The Board’s responsibility for internal control is regulated by the Swe- dish Companies Act and the Swedish Corporate Governance Code. Capio’s internal control structure is inspired by the COSO framework. The purpose of this report is to provide shareholders and other inte- rested parties with a description of how internal control is organized at Capio with regard to financial reporting.
A fundamental part of Capio´s framework for internal control over financial reporting is the overall control environment. The basis of Capio’s control environment is the company culture which is reflected in everything we do. The company culture is based on the Capio model, our way of working in order to create value for the benefit of patients and society, and the ethics and values stated in Capio’s Code of Conduct. Extensive management programs on this theme are con- ducted within the Group. For example, 90 Swedish managers and per- sons in key roles took Capio's internal management program with focus on Capio's strategy and the Capio model in 2015.
An important part of Capio’s control environment is the Group poli- cies and guidelines. The Board of Directors has delegated the ongoing work regarding the internal control over financial reporting within the Group to the CEO and the CFO. The CEO and the CFO have determi- ned detailed policies and guidelines regarding how the financial reporting within the Group should be organized and controlled.
Important Group policies that apply to internal control over financial reporting, including authorization rules is Capio Financial Policies and Guidelines (FPG) and Capio Accounting and Reporting Manual (CARMA).
Risks relating to the financial reporting are evaluated and monitored by the Board through the Finance and Audit Committee. The Group per- forms regular risk assessments to identify key risks. Identified risk areas are summarized in Capio’s Financial Policies and Guidelines together with relevant routines on how the risk is to be controlled.
Risks are managed and followed up in line with the control environ- ment that the Group has established. Local risks related to the financial reporting are identified in the course of the normal business and in connection with the external audit.
During 2015, Capio has initiated work in order to formalize the risk- assessment process across the different levels of the organization. The process will be finalized and implemented during 2016.
Control activities performed at Capio include decision and authorization rules, an appropriate assignment of responsibilities, manual and automated controls and verifications and reconciliations. In addition to process level controls, a number of Group-wide control activates are performed. The monthly financial and operational reporting, including follow-up of the Group, represents an important point of control, which also aims at securing that the financial reporting gives a true and fair view of the Group’s financial position and development. The structured budget and forecasting processes are also examples of Group-wide control activities. Furthermore, the monthly reporting process with analysis and comparison to budget is an integrated part of the Capio model including QPIs, KPIs and financial results.
Information and communication
Group policies and guidelines related to the financial reporting are updated regularly, and communicated to relevant employees via app- ropriate channels within the Group. Furthermore, financial managers and controllers for each business area have regular meetings with relevant positions within the Group functions. In connection to these meetings, the fundamental control environment is reviewed and discussed as well as any other issues related to the internal control.
Furthermore, Capio has a communication policy governing both internal and external communication.
Monitoring of internal control over financial reporting is carried out at different levels of the organization. Key functions include the Board of Directors, the Finance and Audit Committee, Group Management, Group finance functions as well as business area and local manage- ment together with local finance functions. The Board of Directors, through the Finance and Audit Committee, is involved in the planning of Group-wide monitoring activities on a yearly basis as part of the internal control plan of the year. Process level controls consist of both formal and informal routines and monitoring is performed locally by managers and process owners.
The overall control environment and implemented control activities for financial reporting are evaluated on a regular basis in terms of a self- assessment process. The self-assessment process is coordinated by the Group support function Group Reporting and Control and carried out by management and finance teams at business area and main unit level. Areas evaluated are compliance with Group policies and guidelines with special emphasis on the Financial Policies and Guidelines and are selected in cooperation with the Finance and Audit Committee based on the risk assessment. The results of the self-assessment are compiled and presented to the Board of Directors, the Finance and Audit Committee as well as the Group Management. Reported results are verified by the Group’s external auditor through interviews and sample testing on a selected number of entities. Group Reporting and Control also verify reported results as an important part of the self-assessment process.
Other Group-wide monitoring activities include a thorough review and follow-up of the monthly financial and operational reporting. Reviews are performed at different levels of the organization, from main unit level to Group level. The Board of Directors receive monthly financial reports from the CFO and the CEO regarding the Group's earnings and financial posi- tion and are involved in the review of all quarterly financial statements, quarterly reports and the Group’s annual report before publication.
The Board involvement in the planning of the Group-wide monitoring activities and the established reporting procedures mentioned above, enables for the Board of Directors to verify that Capio has for- malized routines to ensure that approved principles for financial reporting and internal control are applied, and that Capio's financial reports are produced in accordance with legislation, applicable accounting standards and other requirements for listed companies.
The Board of Directors of Capio has chosen not to establish a separate internal audit function. Based on Capio’s current structure and decentralized organization, it is deemed most efficient that Group level internal control activities are coordinated by CFO and Group Reporting and Control in close collaboration with the Finance and Audit Committee. The need for an internal audit function is regularly assessed by the Finance and Audit Committee.
1 The COSO Framework is a guidance on enterprise risk management, internal control and fraud deterrence developed by the American Committee of Sponsoring Organization of the Treadway Commission.