Internal control
According to the Swedish Corporate Act, the board of directors is overall responsible for the company’s organisation and management of company affairs. Pandox's internal control system is designed to manage, rather than eliminate, the risk of failing to meet business-related objectives.
Internal control as a process
Internal control at Pandox is broadly defined as a process, affected by the board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
The framework of internal control
To develop and work with internal control in a structured way Pandox uses the COSO[1] framework, which is internationally accepted and commonly used by listed companies. According to COSO five components need to be in place to achieve good internal control. They are:
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
The control environment
The control environment sets the tone of an organisation, influencing the control consciousness of its people. Pandox strives to be close to its business and has a comprehensive set of financial guidelines and supporting policies central for the control environment.
Risk assessment
Pandox has a well-established operational risk assessment process in place, formed around the Pandox Model, which regularly addresses and documents key operational risks on an asset-by-asset basis.
Control activities
In order to prevent, detect and correct errors and deviations control activities are established in relation to the control targets. They help ensure that necessary actions are taken to address risks to achievement of Pandox's objectives. Pandox has a number of forums and activities, which monitors its operations on an ongoing basis. For instance, regular analyses of the financial results for each hotel and business unit cover the significant elements of assets, liabilities, revenues, costs and cash flow.
Information and communication
Pandox identifies, captures and communicates information in a form and timeframe that comply with the requirements of a listed company.
Monitoring
Supporting policies
Pandox has a number of policies, manuals and working instructions, supporting the internal control environment, for example a Communications policy, IT policy, Insider policy, Code of conduct and a comprehensive financial manual.
[1] COSO - Committee of Sponsoring Organisations of the Treadway Commission