AAK Annual Report 2019

118 by clear division of responsibilities and effective and established management and control systems, covering all units within AAK. The basis for the internal control relating to financial reporting consists of an overall control environment in which the organization, decision-making routes, authorities and responsibilities have been documented and communicated in management documents, such as AAK’s financial policy, raw material purchasing policy, the manual on financial reporting and the authorization rules set by the CEO. AAK’s finance functions are integrated through a joint consolidation system and joint accounting instructions. The Group’s finance unit works closely and effectively with the controllers of subsidiaries in relation to year-end financial statements and reporting. As a supplement to the internal control, under a specific plan, an annual audit of some units in the Group is carried out on a rotating basis by the Group’s central Finance Department, in collaboration with an inde- pendent international accounting firm. AAK has decided not to set up a separate review function (internal audit), as the functions mentioned above fulfil this task well. All of AAK’s subsidiaries report on a monthly basis. These reports form the basis for the Group’s consolidated financial reporting. Each legal unit has a controller who is responsible for the financial management of each business area, and for ensuring the financial reports are correct, complete and delivered in time for consolidated reporting. Risk assessment and risk management Through its international presence, the AAK Group is exposed to a number of different risks. Risk manage- ment within the Group is run in accordance with fixed policies and procedures, which are reviewed annually by AAK’s Board. Risks relating to commodities are managed using the Group’s raw material purchasing policy. Risks relating to currency, interest and liquidity are mainly governed by AAK’s finance policy. The Group’s credit policy directs the management of credit and contract risks. Effective risk management unites operational business development with the requirements of owners and other stakeholders for improvements in control and long-term value. Risk management aims to minimize risks, but also to ensure that opportunities are utilized in the best possible way. Risk management covers the following areas of risk: strategic risks relating to the market and sector, commercial, operational and financial risks, compli- ance with external and internal regulatory frameworks and financial reporting. The main components of risk assessment and management are identification, eval- uation, management, reporting, follow-up and control. For further information about AAK’s risk management, please see Note 3. Control activities The risks identified relating to financial reporting are handled via the company’s control activities. These control activities aim to prevent, identify and correct errors and discrepancies. Control activities take the form of manual controls, such as reconciliation and stocktaking, automatic controls via the IT systems and general controls of the underlying IT environment. Detailed financial analyses of the result and follow-up against budgets and forecasts supplement the opera- tion-specific controls and provide overall confirmation of the quality of the reporting. Information and communication To ensure the completeness and accuracy of its financial reporting, the Group has adopted guidelines for information and communication aimed at ensuring relevant and significant exchange of information within business operations, both within each unit and to and from management and the Board. Policies, handbooks and working practices relating to the financial process are communicated between the management and employees, and are available in electronic format and/ or printed format. The Board receives regular feedback on internal control from the Audit Committee. To ensure that external information is correct and complete, AAK has a communication policy adopted by the Board, which states what is to be communicated, by whom and in what way. Follow-up The effectiveness of the process for risk assessment and execution of control activities is followed up contin- uously. The follow-up covers both formal and informal