Internal control and financial reporting

The Board’s responsibility for internal governance and control is regulated in the Swedish Companies Act, the Annual Accounts Act and the Swedish Corporate Governance Code. The Annual Accounts Act requires that the company, each year, describes its system for internal control and risk management with respect to financial reporting. The purpose of these requirements is to create an internal framework for governance and control to reduce the risk of error in the financial reporting. Essity’s processes for internal control of financial reporting is based on the model and principles developed by the Committee of Sponsoring Organisations of the Treadway Commission (COSO).

Control environment

A good control environment requires clarity in relation to decision-making paths, powers and accountability, in addition to a corporate culture characterized by strong values and awareness among employees of their role in maintaining good internal control. The Board of Directors has the overall responsibility for ensuring effective internal control and has, inter alia, adopted Group-wide internal rules for the purpose of establishing a foundation for a good corporate culture and to assure the quality of the financial reporting. In this context, Essity’s Code of Conduct is an important steering document in issues concerning ethics, morality and regulatory compliance, and employees regularly receive information and training regarding the Code. Other significant steering documents for the control environment include the Finance Policy, Internal Control Policy, Communications Policy and Information Security Policy. Essity’s Financial Reporting Manual is particularly important for the Group’s financial reporting procedures as it contains a number of specific instructions and guidelines that are specially designed to ensure the quality of the financial reporting. Important steering documents are published in a separate database (Global Management System, GMS) that also contains a process for annual updates to the documents.

Risk assessment

Risks relate to material errors in the financial reporting that may arise, such as incomplete disclosures, valuation issues, the reporting process and correctness. Risks also include loss of assets, unduly favoring a third party and misappropriation.

Risks related to the financial reporting are evaluated and monitored by the Board via the Audit Committee, where an annual risk assessment is conducted. The risks that are identified and may result in material errors also form the basis for internal control activities that proactively manage these risks. Clear guidelines for accountability and the division of work also form a component of risk prevention efforts. Furthermore, measures are continuously taken to improve business processes and thus reduce risks.

Control activities

Significant instructions and guidelines related to financial reporting are prepared and updated regularly by the Group Function Finance and are easily accessible on the Group’s intranet. The Group Function Finance is responsible for ensuring compliance with instructions and guidelines. Process managers at various levels within Essity are responsible for carrying out the necessary control measures with respect to financial reporting. An important role is played by the business unit’s controller organizations, which are responsible for ensuring that financial reporting from each unit is correct and complete, and is conducted within the specified time. In addition, each business unit has a Finance Manager with responsibility for the individual business unit’s financial reporting. The company’s control activities are supported by the budgets prepared by each business unit and updated during the year through continuous forecasts. Essity has a standardized system of control measures involving processes that are significant to the company’s financial reporting. These measures include company-wide controls related to the Code of Conduct, process controls and IT controls. Self-assessments are carried out based on a selection of critical controls for the respective operations in order to assess the effectiveness of the internal control and governance.

Information and communication

Financial reporting to the Board

The Board’s working procedures stipulate which reports and information of a financial nature are to be submitted to the Board at each scheduled meeting. The President, together with the Chairman, ensures that the Board receives the reports required to enable the Board to continuously assess the company’s and Group’s financial position. Detailed instructions specifically outline the types of reports that the Board is to receive at each meeting.

Internal reporting

Ahead of each interim report, the company’s finance department prepares detailed instructions regarding deadlines, changes to accounting policies and other circumstances of significance for reporting to ensure the quality of the financial statements. Furthermore, the company has a process and technical system support to limit the risk of price-sensitive information being leaked in conjunction with the submission of financial information ahead of the issue of interim reports.

Accounting and reporting for the majority of units is carried out by Essity’s Shared Service Center, which ensures efficient and uniform reporting.

External financial reporting

The quality of external financial reporting is guaranteed via a number of actions and procedures. The President is responsible for ensuring that all information issued, such as press releases with financial content, presentation material for meetings with the media, owners and financial institutions, is correct and of a high quality. The responsibilities of the company’s auditors include reviewing accounting issues that are critical for the financial reporting and reporting their observations to the Audit Committee and the Board of Directors. In addition to the audit of the annual accounts, a review of the half-year report and of the company’s administration and internal control is carried out.

Monitoring activities

Essity’s Board of Directors, through the Audit Committee, as well as the corporate management continuously assesses the effectiveness of the processes applied by the company with respect to the internal control of the financial reporting. Of particular importance to this assessment are the reports submitted by the internal audit and feedback from the company’s external auditor.

The company has a structured process within the scope of its day-to-day operations for monitoring significant observations from internal control or internal audit. Such observations and the status of measures taken to address these are regularly reported to corporate management and to the Audit Committee.

The results of the self-assessment in control activities are compiled in a list of activities that require resolution. The internal control and governance department lead these monitoring activities. To ensure the quality of the self-assessment, internal control conducts it own testing of control activities and reports the results to the units, the internal control and governance department, corporate management and the Audit Committee.

The external auditor also carries out testing of internal control and governance within the scope of its audit. The results are shared with corporate management, the internal control and governance department and the Audit Committee.