The Board’s description of internal control with respect to the financial reporting for the 2017 financial year

Pursuant to the Swedish Companies Act and the Swedish Corporate Governance Code, the Board of Directors is responsible for internal control. Among other things, this entails monitoring Duni’s financial reporting and efficiency in the Company’s internal control and risk assessment.

Internal control as regards financial reporting is aimed at providing reasonable certainty regarding the reliability of external financial reporting in the form of the annual reports and interim reports published by Duni each year, and to ensure that financial reports are prepared in accordance with the law, applicable accounting standards, and other requirements imposed on listed companies. The internal control also aims to ensure the quality of financial reporting to Company management and the Board of Directors so that decisions are made based on the right grounds and established principles and guidelines are observed.

Duni describes the internal control system for financial reporting based on the areas that constitute the basis for internal control in accordance with the “Internal Control – Integrated Framework” issued by COSO, namely the following areas: control environment, risk assessment, control structure, information and communication, as well as monitoring.

With the support of the Audit Committee, Duni’s management is engaged in risk mapping in accordance with COSO 2013 and the 17 fundamental principles. Since this work is ongoing, Duni has chosen to continue describing the internal control system in relation to the 1992 version of the COSO framework.

Control environment

The rules of procedure of the Board and the instructions issued by the Board regarding the work of the CEO and board committees clearly define the division of responsibilities and powers with the aim of ensuring efficient management of risks in business operations. Duni has established an Audit Committee to review the instructions and procedures used in the financial reporting process as well as accounting principles and changes to them. Group Management reports each month to the Board in accordance with established procedures. Internal control instruments for financial reporting consist primarily of the finance policy, communications policy, and the Group’s finance handbook, which defines accounting and reporting rules.

In addition, Group Management has formulated its view on how business is to be conducted in a business ethics policy, which is reviewed each year by the Board of Directors. Duni has an independent whistleblower system to which Duni employees and other external parties can report experienced or observed irregularities on the part of senior executives. The whistleblower may choose to be anonymous and the chairman of the Audit Committee, the CFO and the HR Director are recipients of the information.

Risk assessment and control structure

Material risks for operations are analyzed by the Board as a part of financial reporting. In addition, Group Management provides the Audit Committee with an overall risk analysis of income statements and balance sheets as well as the factors that impact them. Risk areas are documented and assessed based on likelihood and impact. Based on this, control processes are structured to ensure high quality in financial reporting. The risk areas are evaluated by the Audit Committee at least once per year.

The organizational structure together with the division of responsibilities and payment authorization procedure are clearly described and communicated by means of instructions and policies. The operations are organized into business areas with profit centers. The Audit Committee regularly communicates with the auditors in order to evaluate and improve the internal control. Duni has established an accounting center for the European countries within Duni. The accounting center provides independent accounting services to the operations. The head of the accounting center reports directly to the Group CFO.

Information and communication

Information, both externally and internally, is governed by Duni’s communications and IR policy as well as its insider policy and guidelines. These address responsibilities, routines and rules. The policies are regularly evaluated to ensure that information disclosed to the stock market is consistently of a high quality and in accordance with the stock exchange rules. Financial information, such as quarterly reports, annual reports, and important events are published through press releases and on Duni’s website. Meetings with financial analysts are arranged regularly in connection with the publication of quarterly reports. The intranet is the main source of information internally in Duni. Accounting handbooks and instructions regarding financial reporting are available on the intranet and these are regularly updated in light of changes to IFRS and other recommendations.

Monitoring

The Board and Audit Committee review all external financial reports before they are formally approved by the Board. The Audit Committee receives regular reports from the auditors regarding the internal control and monitors significant issues. The Board receives a monthly written report covering sales, operating income, the market trend, as well as other material information regarding the operations, and a review of current financial reports constitutes a standing item on the agenda at all meetings. Group Management analyses the financial trend within the Group’s business areas each month. Comparisons with the preceding year, budgets and plans, and evaluation of the key performance indicators are used for monitoring generally at all levels in the organization.

Statement regarding internal audit

Duni has found no need for a formal internal audit department. Duni has an accounting center in Poznan, Poland, which functions as a centralized accounting function providing accounting services to all subsidiaries in Europe, apart from Russia. The accounting center along with the accounts department at the head office serve as consultants to the countries within the Group that are not included in the center, in other words, New Zealand, Russia, Singapore, Thailand and German company Paper+Design. The accounting center operates based on standardized processes and routines, is independent of the operational business, and reports directly to the CFO. They also have engagements from external customers, similar to the engagements they perform for Duni. This centralized and independent process for accounting and financial reporting is considered to constitute a platform for sound internal control with respect to financial reporting. Duni’s Group accounts department also performs certain internal audit work in the form of controls at subsidiaries.