Internal control over financial reporting
Sandvik’s finance organization manages a well-established financial reporting process aimed at ensuring a high level of internal control.
The internal control system aligns with the conceptual framework of COSO, which is based on five key components that provide an effective framework for describing and analyzing the internal control system implemented in the organization. The five components are Control Environment, Risk Assessment, Control Activities, Information and Communication and Monitoring and Follow-up. The application of the COSO framework is described below.
Sandvik internal control over financial reporting forms an integral part of the operational system described in The Sandvik Way which also includes risk assessments, policies, procedures and compliance. Sandvik’s Board of Directors is ultimately responsible for the governance of risk management including internal control over financial reporting.
Control environment
The Sandvik Way regulates the governance of the Sandvik Group. It includes delegation of responsibilities, including signatory and authorization principles for decision making and cost approvals, and request and approval procedures in respect to investments and acquisitions, among other items.
The Sandvik Financial Reporting Policies and Procedures govern control over financial reporting. These documents contain detailed instructions regarding accounting policies and financial reporting procedures to be applied by all Sandvik reporting entities.
A Sandvik Financial Internal Control Framework has been developed and includes key components such as well-defined roles and responsibilities, internal control policy and the risk and control matrix which defines a mandatory minimum of control activities that contribute to the mitigation of risks to acceptable levels. The activities include business process controls, IT controls and entity-wide controls focusing on compliance with policies and procedures. The process of rolling-out the common framework to the Sandvik entities is nearly completed in Sandvik Mining and Rock Technology and is well underway in the other business areas and Group functions.
Risk assessment and risk management
The Enterprise Risk Management (ERM) process at Sandvik includes the area of financial reporting. Read more about the Enterprise Risk Management (ERM) program. Key risks noted in local assessments and observations made by Internal and External Audit are also taken into consideration to ensure that adequate controls exist to mitigate these risks.
Control activities
In each legal entity, the finance staff is responsible for accurate accounting and the closing of books. At Group level, Group Control manages the reporting process to ensure the completeness and accuracy of financial reporting and compliance with IFRS requirements. Both statutory and management reporting is conducted in close cooperation with divisions, business areas and Group functions such as Tax, Treasury and Legal to ensure the correct reporting of the income statement, balance sheet, equity and cash flow.
Controllers in the divisions and business areas perform analytical reviews and investigations, conduct business trend analyses and update forecasts. They investigate certain issues related to the financial information as and when needed. All business areas present their financial performance in written reports to the Group Executive Management on a monthly and quarterly basis.
Information and communication
Financial reports setting out the Group’s financial position and the earnings trend of operations are submitted regularly to Sandvik’s Board. Quarterly interim reports are published externally and are supplemented by investor meetings attended by members of the Group Executive Management.
Monitoring and follow-up
Entity management and process owners are responsible for testing the effectiveness of internal controls through self-assessments on a quarterly basis and according to the requirements in the Sandvik Internal Control Framework. The Audit Committee monitors the effectiveness of internal controls related to financial reporting presented by management with potential deficiencies and suggested actions.
The Board reviews all quarterly interim reports as well as the Annual Report prior to publishing.
Internal audit
The Internal Audit function audits the corporate governance, internal control and risk-management procedures. Internal Audit is subordinated to the Audit Committee and the Head of Internal Audit reports to the Audit Committee.
Internal audits include, as a basis, the Group’s policies for corporate governance, risk management and internal control with regard to areas such as financial reporting, compliance with the Code of Conduct and IT. The outputs of the audits include action plans and programs for improvement.
Findings are reported to the Group Executive Management, the business area management and to the Audit Committee.