According to the Swedish Corporate Act, the board of directors is overall responsible for the company’s organisation and management of company affairs. Pandox's internal control system is designed to manage, rather than eliminate, the risk of failing to meet business-related objectives.

Internal control as a process

Internal control at Pandox is broadly defined as a process, affected by the board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  • Effectiveness and efficiency of operations
  • Reliability of financial reporting
  • Compliance with applicable laws and regulations
The framework of internal control

To develop and work with internal control in a structured way Pandox uses the COSO[1] framework, which is internationally accepted and commonly used by listed companies. According to COSO five components need to be in place to achieve good internal control. They are:

  • Control environment
  • Risk assessment
  • Control activities
  • Information and communication
  • Monitoring
The control environment

The control environment sets the tone of an organisation, influencing the control consciousness of its people. Pandox strives to be close to its business and has a comprehensive set of financial guidelines and supporting policies central for the control environment.

Risk assessment

Pandox has a well-established operational risk assessment process in place, formed around the Pandox Model, which regularly addresses and documents key operational risks on an asset-by-asset basis.

Control activities

In order to prevent, detect and correct errors and deviations control activities are established in relation to the control targets. They help ensure that necessary actions are taken to address risks to achievement of Pandox's objectives. Pandox has a number of forums and activities, which monitors its operations on an ongoing basis. For instance, regular analyses of the financial results for each hotel and business unit cover the significant elements of assets, liabilities, revenues, costs and cash flow.

Information and communication

Pandox identifies, captures and communicates information in a form and timeframe that comply with the requirements of a listed company.

Monitoring
Internal control deficiencies are reported upstream, with serious matters reported to group management and the board of directors. On-going operational monitoring includes regular meetings in a number of different forums. Operational and financial monitoring activities is done monthly and quarterly. Business review meetings are held ten times per year and kick-off Pandox Model meetings are held twice per year. Pandox's process for financial reporting is reviewed annually and documented in a yearly timetable. Internal steering documents are reviewed and updated at least yearly. Pandox financial performance is reviewed quarterly by the board of directors. The audit committee reviews all interim and annual reports before they are communicated publicly.
Supporting policies
Pandox has a number of policies, manuals and working instructions, supporting the internal control environment, for example a Communications policy, IT policy, Insider policy, Code of conduct and a comprehensive financial manual.

[1] COSO - Committee of Sponsoring Organisations of the Treadway Commission