressed and processes are operating efficiently. Opportunities for improving the efficiency in the governance, internal control and risk management processes identified in the internal audits are reported to management for action. A summary of the audit results is provided to the Audit Committee, as is the status of management’s implementation of agreed action plans to address findings identified in the audits. The Head of Group Internal Audit reports administratively to the CFO and functionally to the Audit Committee.