Report on internal control

Internal control is a process that is influenced by the Board of Directors, the Executive Management Team and the company’s employees and that has been designed to provide a reasonable assurance that the company’s goals are achieved in the follow categories:

  • that the company has an appropriate and efficient organisation for its business operations
  • that the company produces reliable financial statements
  • that the company complies with applicable laws and regulations.

The company applies the established COSO (Internal Control – Integrated Framework) framework in its work.

Control Environment

Fabege has a geographically well contained organisation and homogeneous operational activities but its legal structure is complex. The business is capital-intensive and is characterised by large monetary flows, including rental income, expenses for project activities, acquisitions/sales of properties and financial expenses. Overall responsibility for ensuring good internal control and efficient risk management rests with the Board of Directors. To be able to perform its work in an appropriate and efficient manner, the Board has adopted rules of procedure. The Board’s rules of procedure are aimed at ensuring a clear division of responsibility between the Board of Directors (including committees) and the CEO (and the Executive Management Team) with a view to achieving efficient risk management in the company’s operations and in financial reporting. The rules of procedure are updated annually.

In 2014, the Board performed its annual review and adopted rules of procedure for the Board, rules of procedure for the Audit Committee and the company’s Code of Conduct. The Executive Management Team isresponsible for designing and documenting, and for maintaining and testing, the systems/processes and internal controls that are required to manage significant risks in the accounts and the company’s day-to-day activities. In addition to the company’s CEO and Executive Management Team, the operational responsibility for internal control rests with those individuals who by virtue of their roles in the company are in charge of each defined critical process, function or area. The company’s financial reporting is governed by a set of policies and guidelines. There are defined policies for matters such as funding, environmental issues, equal opportunities, communication, accounting policies and instructions for the closing of the accounts and authorisation of payments.

In 2014, a comprehensive evaluation and update of Fabege’spolicies was implemented. All policies were discussed and decided on by the Executive Management Team. Information concerning resolved policies was also disseminated throughout the organisation. In addition, more detailed guidelines and instructions are reviewed and updated regularly. In May, Fabege issued its annual Communication on Progress Report to the UN Global Compact. Work on developing the company’ssustainability reporting is conducted continuously. Sustainability reporting constitutes part of the company’s annual report and has been reviewed by the company’s auditors since 2012.

Risk Assessments

Risks and critical processes, functions and areas are defined on the basis of the control environment, significant results and balance sheet items as well as significant business processes. The following risk areas have been defined as critical for Fabege:

  • Risk area Property Management: The processes for new letting, renegotiationand rent payments. Customer relations and customer satisfaction and the risk of rent losses.
  • Risk area Technical Operation: Technical work environment, physical buildings and environment.
  • Risk area Projects: Project implementation and procurement/purchasing.
  • Risk area Valuation and Transactions.
  • Risk area Financial Control and Finance: Liquidity risk, interest rate risk, financial information and taxes.
  • Risk area Communication: Information management, business ethics and IT.

Control activities

Critical processes, functions and areas are described and documented inrespect of division of responsibility, risks and controls. The necessary instructions, procedures and manuals are produced, updated and communicated to the relevant staff to ensure that they have up-to-date knowledge and adequate tools. The measures are aimed at integrating risk management in the company’s day-to-day procedures. Compliance with policies, guidelines and instructions is monitored on an ongoing basis. Employees are given frequent training to ensure that they have the required expertise. All critical processes are reviewed regularly and, during 2014, a selection of the company’s critical processes was subject to special review. To supplement the external audit, the company also performed an internal assessment of compliance and controls in a selection of significant processes during 2014. A central controller function supports work on the follow-up of the operating units – Property Management and Property Development. The controller department is in charge of operational reporting. Operational reports are prepared monthly and quarterly based on a standardised reporting package and submitted for comments/approval to executives with operational responsibility. Reviews and updates by executives with operational responsibility are made continuously throughout the year. Performance is monitored and assessed against budgets and forecasts, which are updated twice a year. Since 2009, Fabege has been producing rolling 12-month forecasts.

A central function prepares consolidated financial statements and other financial reports in close collaboration with the controller function, the operating units and the finance function. This work includes integrated control activities in the form of reconciliation with stand alone systems/specifications of outcomes for income and expense items and balancesheet items. The company’s operational reporting is developed and improved continuously in terms of both content and system support, as well as availability to executives with operational responsibility.

Information and communication

Management is responsible for informing the staff concerned about their responsibility to maintain good internal control. The company intranet and briefing sessions are used to ensure that employees are kept abreast of Fabege’s governing policies and guidelines. Responsibility for external information rests with the Communications Department. Investor Relations activities are based on principles for regular and accurate information in accordance with Nasdaq OMX Stockholm’s Rule Book for Issuers.

The aim is to improve knowledge of and build confidence in the company among investors, analysts and other stakeholders. In 2014, work toimprove information and access to information on the external website continued. Work to improve and further clarify the dissemination of information to the market continued and will do so during the coming year. During the autumn, a customer survey was conducted in order to better understand and satisfy customer requirements. At the end of the year, an employee survey was also performed. The company received high ratingsin both surveys.

Follow-up

The internal control system also needs to change over time. The aim is to ensure that this is monitored and addressed on an ongoing basis through management activities at various levels of the company, both through monitoring of the individuals responsible for each defined critical process, function and area and through ongoing evaluations of the internal controlsystem. In addition to financial reporting to the Board, more detailed reports are prepared, at more frequent intervals, in support of the company’s internal governance and control activities. Monthly reports are presentedand discussed at meetings of the Executive Management Team.

Management reports regularly to the Board based on the adopted instructions for financial reporting, which are designed to ensure that the information provided is relevant, adequate, up-to-date and appropriate.

The Audit Committee, which acts as the extended arm of the Board in monitoring the formulation and reliability of financial reports, also reports to the Board. In addition to familiarising itself with the content of and methods used in preparing financial reports, the Audit Committee has studied the way in which the more detailed and frequent internal reporting is used in evaluating and managing various areas of activity, thus providing an indication of the quality of the control environment. The Committee also performs regular reviews and evaluations of internal controls in respect of critical processes and regularly studies the results of the extern alauditors’ examinations of the company’s accounts and internal controls. The auditors examine the company’s financial reporting in respect of the full-year financial statements and review all quarterly interim reports.The Board regularly evaluates the information submitted by the Executive Management Team and the Audit Committee. Of particular significance is the Audit Committee’s task of monitoring management’s work on developing the internal controls and of ensuring that measures are taken to address proposals and any shortcomings that have been identified in the course of examinations by the Board, the Audit Committee or the external auditors.

The Board of Directors has informed itself through its members and through the Audit Committee of risk areas, risk management, financial reporting and internal control and has discussed risks for errors in financial reporting with the external auditors. In the course of its work on examining and evaluating internal controlin respect of critical processes in 2014, the Audit Committee found no reason to alert the Board’s to any significant issues in respect of internal control or financial reporting.

Internal auditing

To supplement the external auditing activities, Fabege is working to facilitate internal evaluations of critical processes. As a result of this work, and in view of the homogeneous and geographically limited nature of the company’s activities and its simple organisational structure, the Board has not found reason to set up a separate internal audit unit. The Board believes the monitoring and examination described above, coupled with the external audits, are sufficient to ensure that effective internal control of financial reporting is maintained.