- that the company has an appropriate and efficient organisation for its business operations
- that the company produces reliable financial statements
- that the company complies with applicable laws and regulations.
The company applies the established COSO (Internal Control – Integrated Framework) framework in its work.
Fabege has a geographically well contained organisation and homogenous operational activities but its legal structure is complex. The business is capitalintensive and is characterised by large monetary flows, including rental income, expenses for project activities, acquisitions/sales of properties and financial expenses.
Overall responsibility for ensuring good internal control and efficient risk management rests with the Board of Directors. To be able to perform its work in an appropriate and efficient manner, the Board has adopted a set of rules of procedure. The Board’s rules of procedure are aimed at ensuring a clear division of responsibility between the Board of Directors (and its committees) and the Chief Executive Officer (and his management team) with a view to achieving efficient risk management in the company’s operations and in financial reporting.
The rules of procedure are updated annually. In 2012, the Board performed its annual review and adopted rules of procedure for the Board, rules of procedure for the Audit Committee and the company’s Code of Conduct. The management team is responsible for designing and documenting and for maintaining and testing the systems/processes and internal controls that are required to manage significant risks in the accounts and the company’s day-to-day activities.
Operational responsibility for internal control rests with the company’s management and with those individuals who by virtue of their roles in the company are in charge of each defined critical process, function or area. The company’s financial reporting is governed by a set of policies and guidelines. The company has defined policies for matters such as funding, environmental issues, equal opportunities and disclosure, accounting policies and instructions for the closing of the accounts and authorisation of payments.
In 2012, Fabege implemented a comprehensive overhaul and update of its policies. All policies were discussed and decided on by Group management. Information concerning resolved policies was also disseminated throughout the organisation. In addition, more detailed guidelines and instructions are reviewed and updated regularly. In May, Fabege formulated its first "communication on progress" on the UN’s Global Compact. Work on developing the company’s sustainability reporting is continuously under way. Sustainability reporting constitutes part of the company’s annual report and, as of 2012, will be examined by Fabege’s auditors.
Risks and critical processes, functions and areas are defined on the basis of the control environment, significant results and balance sheet items as well as significant business processes. The following processes, functions and areas have been defined as critical for Fabege:
- Acquisitions and sales
- New lettings and renegotiations
- Closing of the accounts and reporting
- Valuation of properties
- Rent payments
Fabege conducts annual reviews and evaluations of risk areas for the purpose of identifying and managing risks in consultation the Board and the Audit Committee for review by the auditors.
Critical processes, functions and areas are described and documented in respect of division of responsibility, risks and controls. The necessary instructions, procedures and manuals are produced, updated and communicated to the relevant staff to ensure that they have up-todate knowledge and adequate tools. The measures are aimed at integrating risk management in the company’s day-to-day procedures. Compliance with policies, guidelines and instructions is monitored on an ongoing basis. Employees are given frequent training to ensure that they have required expertise.
In 2012, all of the company’s critical processes were reviewed. Supplementing the external audit performed in 2012, the company also performed an internal assessment of compliance and controls in critical processes. A central controller function supports work on the follow up the operating units – Property Management and Property Development. The control department is in charge of operational reporting. The operating units, Property Management and Projects, have a separate controller function which supplements the central controller function at Group level. Operational reports are prepared monthly and quarterly based on a standardised reporting package and submitted for comments/approval to executives with operational responsibility. Reviews and updates with executives with operational responsibility are made throughout the year. Performance is assessed against budgets and forecasts, which are updated twice a year.
Since 2009, the company has been producing rolling 12-month forecasts. A central function prepares consolidated financial statements and other financial reports in close collaboration with the controller function/operating units and the finance function. This work includes integrated control activities in the form of reconciliation with standalone systems/specifications of outcomes for income and expense items and balance sheet items. Th e company’s operational reporting is developed and improved continuously in terms of content and system support, as well as availability to managers of the various operations.
Information and communication
Management is responsible for informing the staff concerned about their responsibility to maintain good internal control. The company Intranet and briefing sessions are used to ensure that employees are kept up-to-date on the company’s governing policies and guidelines.
Responsibility for external information rests with the Communications department. The company’s Investor Relations activities are based on principles for regular and accurate information in accordance with Nasdaq OMX Stockholm’s Rule Book for Issuers. The aim is to improve knowledge of and build confidence in the company among investors, analysts and other stakeholders. In 2012, work to improve information and access to information on the external website continued.
The communication of information to the market has been improved and clarified. An important development effort was also implemented in respect of the company’s intranet, featuring improvements of both availability and the information content. Particularly emphasis was also placed on improving communication with the company’s customers.
The internal control system also needs to change over time. The aim is to ensure that this is monitored and addressed on an ongoing basis through management activities at various levels of the company, both through monitoring of the individuals responsible for each defined critical process, function and area and through ongoing evaluations of the internal control system.
In addition to financial reporting to the Board, more detailed reports are prepared, at more frequent intervals, in support of the company’s internal governance and control activities. Monthly reports are presented and discussed at meetings of Group management.
The company’s management reports regularly to the Board based on the adopted instructions for financial reporting, which are designed to ensure that the information provided is relevant, adequate, up-to-date and appropriate. The Audit Committee also reports to the Board. It acts as the extended arm of the Board in monitoring the formulation and reliability of financial reports. In addition to familiarising itself the content of and methods used in preparing financial reports, the Audit Committee has studied the way in which the more detailed and frequent internal reporting is used in evaluating and managing different areas of activity, which provides an indication of the quality of the control environment.
The Committee also performs regular reviews and evaluations of internal controls in respect of critical processes and regularly studies the results of the external auditors’ examinations of the company’s accounts and internal controls. The auditors examine the company’s financial reporting in respect of the full year financial statements and review all quarterly interim reports.
The Board regularly evaluates the information submitted by management and the Audit Committee. Of particular significance is the Audit Committee’s task of monitoring management’s work on developing the internal controls and of ensuring that measures are taken to address the proposals and any problems that have been identified in the course of examinations by the Board, Audit Committee or auditors.
The Board of Directors has informed itself through its members and through the Audit Committee on risk areas, risk management, financial reporting and internal control and has discussed risks for errors in financial reporting with the external auditors.
In the course of its work on examining and evaluating internal control in respect of critical processes in 2012, the Audit Committee found no reason to alert the Board’s to any signifi cant issues in respect of internal control or financial reporting.
To supplement the external auditing activities, Fabege is working to facilitate internal evaluations of critical processes. As a result of this work, and in view of the homogenous and geographically limited nature of the company’s activities and its simple organisational structure, the Board has not found reason to set up a separate internal audit unit.
The Board believes the monitoring and examination described above, coupled with the external audits, are sufficient to ensure that effective internal control in respect of financial reporting is maintained.