Board of Directors’ report on internal control

The Board is responsible for the internal control of the company, with the aim of safeguarding its assets and thus the interests of the shareholders. Through sound internal control, the Board ensures the reliability of Alfa Laval’s reporting and its compliance with legislation, regulations, applicable accounting policies and the company’s Business Principles. All communication and financial reporting are to be correct, relevant, objective and transparent.

Control environment

The control environment includes the internal governance instruments adopted by the Board for the company’s daily operations. The control instruments comprise policy documents, which are continuously assessed, reviewed and updated. These documents include, for example, the Board’s instructions, the CEO’s instructions, reporting instructions, the company’s treasury policy, business principles, insider policy and communication policy.

The Board has overriding responsibility for financial and sustainability reporting and must therefore, among other things, assess the performance and earnings of the operations through a package of reports including results, forecasts and analyses of key indicators. The Board also reviews the company’s interim reports, year-end report and Sustainability report, and shall meet with the external auditors at least once a year without the presence of the President or other members of Group management.

The President is subject to instructions issued by the Board. The President is responsible for ensuring an effective control environment and for the ongoing control work. Another part of the President’s responsibility is ensuring that the company’s accounting complies with legislation and that the management of assets is adequately performed. The President is further responsible for ensuring that all Board members regularly receive sufficient information to be able to assess the company’s financial position.

Group management is responsible for managing and maintaining the internal control systems required to manage significant risks in the company’s operating activities. Management is also responsible for clearly ensuring that all employees understand the requirements for and the individual’s role in maintaining sound internal control.

Alfa Laval follows the 3 lines of defence model to ensure a standardized and comprehensive approach to governance and risk management and establish adequate levels of ownership and accountability. The first line of defence is represented by the business operations which implement and maintain the control activities. The second line is represented by various group and oversight functions who also set directions, define policy and procedures, and have functional oversight. The third line is represented by the internal audit function that has the responsibility of providing independent and objective assurance over the internal control activities performed by the first and second line.

The Board’s Audit Committee is tasked with ensuring compliance with the principles for financial and sustainability reporting as well as internal control. The Committee follows up the effectiveness of the internal control system and reviews the financial procedures to ensure that the information can be traced back to underlying financial systems and that it is in line with legislation and relevant standards.

The Audit Committee examines procedures for reporting and financial controls as well as addressing the company’s financial and sustainability reports. It also monitors, evaluates and discusses significant issues related to accounting as well as financial and sustainability reporting. The Committee evaluates and manages information pertaining to disputes and potential improprieties, and assists management with identifying and evaluating mainly financial and similar risks that are relevant to the operations in order to ensure that the focus is on managing these risks. It also reviews the company’s information security system and the contingency plans in place to ensure delivery of financial information.

The Audit Committee has the right to determine the focus of the internal audit and is responsible for ensuring the efficiency of the function by assessing its activities, resources and structure. The Committee is also responsible for reviewing the results and recommendations of the internal audit to ensure that they are handled in an appropriate manner. The Committee is further responsible for reviewing the internal audit plan every six months to ensure that it addresses the relevant risk areas and for ensuring that there is suitable coordination between the internal and external audit.

The Audit Committee holds regular meetings with the external auditors and reviews their work, qualifications and independence. The results of the review are reported to the company’s Nominating Committee on an annual basis. The Audit Committee supports the Nominating Committee in its work to nominate auditors and conducts an annual review of the proposed scope of the audit. Reports are provided to the Board regarding internal meetings as well as meetings with the internal auditors, the external auditors and various specialists in Group management and its support functions. The Committee is responsible for reviewing significant results from the external audit and the recommendations issued by the external auditors as a result. It is also responsible for establishing guidelines that ensure the independence of the external auditors.

The Internal Audit function assists the Board of Directors and management in achieving its objectives by performing independent and objective internal audit assignments relating to the operation of risks, designed controls, required compliances and business processes. Internal Audit reports the conclusions from these audits to the Audit Committee – and proposes plans for the coming six to eight months. The internal auditors also issue reports from individual audits to the appropriate members of Group management. Procedures are in place for performing regular follow-up of the agreed actions to guarantee that specific actions are taken following the internal audit. These are based on an agreed schedule set with the party responsible for the individual activities. The Internal Audit Function comprises of internal auditors, internal specialist resources and external consultants. Internal audits encompass a broad spectrum of functions and issues determined by the Board of Directors. The areas audited include compliance with the systems, guidelines, policies and processes established for the Group’s business operations; the existence of systems to ensure that financial transactions are carried out, archived and reported in an accurate and lawful manner; and opportunities to improve management control, the company’s profitability and the organization, which may be identified during audits. In 2024, 37 internal audits were performed.

Risk assessment

Within the framework of the company’s operating activities and review functions, procedures are in place for risk assessments pertaining to the financial reporting. These procedures aim to identify and evaluate the risks that may affect internal control. The procedures encompass risk assessments in conjunction with strategic planning and acquisition activities as well as processes for identifying amendments to the accounting policies to ensure that they are accurately reflected in the financial reporting.

Control structures

Control structures are in place in all areas of the organization in order to prevent, identify and adjust errors or deviations. They manage the risks that the Board and management consider to be significant to the business, internal control and financial reporting. These structures comprise both an organization with clearly defined roles that enables an effective and – from an internal control perspective – appropriate division of responsibility, and specific control activities that enable the identification and timely prevention of risks becoming a reality. Control activities also include clearly defined decision-making processes with respect to, for example, investments, agreements, acquisitions and divestments, earnings analyses and other forms of analytical reviews, reconciliations, inventory-taking and automatic controls in the IT systems.

Information and communication

The company’s regulations, guidelines and manuals are communicated through several internal channels and the efficiency of this communication is monitored on an ongoing basis. There are formal and informal information channels that enable employees to communicate important information to relevant recipients and ultimately, if necessary, to the Board of Directors. Further, clear guidelines have been established for external communications, the aim of which is to provide the most accurate and relevant overview possible while at the same time ensuring that all obligations are met.

Follow-up

The internal control process is mainly followed up by two bodies: the Audit Committee and the Internal Audit Function. The Audit Committee establishes the principles that apply for the company with respect to accounting and financial reporting, and monitors compliance with these regulations.

The Audit Committee meets with the external auditors to obtain information about the focus and scope of the audit and to discuss results and coordination of the external and internal audits. In addition, the Committee establishes the direction, scope and time schedules for the work of the internal Audit team, whose audit results are reported to the Audit Committee and continuously to Group management so that any necessary measures may be taken.

Alfa Laval has implemented a management assessment process for key internal controls over business processes in the company. The managers and key employees evaluate their compliance through a control self-assessment for important internal controls in these business processes. The self-assessment is performed annually. Based on the results, the internal controls framework is improved and strengthened. This assists in risk-based evaluation and improvements of the business processes at Alfa Laval.

 

Lund, March 2025
Board of Directors