The Board's report on the key aspects of the company's system for internal controls and risk management regarding financial reports

The Board is responsible for the internal controls according to  the Swedish Companies Act and the Swedish Code of Corporate Governance (the Code). The purpose of this report is to provide shareholders and other interested parties an understanding of how internal control is organized at Volvo with regard to financial reporting.

The report has been prepared in accordance with the Code and the guidance issued by the Confederation of Swedish Enterprise and FAR SRS and is thus limited to internal control over financial reporting. This report is included as a section in the Corporate Governance Report, but does not comprise a portion of the formal annual report. This report has not been reviewed by the company’s external auditors.

Introduction
Until March 2008 AB Volvo’s Series B shares were registered with the Securities and Exchange Commission (SEC) in the US. Volvo was subject to the Sarbanes-Oxley Act (SOX) until the B shares were deregistered from the SEC. SOX includes, among other things, comprehensive regulations regarding the evaluation of the internal control over the financial reporting.  

Also after the deregiotation from the SEC Volvo has maintained many principles for the internal controls of the financial reporting which were implemented when the Group had to comply with the SOX-regulations. Volvo primarily applies internal control principles introduced by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The COSO principles consist of five interrelated components. The components are: control environment, risk assessment, control activities, information and communication and follow-up.

Volvo has had a specific department for internal control since 2005. The aim of the Internal Control function is to provide support for management groups within business areas and business units, so that they are able to continuously provide good and improved internal controls relating to financial reporting. Work that is conducted through this function is based primarily on an evaluation methodology that has been developed for the purpose of complying with SOX requirements. The methodology is aimed at ensuring both compliance with directives and policies, as well as to create good conditions for specific control activities in key processes related to financial reporting. The Audit Committee is informed of the result of the work performed by the Internal Control function within Volvo with regard to risks, control activities and follow-up on the financial reporting.

Volvo also has an Internal Audit function with the primary task of independently verifying that companies in the Group follow the principles and rules that are stated in the Group’s directives, policies and instructions for financial reporting. The head of the Internal Audit function reports directly to the CEO, the Group’s CFO and the Audit Committee.

Control environment
Fundamental to Volvo’s control environment is the business culture that is established within the Group and in which managers and employees operate. Volvo works actively on communications and training regarding the company’s basic values as described in The Volvo Way, an internal document concerning Volvo's business culture, and the Group’s Code of Conduct, to ensure that good morals, ethics and integrity permeate the organization.

The foundation of the internal control process relating to the financial reporting is built up around the Group’s directives, policies and instructions, and the responsibility and authority structure that has been adapted to the Group’s organization to create and maintain a satisfactory control environment. The principles for internal controls and directives and policies for the financial reporting are contained in Volvo Financial Policies & Procedures (FPP), an internal book comprising all important instructions, rules and principles.

Risk assessment
Risks relating to the financial reporting are evaluated and monitored by the Board through the Audit Committee inter alia through identifying what types of risks that typically could be considered as material and where they would typically occur. The annual evaluation of internal control activities conducted by the Internal Control and Internal Audit functions, are based on a risk-based model. The evaluation of the risk that errors will appear in the financial reporting is based on a number of criteria. Complex accounting principles can, for example, mean that the financial reporting risks being inaccurate for those posts that are covered by such principles. Valuation of a particular asset or liability according to various evaluation criteria can also constitute a risk. The same is true for complex and/or changing business circumstances.

Control activities
In addition to the Board of AB Volvo and its Audit Committee, the Boards and management groups of Group companies constitute the overall supervisory body.

Several control activities are applied in the ongoing business processes to ensure that potential errors or deviations in the financial reporting are prevented, discovered and corrected.  Control activities range from review of outcome results in management group meetings to specific reconciliation of accounts and analyses of the ongoing processes for financial reporting. CFOs in Group companies are ultimately responsible for ensuring that control activities in the financial processes are appropriate and in accordance with the Group’s policies and instructions. They are also responsible for ensuring that authority structures are designed so that one person can’t perform an activity and then perform the control of the same activity. Control activities within IT security and maintenance are a key part of Volvo’s internal control over financial reporting.

Information and communication
Policies and instructions relating to the financial reporting are updated and communicated on a regular basis from management to all affected employees. In addition, there are a number of committees and networks within Volvo that serve as forums for information and discussions regarding issues relating to the financial reporting and application of internal rules. Included in these committees and networks are representatives from the business areas and the Group's staff units who are responsible for financial reporting. Work in these committees and networks is aimed, among other things, at ensuring a uniform application of the Group’s policies, principles and instructions for the financial reporting and to identify and communicate shortcomings and areas of improvement in the processes for financial reporting.

Follow-up
Ongoing responsibility for follow-up rests with the business area’s management groups and accounting and controller functions. In addition, the Internal Audit and the Internal Control functions conduct follow-up and supervision in accordance with what is adopted in the introduction of this report. The outcome of evaluation activities shall be reported to Group management and to the Audit Committee.