Policies

The Board is responsible for establishing the most important rules and guidelines for internal control.

Internal control

The responsibility of the Board of Directors and CEO regarding internal control is regulated by the Swedish Companies Act. The responsibility of the Board is also regulated by the Code and the Annual Accounts Act which also includes requirements on the annual provision of information externally regarding how internal control is organized vis-à-vis financial reporting.

The principal purpose of internal control is to ensure the achievement of Company's targets for appropriate and efficient operations, reliable reporting and adherence to applicable legislation and regulations. Internal control relating to financial reporting serves to provide reasonable assurance regarding the reliability of external financial reporting and to ensure that external financial reports are prepared in accordance with legislation and applicable accounting standards.

Control environment

The Board of Directors bears the overall responsibility for internal control regarding financial reporting. To establish and maintain a functioning control environment, the Board of Directors has adopted a set of basic documents that have a bearing on financial reporting. In particular, these include the rules of procedure of the Board of Directors and the instructions for the CEO. The Board of Directors in its entirety performs the duties of the audit according to adopted instructions which principal purpose is to ensure that the established principles for financial reporting and internal control are complied with and that appropriate relations are maintained with the Company's auditors. The responsibility for maintaining an effective control environment and for ongoing internal control efforts regarding financial reporting is delegated to the CEO. The CEO regularly reports to the Board of Directors in accordance with established procedures.

The internal control structure is also built on a management system based on the Company's organisation with clearly defined financial roles, areas of responsibility and delegated authority. Operational decisions are made at the Company or business area level while decisions regarding strategy, overarching financial matters, acquisitions and major investments are made by the Company's Board and Group management. Control documents addressing accounting and financial reporting represent crucial components in the control environment with regard to financial reporting. These documents are updated regularly in connection with changes in, for example, accounting standards and legislation.

Risk assessment

The Group conducts continuous risk assessment to identify key risks relating to business of the Company and the financial reporting. The Board and the Company continuously work with a system for monitoring and control of the risks which the Group is exposed to. With regard to financial reporting, risk is primarily judged to involve significant errors in the accounts; for example with regard to the reporting and valuation of assets, liabilities, revenues and costs or other discrepancies. Fraud and losses through embezzlement represents other risks. Risk management is built into all processes and various methods are used to assess and limit risks and to ensure that the risks to which GARO is exposed are managed in accordance with established policies, instructions and follow-up procedures designed to reduce possible risks and to promote correct accounting, reporting and information.

Control activities

The risks identified with regard to financial reporting are managed through the Company's control activities, such as authorization controls in IT systems and signature authentication.

The control structure includes clear organizational roles that enable an efficient division of responsibilities for specific control activities serving to uncover or prevent the risk of errors arising in reports. The continuous analysis of financial reporting, alongside the analysis conducted at Group level, is highly important in ensuring that financial reports are free of material errors. The Group's controller organization plays a key role in the internal control process, which is responsible for ensuring that financial reports from each unit are submitted correct, complete and on time.

Information and communication

The Group maintains channels of information and communication that serve to safeguard completeness and accuracy in financial reporting. Policies, guidelines and internal instructions regarding financial reporting are available in electronic and printed format. The employees concerned are given access to and are notified of regular updates and messages regarding changes in accounting principles, reporting requirements or other provision of information.

Follow-up, evaluation and reporting

The CEO is responsible for internal control being organised and followed up in accordance with the guidelines adopted by the Board of Directors. The CEO is responsible for ensuring that independent and objective reviews are conducted with the aim of systematically assessing and proposing improvements to the Group's processes for governance, internal control and risk management. Financial control is exercised by the Group finance function. The Group's management reviews results on a monthly basis, analysing deviations from budget, forecasts and comparative data from the preceding year; all monthly accounts are discussed with the management. The Board of Directors receives monthly financial reports and follows up on financial reporting at each of its meetings. The Board of Directors and Group management review financial reporting ahead of the publication of the annual report. An audit is carried out of the accounts for the period January-September, known as 'hard close', as well as of the annual accounts.