Internal control over financial reporting
According to the Swedish Companies Act and the Code of Governance, the Board has overall responsibility for establishing and monitoring an effective system for internal control. The purpose of this report is to provide shareholders and other parties with an understanding of how internal control is organised at Lundin Petroleum.
Internal control system for financial reporting
An internal control system for financial reporting can only provide reasonable and not absolute assurance against material misstatement or loss, and is designed to manage rather than eliminate the risk of failure to achieve the financial reporting objectives.
Lundin Petroleum’s system for internal control over financial reporting is based on the Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The five components of this framework are control environment, risk assessment, control activities, information and communication and monitoring activities.
The Internal Audit function is responsible for providing independent and objective assurance on internal control, governance and risk management. This work includes regular audits performed in accordance with an annual risk based internal audit plan, which is approved by the Audit Committee. The audit plan is derived from an independent risk assessment conducted by the Internal Audit function and is designed to address the most significant risks identified associated with the Company’s operations and processes. The audits are executed using a methodology for evaluating the design and effectiveness of internal controls to ensure that risks are adequately addressed and processes are operated effectively. Opportunities for improving the efficiency of the internal control, governance, and risk management processes which have been identified through the audits are reported to management for action.
The Internal Audit Manager has a direct reporting line to the Audit Committee and submits regularly reports on findings identified in the audits together with updates on the status of management’s implementation of agreed actions.
The five key components
Lundin Petroleum’s Financial Reporting Internal Control System consists of five key components, as described below and is based upon the Committee of Sponsoring Organisations of the Treadway Commission (COSO) framework. The Group applies the updated version of the COSO framework with its 17 principles. The internal control of financial reporting is a continuous evaluation of the risks and control activities within the Group. The evaluation work is an ongoing process that involves internal and external benchmarking, as well as improvement and development of control activities.
Significant internal documents that form the control environment at Lundin Petroleum:
- The Code of Conduct: the Code of Conduct sets out the principles by which Lundin Petroleum is guided and describes the responsibilities it has towards its stakeholders.
- The Anti-fraud Policy: this policy outlines the employees’ responsibilities with regard to fraud prevention, what to do if fraud is suspected and what action will be taken by management in the case of suspected or actual fraud.
- The Whistleblowing Policy: this policy was adopted to complement the anti-fraud policy as a means to address serious concerns that could have a significant impact on the Group.
- The Authorisation Policy: this policy defines the limits of authority that are applicable within the Group.
- The Group Accounting Principles Manual: this manual outlines the Group’s accounting principles and explains how transactions are to be accounted for and requirements for disclosure. The manual focuses upon the accounting policies to be applied in accordance with International Financial Reporting Standards (IFRS).
- The Finance and Accounting Manual: this manual describes the day-to-day financial procedures within the Group.
- The Risk Management Policy: the risk management policy establishes a common understanding of the Company’s minimum requirements and principles to be followed in relation to the management of risk for all activities undertaken by the Group.