Intern kontroll och övervakning

This report on internal control and monitoring has been prepared in accordance with the Swedish Corporate Governance Code and has been reviewed by the Company's auditor.

Back in 2010, the Group selected the COSO framework as a basis for internal control. The COSO framework was issued by the Committee of Sponsoring Organisations of the Treadway Commission. The framework consists of five components:

  • Control environment,
  • Risk assessment,
  • Control activities,
  • Information and communication,
  • Monitoring.

Since then, Internal Control is a permanent function within the Group.

Control environment

The Board has the overall responsibility to ensure that the Group's system for management and internal control is effective. The Group's internal control system includes policies for measurement, acquisition and protection of assets, controlling the accuracy and reliability of reports, and ensuring compliance with defined guidelines. The policies and guidelines are the foundation for appropriate internal control.

The Board has also ensured that the organisational structure is logical and transparent, with clear roles, responsibilities and processes that facilitate the effective management of operational risks and enable the Group to fulfil its goals. This process includes the evaluation by the Board of the business performance and results through reports that contain results, forecasts and targets. Also, the Board reviews the interim and annual reports before they are presented externally.

The Audit Committee (composed of board members) monitors effectiveness of internal controls, considers critical questions regarding accounting and regulatory compliance. The Group's auditor is invited to participate in the regular meetings of the Audit Committee. The Group Risk and Compliance Director is also regular invitee to the Audit Committee meetings, in his position of head of internal control, in order to present the latest developments on internal controls, related policies, procedures and to formally request approval of the Audit Committee, where relevant.

For each business area and corporate function, the Chief Financial Officer has appointed a Vice President Finance, who is responsible for the implementation and maintenance of internal control processes, as well as for reporting in accordance with Group guidelines and ensuring compliance with local laws and regulations. In addition, Internal Control Managers for each business area coordinate and verify internal control in their area of responsibility, under the supervision of the Group Risk and Compliance Director.

Since 2011, the Group has deployed an internal control software platform, allows real time monitoring, as well as the storage of historical data.

Finance Managers of each entity are in charge of implementation and documentation of the internal controls. Internal Control Managers, Regional Finance Directors, the Vice Presidents Finance of functions and business areas are in charge of verifying internal controls implemented locally.

Furthermore, in order to further strengthen the attention to risk and compliance matters within the organisation, Oriflame has appointed a Vice President Group Risk and Compliance since 2013.

Risk assessment

As for controls related to the financial area, the major risk areas for material misstatements in the financial reporting were already in 2009 defined as follows: inventory, cash and bank, credit process, sales, performance discount and bonuses, and information technology system. These financial reporting risks were addressed during 2011, as well as together with two additionally identified financial risks: Accounts payables and risks related to the hedging function of the Treasury department. In 2012, the Group has added legal compliance and fixed assets control processes to the management of risks related to corporate integrity.

In 2013, the management of risks related to the hedging function of the Treasury department was further addressed by implementing a dedicated control process. In addition, all the relevant control processes already in force in the sales entities were extended to the manufacturing entities and to the main trading branch.

In 2014, the Group implemented internal control processes for Tax reporting & Consolidation, as well as expanded the scope and depth of Treasury-related controls.

Control activities

A process description follows the logical structure of the business and reporting flow, with a clear definition of steps and related key controls. It also assigns responsibilities to different positions involved in the process and states the reasons for the control.

The key controls encompass the controls that are most critical to the integrity of financial statements. Non-key controls are also in place for risks that may not affect the financial statements, but are critical to the good execution of operations.

The Vice Presidents Finance monitor the operations by performing analytical controls such as follow-up on forecasts and budgets, analysis of results and balance sheet items, business reviews and commentaries on markets' and functions' (supply, marketing) performance. The result of this work is periodically reported to management and group functions concerned. The functional departments regularly monitor their respective areas of responsibility in order to identify potential risks and errors.

Information and communication

The Group maintains information and communication channels intended to ensure the effective provision of accurate information regarding financial information. Policies and guidelines on financial reporting are revised and updated continuously and are made available internally on the Group's intranet and via memorandums and internal meetings. There are also formal and informal information channels that enable employees to communicate important information to relevant recipients.

A policy for communication and information with external parties is in place on the Group's intranet to ensure that accurate and appropriate information is provided to external parties.

The control process descriptions, internal controls and documentation are available to the relevant employees through the Internal Control software platform.

Monitoring

The internal control system is continuously monitored at group level by the Group Risk and Compliance Director, and pending matters or concerns are addressed to the relevant personnel immediately. If an internal control is not implemented or if the documentation is not relevant, the Finance Manager in charge is asked to perform or correct the control procedure and provide new or relevant evidence. Internal control managers are also involved in the continuous improvement of the internal control system, along with the Group Risk and Compliance Director.