Board of Directors’ report on internal control

The Board is responsible for the internal control of the company, with the aim of safeguarding its assets and thus the interests of the shareholders. Through sound internal control, the Board ensures the reliability of Alfa Laval’s reporting and its compliance with legislation, regulations, applicable accounting policies and the company’s Business Principles. All communication and financial reporting are to be correct, relevant, objective and transparent.

Control environment

The control environment includes the internal governance instruments adopted by the Board for the company’s daily operations. The control instruments comprise policy documents, which are continuously assessed, reviewed and updated. These documents include, for example, the Board’s instructions, the President’s instructions, reporting instructions, the company’s finance policy, business principles, investment policy and communication policy.

The Board has overriding responsibility for financial reporting, among other things, and must therefore assess the performance and earnings of the operations through a package of reports including results, forecasts and analyses of key indicators. The Board also reviews the company’s interim reports and year-end report and shall meet with the external auditors at least once a year without the presence of the President or other members of Group management.

The President is subject to instructions issued by the Board and is responsible for ensuring an effective control environment. The President is also responsible for the ongoing control work and for ensuring that the company’s accounting complies with legislation and that the management of assets is adequately performed. The President is also responsible for ensuring that all Board members regularly receive sufficient information to be able to assess the company’s financial position.

Group management is responsible for managing and maintaining the internal control systems required to manage significant risks in the company’s operating activities. Management is also responsible for clearly ensuring that all employees understand the requirements for and the individual’s role in maintaining sound internal control.

Alfa Laval follows the 3 lines of defence model to ensure a standardized and comprehensive approach to governance and risk management and establish adequate levels of ownership and accountability. The first line of defence is represented by the business operations which implement and maintain the control activities. The second line is represented by various group and oversight functions who also set directions, define policy and procedures, and have functional oversight. The third line is represented by the internal audit function that has the responsibility of providing independent and objective assurance over the internal control activities performed by the first and second line.

The Board’s Audit Committee is tasked with ensuring compliance with the principles for financial reporting and internal control. The Committee follows up the effectiveness of the internal control system and reviews the financial procedures to ensure that the information can be traced back to underlying financial systems and that it is in line with legislation and relevant standards.

The Committee examines procedures for reporting and financial controls as well as addressing the company’s financial reports. It also monitors, evaluates and discusses significant issues related to accounting and financial reporting. The Committee evaluates and manages information pertaining to disputes and potential improprieties, and assists management with identifying and evaluating mainly financial and similar risks that are relevant to the operations in order to ensure that the focus is on managing these risks. It also reviews the company’s information security system and the contingency plans in place to ensure delivery of financial information.

The Audit Committee has the right to determine the focus of the internal audit and is responsible for ensuring the efficiency of the function by assessing its activities, resources and structure. The Committee is also responsible for reviewing the results and recommendations of the internal audit to ensure that they are handled in an appropriate manner. It is responsible for reviewing the internal audit plan every six months to ensure that it addresses the relevant risk areas and for ensuring that there is suitable coordination between the internal and external audit. The Audit Committee holds regular meetings with the external auditors and reviews their work, qualifications and independence, and the results of this review are reported to the company’s Nominating Committee on an annual basis. The Audit Committee supports the Nominating Committee in its work to nominate auditors and conducts an annual review of the proposed scope of the audit. Reports are provided to the Board regarding internal meetings as well as meetings with the internal auditors, the external auditors and various specialists in Group management and its support functions. The Committee is responsible for reviewing significant results from the external audit and the recommendations issued by the external auditors as a result. It is also responsible for establishing guidelines that ensure the independence of the external auditors.

The internal auditors review and implement improvements to the internal control function, conduct internal audits – which are reported to the Audit Committee – and propose plans for the coming six to eight months. The internal auditors also issue reports from individual audits to the appropriate members of Group management. Procedures are in place for performing regular reviews of the agreed actions to guarantee that specific actions are taken following the internal audit. These are based on an agreed schedule set with the party responsible for the individual activities. The Internal Audit Function comprises of internal auditors, internal specialist resources and external auditors. Internal audits encompass a broad spectrum of functions and issues determined by the Board. The areas audited include: compliance with the systems, guidelines, policies and processes established for the Group’s business operations; the existence of systems to ensure that financial transactions are carried out, archived and reported in an accurate and lawful manner; and opportunities to improve management control, the company’s profitability and the organization, which may be identified during audits. In 2023, 37 internal audits were performed.

Risk assessment

Within the framework of the company’s operating activities and review functions, procedures are in place for risk assessments pertaining to the financial reporting. These procedures aim to identify and evaluate the risks that may affect internal control. The procedures encompass risk assessments in conjunction with strategic planning and acquisition activities as well as processes for identifying amendments to the accounting policies to ensure that they are accurately reflected in the financial reporting.

Control structures

Control structures are in place in all areas of the organization in order to prevent, identify and adjust errors or deviations. They manage the risks that the Board and management consider to be significant to the business, internal control and financial reporting. These structures comprise both an organization with clearly defined roles that enables an effective and – from an internal control perspective – appropriate division of responsibility, and specific control activities that enable the identification and timely prevention of risks becoming a reality. Control activities also include clearly defined decision-making processes and a policy for decision-making with respect to, for example, investments, agreements, acquisitions and divestments, earnings analyses and other forms of analytical reviews, reconciliations, inventory-taking and automatic controls in the IT systems.

Information and communication

The company’s regulations, guidelines and manuals are communicated through several internal channels and the efficiency of this communication is monitored on an ongoing basis. There are formal and informal information channels that enable employees to communicate important information to relevant recipients and ultimately, if necessary, to the Board of Directors. Clear guidelines have also been established for external communications, the aim of which is to provide the most accurate and relevant overview possible while at the same time ensuring that all obligations are met.

Follow-up

The internal control process is mainly followed up by two bodies: the Audit Committee and the Internal Audit Function. The Audit Committee establishes the principles that apply for the company with respect to accounting and financial reporting, and monitors compliance with these regulations.

The Committee meets with the external auditors to obtain information about the focus and scope of the audit and to discuss results and coordination of the external and internal audits. In addition, the Committee establishes the direction, scope and time schedules for the work of the internal audit team, whose audits are reported to the Audit Committee and continuously to Group management so that any necessary measures may be taken. The scope of the internal audit includes, among other factors, operational efficiency, compliance with regulations and guidelines, and the quality of financial reporting from the subsidiaries.

Alfa Laval has implemented a management testing process for key internal controls over business processes in the company. The managers and key employees evaluated their compliance through a control self-assessment test for important internal controls in these business processes and will perform this on an annual basis. Based on the results, the internal controls framework will be strengthened and assist in risk-based valuation of the business processes at Alfa Laval.

Lund, March 2024
Board of Directors