The five components of the framework laid down by the Committee of Sponsoring Organizations of the Tradeway Commission (COSO) constitute the basis for the description of PA Resources’ internal control and risk management with regard to financial reporting.
PA Resources is a decentralised organisation with 131 employees in the Group, nine of which were employed in the Parent Company as of 31 December 2009. The division of responsibility
within the Group has been clearly established and the Group has built-in controls; consequently, there is deemed to be no need for a separate internal audit function. Internal control and performance monitoring occur at various levels within the Group, including at subsidiary level and at Group level.
Control environment
Internal control covers all companies within PA Resources and includes control of the accuracy and reliability of reporting, the promotion of efficiency and ensuring that given procedures and policies are complied with.PA Resources has established policies and routines, such as the formal work plan for the Board, instructions for the President, instructions for financial reporting and authorisation rules. Rules are also in place for decision-making with regard to costs, investments, customer contracts, etc.
Reporting instructions exist to support relevant reporting that follows the organisation’s structure. All subsidiaries report quarterly – both legal and operational reporting – in accordance with a standardised reporting procedure. Each company consolidates its units and reports to PA Resources AB. This reporting forms the basis for the Group’s consolidated reporting. PA Resources’ accounting guidelines and principles follow IFRS, which ensures uniform and stringent financial reporting.
A personnel policy is in place which shall ensure that the necessary measures are undertaken to ensure that the employees have the expertise required for their respective positions. Procedures and templates for employment, training, evaluation and promotion as well as remuneration and job descriptions are defined and documented..
Risk assessment
PA Resources is exposed to a number of different risks, both externally and internally. Risk management and risk assessment are based on identifying and analysing the company’s risks. Risk management forms part of the planning process, in order to ensure that the results of this are taken into account in business plans, objectives and measures. Overall risk assessments
are continuously carried out and where appropriate lead to specific measures to manage existing risks. Read more about PA Resources’ risks and risk management on pages 16-17 and in Note 31, Financial risks.
Control activities
Control activities comprise routines and procedures that ensure that the management directives are executed and set control targets are achieved to manage significant risks. Control activities are carried out throughout the organisation, at all levels and in all functions. The activities include approval, the granting of permission, verification, reconciliation, performance followup and the division of tasks. Furthermore, all subsidiaries have an independent financial and accounting organisation, which ensures inter alia that control procedures are followed, that the Group’s guidelines, handbooks and policies are complied with and that the financial reports are accurate, complete and delivered on time.
Information and communication
Appropriate information and communication are essential if internal control systems are to be able to function well. PA Resources has communication paths to help employees carry out their duties as effectively as possible. The relevant employees in the Group have access to current policies, instructions, guidelines, handbooks, etc. Information systems supply reports that improve opportunities to conduct and control operations.
Follow-up
Follow-up is an integral part of operating activities. Supervision forms part of the management’s and the individual managers’ ordinary work activities and the activities that employees undertake when they carry out their work. Staff are required to report deficiencies in internal control to their line manager, and serious deficiencies shall be reported to the President and the Board. Financial reporting pertaining to interim reports and annual accounts as well as internal control are also quality assured by reviews conducted by the company’s external auditors at both subsidiary and Group levels.
.