Loomis Annual Report 2017 Corporate Governance Report 51
The Board of Directors’ Report on Internal Control and Risk Management
According to the Swedish Companies Act and the Swedish Corporate Governance Code, the Board of Directors has overall responsibility for ensuring the Group has an e cient system for internal control and risk management. Loomis’ Board of Directors continuously examines the e ciency of internal control of  nancial reporting and risk management and takes action to promote improved internal control.
Internal control and risk management
Loomis’ internal control and risk management relating to  nancial reporting is designed to ensure that the processes for preparing  nan- cial reports are highly reliable and that Loomis as a listed company complies with all relevant accounting standards and other require- ments. Internal control is an integrated part of Loomis’ corporate governance and also involves operational risk management as this is a key aspect of Loomis operations. Internal control involves the Board, Group Management and other employees at all levels within the orga- nization. Loomis’ internal control system is designed to manage rather than eliminate the risk of failing to reach business targets, and can only provide reasonable, but not absolute, assurance that no material errors or shortcomings will arise in  nancial reporting.
The Board makes an annual evaluation to determine if the Board needs to create a formal internal audit function. If needed the Board can decide on the implementation of extra assignments to be carried out by both the Company’s personnel or by external parties. In 2017 the Board decided to engage an external party to perform speci c in- ternal audit scrutiny.
Financial reporting
Loomis’ group-wide internal control of  nancial reporting is man- aged by the  nancial departments of the Group and the regions. Group Management and the Group’s Finance function have joint responsibility and are to oversee and verify that the Group has lo- cal routines in place to meet the stipulations in both global and lo- cal laws and regulations, and to ensure that  nancial reporting is accurate. Loomis has a regional structure responsible for monitor- ing and guiding the countries in each region. However, responsi- bility for compliance with laws and regulations, adherence to the
Group’s routines and procedures, internal control and accurate  - nancial reporting are the responsibility of each subsidiary and country management team.
Group Management and the Group’s Finance function are also responsible for following up on the work of external auditors. Any ob- servations and recommendations from the external auditors are ana- lyzed and discussed with the subsidiary in question and any action plans are communicated to the persons responsible who then take the necessary steps which are then followed up. The results of internal control work are reported to the Audit Committee upon request.
Operational risk management
Handling cash and other valuables in environments where there are criminal elements is associated with signi cant risk to both person- nel and property. Sound operational risk management is therefore one of Loomis’ most important success factors. For this reason, in addition to the process described above for internal control of  nan- cial reporting, Loomis has established a risk department to focus on operational risk management. This department has developed a strong understanding of the risks the Company is exposed to.
Understanding the risks is essential in order to assess which business risks should be avoided entirely and which risks can be managed. Loomis’ employees play a crucial role in controlling and reporting on the operational risks that the Company has decided are acceptable. Loomis’ operational risk management strategy is based on fundamental principles that are easy for all of the em- ployees to understand:
• No loss of life
• Balance between profitability and risk of theft and robbery.