Internal control

This section includes a description of the most important internal control routines regarding Vattenfall’s financial reporting.

Control environment

The formal decision-making structure in the Group is based on the division of responsibility between the Board and CEO, which is laid forth in the Board’s Rules of Procedure. The Board has established Vattenfall’s Group-wide Code of Conduct, which defines the obligation of all employees to adhere to Vattenfall’s company philosophy, Code of Conduct, core values, and norms for the employees. The Vattenfall Management System (VMS), which has been established by the CEO, contains governing documents that include, among other things, Group instructions for authorisations, governance, risk management and internal control.

Vattenfall applies the “three lines of defence” model, in accordance with the Basel II recommendations, where management and control of risks are divided into three lines of defence. The first line of defence consists of the Business Units, which own and manage risks. The risk organisation makes up the second line of defence and is responsible for monitoring risks. The auditor is the third line of defence and performs an independent review and oversight of both the first and second lines of defence.

Risk analysis

The rules and outcome of the Group’s risk assessment and risk management processes are reviewed by the Board each year. The Group’s risk management and reporting are coordinated by a central risk committee. The Board evaluates and monitors risks and the quality of financial reporting via the Audit Committee, which maintains continuous and regular contact with the Group’s internal and external audit functions in order to evaluate risk in the financial reporting.

The VMS includes a framework for internal control that identifies and defines material risks related to financial reporting. The Finance Compliance function within the Staff Function Finance performs yearly analyses of risks related to financial reporting and is responsible for updating this framework.

Control activities and monitoring

The  Board monitors the parent company’s and Group’s financial position and addresses this matter at every ordinary Board meeting. The EGM has regular follow-up meetings on the financial outcome with the management and finance functions of Vattenfall’s various Business Divisions, Staff Functions and Shared Service units. The VMS contains governing documents for the essential financial reporting processes. The VMS serves as a platform for internal control for all units within the Group.

The Finance Compliance function is responsible for overseeing self assessments, follow-up, reporting and improvements in the control activities for financial reporting. These control activities are intended to prevent, discover and correct errors in the financial reporting. The Finance Compliance function reports to Vattenfall’s CFO and Audit Committee.

Internal Audit’s work involves, among other things, evaluating and reviewing risk management, compliance with policies, rules and instructions, and the effectiveness of internal control in the financial reporting. Internal Audit reports to the Executive Group Management, to the management teams in the various countries and units, and to Vattenfall’s Audit Committee.

Information and communication

Information about the Group’s policies, instructions, guidelines and manuals is posted on Vattenfall’s intranet, which is accessible to all employees in the Group. The Group’s accounting and reporting policies are laid out in the Group reporting manual. Updates and changes of these policies are communicated on a continuous basis via Vattenfall’s intranet as well as at meetings with representatives of Vattenfall’s Business Divisions, Staff Functions and shared service units.