The Board’s description of the internal control with respect to the financial reporting for the 2016 financial year

Pursuant to the Swedish Companies Act and the Swedish Corporate Governance Code, the Board of Directors is responsible for the internal control. This entails, among other things, monitoring Duni’s financial reporting and efficiency in the Company’s internal control and risk assessment.

Internal control as regards financial reporting is aimed at providing reasonable certainty regarding the reliability of the external financial reporting in the form of annual reports and interim reports published by Duni each year, and to ensure that the financial reporting is prepared in accordance with law, applicable accounting principles, and other requirements imposed on listed companies. The internal control is also aimed at ensuring the quality of the financial reporting to company management and the Board of Directors so that decisions are taken based on correct grounds.

Duni describes the internal control system with respect to financial reporting based on the areas that constitute the basis for internal control in accordance with the framework issued by COSO, “Internal Control – Integrated Framework”, namely the following areas: control environment, risk assessment, control activities, information and communication, as well as monitoring.

With the support of the Audit Committee, Duni’s management is engaged in risk mapping in accordance with COSO 2013 and the 17 fundamental principles. Since this work is ongoing, Duni has chosen to describe the internal control system in relation to the 1992 version of the COSO framework.

Control environment

The rules of procedure of the Board and the instructions issued by the Board regarding the work of the CEO and board committees clearly define the allocation of responsibilities and powers, with the aim of ensuring efficient management of risks in the business operations. Duni has established an Audit Committee to review the instructions and routines used in the financial reporting process, as well as accounting principles and changes therein. Group management reports each month to the Board in accordance with established routines. Internal control instruments for the financial reporting consist primarily of finance policy, communications policy, and the Group’s finance handbook, which defines accounting and reporting rules.

In addition, Group management has formulated its view on how the business is conducted in an ethics policy, which is reviewed each year by the Board of Directors. Duni has an independent whistleblower system to which Duni employees and other external parties can report experienced or observed irregularities on the part of senior executives. The whistleblower may choose to be anonymous and the chairman of the Audit Committee, the CFO and the HR Director are recipients of the information.

Risk assessment and control

Material risks for the operations are analyzed by the Board as a part of the financial reporting. In addition, group management provides the Audit Committee with an overall risk analysis of income statements and balance sheets, as well as the factors which impact on them. Risk areas are documented and assessed based on likelihood and impact. Based on this, control processes are structured to ensure high quality in the financial reporting. The risk areas are evaluated by the Audit Committee at least once per year.

The organization structure together with the allocation of responsibilities and payment authorization procedure are clearly described and communicated by means of instructions and policies. The operations are organized into business areas with profit centers. The Audit Committee regularly communicates with the auditors in order to evaluate and improve the internal control. Duni has established a European accounting function which independently provides accounting services to the operations. This function complies with standardized procedures and routines. The head of the accounting function reports to the CFO.

Information and communication

Information, both externally and internally, is governed by Duni’s communications and IR policy. A specific section addresses responsibility, routines and rules. The policy is regularly evaluated to ensure that information to the stock market is consistently of a high quality and in accordance with the stock exchange rules. Financial information, such as quarterly reports, annual reports, and important events are published through press releases and on the Company’s website. Meetings with financial analysts are arranged regularly in connection with publication of quarterly reports. The intranet is the main source of information internally in the Company. Accounting handbooks and instructions regarding financial reporting are available on the intranet and these are regularly updated in light of changes to IFRS and other recommendations.

Monitoring

The Board and Audit Committee review all financial reports before they are formally approved by the Board. The Audit Committee receives regular reports from the auditor regarding the internal control and monitors significant issues. The Board receives a monthly written financial report covering sales, operating income, market trend, as well as other material information regarding the operations, and a review of current financial reports constitutes a standing item on the agenda at all meetings. Group management analyses each month the financial trend within the Group’s business areas. Monitoring through comparisons with the preceding year, against budget and plans, and through evaluation of the key performance indicators, takes place generally at all levels in the organization.

Statement regarding internal audit

Duni has found no need for a formal internal audit department. Duni has an accounting center in Poznan in Poland which functions as a centralized European accounting function providing accounting services to all subsidiaries in Europe, apart from Russia. The accounting center serves as a consulting agency to the countries in the Group which are not included in the center, namely, Russia, Singapore and Paper+Design in Germany. The accounting center operates based on standardized processes and routines, is independent of the operational business, and reports directly to the CFO. This centralized and independent process for accounting and financial reporting is considered to constitute a platform for sound internal control with respect to the financial reporting. Duni’s group accounts department also performs certain internal audit work in the form of, among other things, controls at subsidiaries.