Norva24’s internal control framework is governed by the Swedish Companies Act and the Code. Utilising control activities such as segregation of duties, reconciliations, approvals, safeguarding of assets and control over information systems, Norva24’s internal control framework is intended to provide a reasonable assurance that Norva24’s objectives are met with respect to effective and efficient operations, reliable and timely internal and external reporting and compliance with applicable laws and regulations.
The board of directors has the overall responsibility for Norva24’s internal control. The control is formally executed through written rules of procedure which define the responsibilities of the board of directors and the division of these responsibilities between the members of the board of directors, the board committees, and the CEO.
The audit committee has a particular responsibility for the quality and the supervision and control of Norva24’s internal control and risk management in relation to matters regarding compliance and financial reporting.
Internal control framework
Norva24’s internal control procedures cover management, business and support processes. Overall, Norva24’s control environment is intended to secure awareness and action of the board of directors and management.
The control environment is a defence model intended to prevent the Company from overlooking risk factors that could ultimately lead to Norva24 not achieving its business objectives. This includes a process for risk assessment. Norva24’s risk management work shall follow a defined process, consisting of the three steps below:
- Risk identification and assessment
- Internal control requirements
- Self-assessments and reporting
These steps are to be carried out at least annually. The first step in the risk identification and assessment, which shall be initiated annually by the CEO and performed by the management team, is to ensure that Norva24 is aware of the most significant risks affecting its business. The purpose is to identify new risks and update Norva24’s view on already identified risks. Based on the risk identification and assessment performed, internal controls shall be designed to cover the risks where applicable. The internal controls shall be phrased as requirements in order to describe the minimum level of efforts expected to establish an effective internal control environment throughout the different business processes. The effectiveness of the controls is to be assessed by defined persons throughout the organization. The results are to be compiled by the Chief Financial Officer and presented to the audit committee and the Board of Directors annually.
Internal control over financial and other reporting
Norva24’s internal control over financial reporting is designed to promote reliability of internal and external financial and non-financial reporting. Ultimately, this is intended to ensure timely and reliable reporting within external financial reporting, external non-financial reporting, internal financial reporting and internal non-financial reporting. Risks relating to financial reporting are evaluated annually.
Underlying risks are documented by process in a risk and control matrix, which is also used for self-assessment for evaluation of the internal control relating to financial reporting in each country where Norva24 operates. Risks relating to financial reporting are further evaluated by IR and communications function as per Norva24’s internal control framework. Further, risks relating to financial reporting are also discussed with the Company’s external auditors on a regular basis.