Internal Control & Risk Management

Overall Control Environment

The Supervisory Board and ExCom have overall responsibility for the Carlsberg Group’s control environment. The Audit Committee is responsible for monitoring the effectiveness of the internal control and risk management systems related to the financial reporting process on an ongoing basis.

The Group has a number of policies and procedures in key areas of financial reporting, including the Finance Policy, the Accounting Manual, the Controller Manual, the Use of Auditors Policy, the Chart of Authority, the Risk Management Policy, the Financial Risk Management Policy, the Corporate Governance Policy, the Information Security and Acceptable Use Policy, the Records Management & Personal Data Protection Policy, the Stock Exchange Compliance Policy, the Tax Policy, and the Code of Ethics and Conduct.

The policies and procedures apply to all subsidiaries, and similar requirements are set out in collaboration with the partners in joint ventures.

Risk Assessment

With the implementation of the control framework for financial reporting, the Group has identified the risks that could have a direct or indirect material impact on the financial statements. Group entities are required to document transaction processes and the controls in place to cover the key risks identified. The minimum requirements for documenting the risks must be set out in the framework and visualised in the processes.

Group entities are required to reassess their controls biannually and must update changes to the control framework for financial reporting, including new risks and controls.

Control Activities

The Group has a formalised financial reporting process for the strategy process, budget process, estimates and monthly reporting on actual performance. The accounting information reported by all Group companies is reviewed both by controllers with regional or functional in-depth knowledge of the individual companies/functions and by technical accounting specialists.

Controllers are continuously updated on best practice relating to internal financial controls, and trained in new accounting and reporting requirements.

The entities in the Group are dependent on IT systems. Any weaknesses in the system controls or IT environment are compensated for by manual controls in order to mitigate any significant risk relating to the financial reporting.