The Board is responsible for the internal controls according to the Swedish Companies Act and the Code. The purpose of this report is to provide shareholders and other interested parties an understanding of how internal control is organized at Volvo with regard to financial reporting. The report has been prepared in accordance with the Annual Accounts Act. Consequently the report is limited to internal control over financial reporting.
Volvo primarily applies internal control principles introduced by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The COSO principles consist of five interrelated components. The components are: control environment, risk assessment, control activities, information and communication and follow-up.
Volvo has a specific function for internal control. The objective of the Internal Control function is to provide support for management groups within business areas and Group functions, that allows them to continuously provide solid and improved internal controls relating to financial reporting. Work that is conducted through this function is based primarily on a methodology, which aim is to ensure compliance with directives and policies, as well as to create good conditions for specific control activities in key processes related to financial reporting. The Audit Committee is informed of the result of the work performed by the Internal Control function within Volvo with regard to risks, control activities and follow-up on the financial reporting.
Volvo also has an Internal Audit function with the primary task of independently monitoring that companies in the Group follow the principles and rules that are stated in the Group’s directives, policies and instructions for financial reporting. The head of the Internal Audit function reports directly to the CEO, and in the new organization to the Group’s General Counsel and the Board’s Audit Committee.
Fundamental to Volvo’s control environment is the business culture that is established within the Group and in which managers and employees operate. Volvo works actively on communications and training regarding the company’s basic values as described in The Volvo Way, an internal document concerning Volvo’s business culture, and the Group’s Code of Conduct, to ensure that good morals, ethics and integrity permeate the organization.
The foundation of the internal control process relating to the financial reporting is built up around the Group’s directives, policies and instructions, as well as the responsibility and authority structure that has been adapted to the Group’s organization to create and maintain a satisfactory control environment. The principles for internal controls and directives and policies for the financial reporting are contained in Volvo Financial Policies & Procedures (FPP), an internal document comprising all important instructions, rules and principles.
Risks relating to financial reporting are evaluated and monitored by the Board through the Audit Committee inter alia through identifying what types of risks that typically could be considered as material and where they would typically occur. The annual evaluation of internal control activities conducted by the Internal Control and Internal Audit functions, are based on a risk-based model. The evaluation of the risk that errors will appear in the financial reporting is based on a number of criteria. Complex accounting principles can, for example, mean that the financial reporting risks being inaccurate for those posts that are covered by such principles. Valuation of a particular asset or liability according to various evaluation criteria can also constitute a risk. The same is true for complex and/or changing business circumstances.
In addition to the Board of AB Volvo and its Audit Committee, the management groups and other decision-making bodies in the business areas, Group functions and Group companies constitute the overall supervisory body.
Several control activities are applied in the ongoing business processes to ensure that potential errors or deviations in the financial reporting are prevented, discovered and corrected. Control activities range from review of outcome results in management group meetings to specific reconciliation of accounts and analysis of the ongoing processes for financial reporting. Responsibility for ensuring that control activities in the financial processes are appropriate and in accordance with the Group’s policies and instructions are compiled in the Group’s shared service center. Within the framework for the financial reporting, they are also responsible for ensuring that authority structures are designed so that one person cannot perform an activity and then perform the control of the same activity. Control activities within IT security and maintenance are a key part of Volvo’s internal control over financial reporting.
Information and communication
Policies and instructions relating to the financial reporting are updated and communicated on a regular basis from management to all affected employees. In addition, there are a number of committees and networks within Volvo that serve as forums for information and discussions regarding issues relating to the financial reporting and application of internal rules. Included in these committees and networks are representatives from the business areas and the Group’s staff units who are responsible for financial reporting. Work in these committees and networks is aimed, among other things, at ensuring a uniform application of the Group’s policies, principles and instructions for the financial reporting and at identifying and communicating shortcomings and areas of improvement in the processes for financial reporting.
Ongoing responsibility for follow-up rests with the business areas’ management groups and accounting and controller functions. In addition, the Internal Audit and the Internal Control functions conduct review and follow-up activities in accordance with what is described in the introduction of this report. More specifically, the Internal Control function runs and coordinates evaluation activities through the “Volvo Group Internal Control program”, which gives a systematic way of evaluating the quality and effectiveness of the internal control over financial reporting on a yearly basis. A yearly evaluation plan is settled and presented to the Audit Committee. This evaluation program comprises three main areas:
1. Control policies and guidelines: Self-assessment procedure carried out by management teams at business area and Group function levels as well as local company level. Main areas evaluated are the adherence to the Group’s financial directives and policies found in FPP along with The Volvo Way and the Group’s Code of Conduct.
2. Process controls at transaction levels: Processes related to the financial reporting are evaluated by testing of specific routines and controls based upon the Group’s framework for internal control over financial reporting, VICS – “Volvo Internal Control Standards”. The framework focus on the financial reporting areas deemed to have a relatively higher risk for potential errors because e.g. complex accounting principles, complex or changed business operations etc.
3. General IT controls: Processes for maintenance, development and access management of financial applications are evaluated by testing of routines and controls.
The results of the evaluation activities are reported to the Group management and the Audit Committee.
Göteborg, February 23, 2012
AB Volvo (publ)
Board of Directors