10. Risk management and internal control
A prerequisite for Orkla’s system of decentralised responsibility is that the activities in every part of the Group meet general financial and non-financial requirements, and are carried out in accordance with the Group’s common norms and values.
A prerequisite for Orkla’s system of decentralised responsibility is that the activities in every part of the Group meet general financial and non-financial requirements, and are carried out in accordance with the Group’s common norms and values. The executive management of each company is responsible for risk management and internal control in the company with a view to ensuring:
- exploitation of business opportunities
- goal-oriented, safe, high-quality and cost-effective operations
- reliable financial reporting
- compliance with applicable legislation and regulations and
- operations in accordance with Orkla’s governing documents, including ethical and corporate responsibility standards
Orkla’s risk management system is fundamental to the achievement of these goals. To ensure ongoing risk monitoring in individual companies, all boards of operational subsidiaries are required to carry out a thorough analysis of the company’s risk picture and internal control function at least once a year, in addition to the risk analysis that is an integral part of the company’s decision-making processes.
Great importance is attached in Orkla’s governing documents, which are available to all employees through The Orkla Way web portal, to clarifying the standards that apply to Orkla’s businesses, and who is responsible for monitoring compliance with the various standards.
A dedicated compliance function was established in Orkla in 2016. The compliance staff have a special responsibility for ensuring follow-up and compliance in the fields of personal data protection, data security and anti-corruption and business ethics. The staff are also tasked with helping to coordinate and prioritise other compliance-related work in collaboration with compliance officers in the various companies and central Group functions.
Risk management at Orkla
The Group’s risk management lies within the remit of the finance functions and is intended to ensure that all risk of significance for Orkla’s goals is identified, analysed and effectively dealt with by business areas and specialised staffs. This entails, among other things:
- continuously monitoring important risk indicators in order to reassess the Group’s level of risk and associated risk mitigation measures, if necessary
- maintaining instructions and guidelines for risk management, emergency preparedness and business continuity
- assisting in the implementation of coherent risk management in routine operations and in connection with projects and major decisions
- presenting Orkla’s consolidated risk profile to the Group Executive Board, the Board of Directors and the Board’s Audit Committee
- facilitating the transfer of best risk management practices throughout the Group
- ensuring that formal risk assessments are uniformly carried out, presented, discussed and implemented by the Boards of the respective Group companies
- carrying out detailed risk analyses in certain specialised fields
- ensuring that Orkla’s risk management is in compliance with relevant regulatory requirements and reasonably satisfactory to Orkla’s stakeholders
- being responsible for selected measures to mitigate risk at Group level.
The Group’s risk management programme is reviewed on a regular basis.
Risk identification is also an important tool in preventive environment, health and safety (EHS) efforts, and the Senior Vice President EHS ensures the systematic, continuous follow-up of this work. All companies and businesses must prepare risk analyses and regularly update them. Orkla follows up on the risk analyses by means of internal EHS audits.
The internal audit function
As part of the Group’s internal control system, Orkla has an Internal Audit Department. The responsibilities of the Group’s Internal Audit Department are as follows:
- Verify that internal control procedures for reducing risk have actually been established and are functioning as intended
- Assist the Board of Directors, the Group Executive Board and the business areas by providing auditing expertise and capacity, which includes monitoring and control of selected companies in the Group;
- Be the recipient of and follow up on reports submitted under the Group’s whistle-blowing system on possible breaches of the Group’s Code of Conduct. Information on this system may be found on posters and notices at all Orkla businesses, on the Orkla intranet and on Orkla’s website under “Sustainability”/”Whistle-blowing” and below.
- Coordinate the choice of and monitor external auditors in the Group companies in accordance with the instructions of the Audit Committee
- Act as secretary to the Audit Committee. The Chief Auditor reports to the Board’s Audit Committee and is thus independent of line management
Business ethics and corporate responsibility
There is systematic focus on business ethics and corporate responsibility at Orkla. Reference is made to the separate statement on Corporate Responsibility at Orkla, see Orkla's Sustainability Report below.
The financial reporting process
The Orkla Group prepares and presents its financial statements in accordance with current IAS/IFRS rules.The Group’s governing documents are collected in The Orkla Way, and contain requirements and procedures for the preparation and presentation of interim reports and year-end reports. A set of Orkla Accounting Standards has also been drawn up, in which Orkla’s ten main principles for financial reporting are set out. Financial information is reported through the Group’s common reporting system, Hyperion Financial Management (HFM). Every month, each company reports figures in HFM, based on output from its own Enterprise Resource Planning (ERP) system. HFM has a general chart of accounts and built-in control systems in the form of data check accounts and check reports designed to ensure that the information is consistent. The reporting is expanded in the year-end reporting process to meet various requirements for supplementary information. The process of consolidating and checking financial data takes place at veral levels in the business areas.