AAK Annual Report 2020

AAK Annual Report 2020 120 and risk management relating to financial reporting are organized in a separate section of this Corporate Governance Report. Internal control relating to financial reporting is a process involving the Board, the company management team and personnel. The process has been designed to ensure the reliability of external reporting. According to the commonly accepted framework established for this purpose, internal control is usually described from five differ- ent aspects, which are described below. The control environment forms the basis for internal management and control. Risk assessment and risk management mean that the management is aware of and has itself assessed and analyzed risks and threats to operations. Control activities are the measures and procedures designed by the management to prevent errors from arising and for discovering and correcting errors that do arise. In order for individual tasks to be carried out in a satisfactory manner, the personnel in an organ- ization need to have access to current and relevant information. The final module of the model relates to follow-up of internal management and the design and effectiveness of controls. Control environment AAK’s organization is designed to facilitate quick deci- sion-making. Operational decisions are therefore made at business area or subsidiary level, while decisions about strategies, acquisitions and overriding financial issues are taken by the company’s Board and Group management team. The organization is characterized by clear division of responsibilities and effective and established management and control systems, cover- ing all units within AAK. The basis for the internal control relating to financial reporting consists of an overall control environment in which the organization, decision-making routes, authorities and responsibilities have been documented and communicated in management documents, such as AAK’s financial policy, raw material purchasing policy, the manual on financial reporting and the authorization rules set by the CEO. AAK’s finance functions are inte- grated through a joint consolidation system and joint accounting instructions. The Group’s finance unit works closely and effectively with the controllers of subsid- iaries in relation to year-end financial statements and reporting. As a supplement to the internal control, under a specific plan, an annual audit of some units in the Group is carried out on a rotating basis by the Group’s central Finance Department, in collaboration with an independent international accounting firm. AAK has decided not to set up a separate review function (inter- nal audit), as the functions mentioned above fulfil this task well. All of AAK’s subsidiaries report on a monthly basis. These reports form the basis for the Group’s consolidated financial reporting. Each legal unit has a controller who is responsible for the financial man- agement of each business area, and for ensuring the financial reports are correct, complete and delivered in time for consolidated reporting. Risk assessment and risk management Through its international presence, the AAK Group is exposed to a number of different risks. Risk man- agement within the Group is run in accordance with fixed policies and procedures, which are reviewed annually by AAK’s Board. Risks relating to commodities are managed using the Group’s raw material pur- chasing policy. Risks relating to currency, interest and liquidity are mainly governed by AAK’s finance policy. The Group’s credit policy directs the management of credit and contract risks. Effective risk management unites operational business development with the requirements of owners and other stakeholders for improvements in control and long-term value. Risk management aims to minimize risks, but also to ensure that opportunities are utilized in the best pos- sible way. Risk management covers the following areas of risk: strategic risks relating to the market and sector, commercial, operational and financial risks, compli- ance with external and internal regulatory frameworks and financial reporting. The main components of risk assessment and management are identification, eval- uation, management, reporting, follow-up and control. For further information about AAK’s risk management, please see Note 3. Control activities The risks identified relating to financial reporting are handled via the company’s control activities. These control activities aim to prevent, identify and correct errors and discrepancies. Control activities take the form of manual controls, such as reconciliation and stocktaking, automatic controls via the IT systems and general controls of the underlying IT environment. Detailed financial analyses of the result and follow-up against budgets and forecasts supplement the opera- tion-specific controls and provide overall confirmation of the quality of the reporting.