Internal auditing and control
The board of directors’ responsibility for internal control is regulated by the Swedish Companies Act and the Swedish Annual Accounts Act, which require Starbreeze to provide information in the corporate governance statement about the key elements of its system for internal control and risk management in conjunction with annual financial reporting. The board of directors’ responsibility for internal control is also regulated in the Code. Accordingly, the board’s duties include ensuring that Starbreeze maintains good internal control and formalized procedures that ensure compliance with established principles of reporting and internal control and ensuring that appropriate systems exist for monitoring and control of the company’s operations and the risks associated with its operations.
The overarching purpose of internal control is to obtain reasonable assurance that the company’s operational strategies and objectives are followed up and shareholders’ investments protected. Internal control should also determine, with reasonable assurance, that external financial reporting is reliable and prepared in accordance with generally accepted accounting practices, compliance with applicable laws and regulations and compliance with rules applicable to listed companies.
Internal control at Starbreeze is based on a control environment that encompasses the organization, decision paths, duties and powers. The board of directors has a written charter that clarifies the board’s responsibilities and regulates the division of work among the directors. The board charter also specifies the issues that must be submitted to the board for decision. The division of roles between the board of directors and the chief executive officer is communicated in the board charter and in its Instruction to the CEO. In addition, the chief executive officer manages operations based on the Swedish Companies Act, other laws and ordinances, regulations applicable to listed companies, the Swedish Corporate Governance Code, etc. The board of directors monitors compliance with established principles of financial reporting and internal control and maintains appropriate relations with the company’s statutory auditor. Senior management is responsible for the internal control system required to manage material risks in ongoing operations. The audit committee also prepares matters for decision by the board in order to maintain a good control environment.
Risk assessment and control activities
A clear organization and decision-making procedures are intended to generate high risk awareness among employees and carefully considered risk-taking. Embedded internal control points are also intended to minimize the risk of misstatements in the accounts. Likewise, there are documented procedures for the management of the company’s finance and consolidation system. Ongoing monitoring and follow-up are applied to maintain good internal control and thus prevent and detect risks.
Material risks that affect internal control of financial reporting and operational controls are identified and managed at the Group, business area and subsidiary levels. The board audit committee is responsible for ensuring that material financial risks and risks of misstatements in financial reporting are identified and prepared for board decision, where applicable, on corrective measures to ensure accurate financial reporting. Special priority is awarded to identifying processes where the risk of material misstatement is relatively higher due to the complexity of the process or in contexts that involve high monetary values.
The board of directors tasks senior management with analyzing operations and identifying and quantifying the risks to which the Group is exposed. After the risks have been identified, they are ranked according to their probability and consequences. Based on this analysis, the company has designed a large number of controls in the areas of Finance, Management, IT, HR, Game Development and Publishing, Marketing and PR, and IR. A planned self-assessment process is conducted according to an established plan and the outcome is reported to the audit committee and the board of directors, who verify that the controls have been performed. The results, analysis and measures in connection with this process are reported directly to the audit committee and board of directors as outlined below.
Monitoring and follow-up
The board of directors continuously evaluates the information provided by senior management and the audit committee. The work of the board of directors also includes ensuring that measures are taken regarding any deficiencies, as well as measures recommended in connection with external audit and internal follow-up of internal control implemented by the company. After the board has received the initial analysis of internal control, the audit committee prepares a proposal for decision by the board of directors on measures to rectify the identified deficiencies and weaknesses.
Towards the end of the year, the audit committee receives a final report on the outcomes and status of internal control. Based on that report, the audit committee prepares a proposal on improvement measures for submission to the board.
The board is also provided regular reports on the Group’s financial position and development. The Group’s financial situation is reviewed at the end of each quarter and senior management analyses the profit and loss trend at the detailed level on a monthly basis and thereafter provides a summarized report to the board. At each meeting, the audit committee follows up on financial reporting and receives a special report from the auditors once a year concerning their observations.