Internal control as a process
Internal control at Pandox is broadly defined as a process, affected by the board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
The framework of internal control
To develop and work with internal control in a structured way Pandox uses the COSO framework, which is internationally accepted and commonly used by listed companies. According to COSO five components need to be in place to achieve good internal control. They are:
- Control environment
- Risk assessment
- Control activities
- Information and communication
The control environment
The control environment sets the tone of an organisation, influencing the control consciousness of its people. Pandox strives to be close to its business and has a comprehensive set of financial guidelines and supporting policies central for the control environment.
Pandox has a well-established operational risk assessment process in place, formed around the Pandox Model, which regularly addresses and documents key operational risks on an asset-by-asset basis.
In order to prevent, detect and correct errors and deviations control activities are established in relation to the control targets. They help ensure that necessary actions are taken to address risks to achievement of Pandox's objectives. Pandox has a number of forums and activities, which monitors its operations on an ongoing basis. For instance, regular analyses of the financial results for each hotel and business unit cover the significant elements of assets, liabilities, revenues, costs and cash flow.
Information and communication
Pandox identifies, captures and communicates information in a form and timeframe that comply with the requirements of a listed company.
Internal control deficiencies are reported upstream, with serious matters reported to group management and the board of directors. On-going operational monitoring includes regular meetings in a number of different forums. Operational and financial monitoring activities is done monthly and quarterly. Business review meetings are held ten times per year and kick-off Pandox Model meetings are held twice per year. Pandox's process for financial reporting is reviewed annually and documented in a yearly timetable. Internal steering documents are reviewed and updated at least yearly. Pandox financial performance is reviewed quarterly by the board of directors. The audit committee reviews all interim and annual reports before they are communicated publicly.
Pandox has a number of policies, manuals and working instructions, supporting the internal control environment, for example a Communications policy, IT policy, Insider policy, Code of conduct and a comprehensive financial manual.
 COSO - Committee of Sponsoring Organisations of the Treadway Commission