Internal control

The processes for internal control, risk assessment, control activities and monitoring regarding financial reporting are designed to ensure reliable overall and external financial reporting in accordance with International Financial Reporting Standards (IFRS), applicable laws, regulations and other requirements for listed companies on the Nasdaq Stockholm exchange. This process involves the Board, executive management and other personnel.

Control environment

In addition to the Board’s rules of procedure and instructions to the CEO and board committees, there is a clear division of roles and responsibilities for effective management of operational risks. The Board also has a number of established basic guidelines, which are important for its work with internal control activities. This includes control and follow-up of results as compared to plans and prior years. The Audit Committee assists the Board in overseeing various issues such as internal audit and accounting policies applied by the Group. Responsibility for maintaining an effective control environment and internal control over financial reporting is delegated to the CEO. Other managers at various levels in the company have respective responsibilities. The executive management regularly reports to the Board according to established routines and in addition to the Audit Committee’s reports. Defined responsibilities, instructions, guidelines, manuals and policies, together with laws and regulations, form the control environment. All employees are accountable for compliance with these guidelines.

Risk assessment and control activities

The company has prepared a model for assessing risks in all areas, in which a number of parameters are identified and measured. These risks are reviewed regularly by the Board and the Audit Committee, and include both the risk of losing assets as well as irregularities and fraud. Designing control activities is of particular importance to enable the company to prevent and identify shortcomings. The important areas are purchasing, logistics, and inventory processes, technical development and performance of the web platform, as well as general IT security.

Information and communication

Important guidelines, manuals and the like that are significant to financial reporting are regularly updated and distributed to the employees concerned. There are formal as well as informal information channels to the executive management and Board for information from employees that is considered significant. Guidelines for external communication ensure that the Company applies the highest standards for providing accurate information to the financial market.

Follow-up

The Board continuously evaluates the information submitted by company management and the Audit Committee. The Board receives regular updates of the Group’s development between the meetings. The Group’s financial position, strategies and investments are discussed at every Board meeting. The Audit Committee reviews the quarterly reports prior to publication. The Audit Committee is also responsible for following up internal control activities. This work includes ensuring that measures are taken to deal with any discrepancies and proposed measures emerging from the internal and external audits. The company has an independent internal audit function responsible for the evaluation of risk management and internal control activities. Internal auditing is performed by a third party, whose work includes scrutinising the application of established routines and guidelines. The internal audit function plans its work in cooperation with the Audit Committee and reports the results of its reviews to the Audit Committee. The external auditors participate in the regular meetings of the Audit Committee.