Areas of responsibility
Attendo has a Group function responsible for internal control, which sets requirements and supports the Business Areas in their internal control work. The function works continuously to develop and improve internal control over financial reporting by means of preventative measures and annual reviews. The function works according to an annual plan and reports to the Audit and Risk Committee. Based on the work of the internal control function together with the external audit, Attendo has assessed that its financial reporting achieves sufficient accuracy without the need for an independent internal audit function. The Board of Directors regularly evaluates the need for an internal audit function.
Control environment
Attendo’s control environment is based on its strategy, goals and associated risks, as well as the company’s organisational and technical circumstances. The Board of Directors has overall responsibility for the internal control throughout the Group. This is executed through written instructions and working plans, which define the Board’s responsibilities and the allocation of duties among Board members, Board committees and the CEO. Internal control is further supported by Group policies as well as guidelines and instructions in each business area, along with the implemented responsibility and authority structure. The Audit and Risk Committee has a particular duty to represent the Board of Directors in matters concerning the consolidated accounts, taxation, risk management, internal control, external reporting, and auditing. The Audit and Risk Committee is also to regularly review and monitor the independence and impartiality of the auditor and support the AGM in connection with appointment of auditor. Responsibility for maintaining good internal control has been operationally delegated to the CEO.
Risk assesment
Attendo’s overall risk process is monitored by the Board and carried out by the legal function with support from the internal control function. Risk assessment regarding financial reporting proceeds from the degree of risk, that is, the impact on financial reporting and the likelihood that misstatements will occur. The control measures Attendo has implemented to manage the risk are also considered. The risk assessment is updated annually, and the results are reported to the Board of Directors.
Control activities and follow-up
The internal control function has devised a number of Group-wide controls for critical processes to ensure a consistent control environment. The business areas are responsible for ensuring that these controls are carried out. This is accomplished through self-assessments and internal audits, alongside assistance by the company’s external auditors.
The Group internal control function audits compliance with established control activities. The outcome of the self-assessments are reported to the Audit and Risk Committee.
Information and communication
Attendo’s framework and policies are made available via the intranet and other appropriate communication channels. Guidelines and instructions concerning financial reporting are included in Attendo’s Finance Manual and Accounting Manual, which are communicated to the employees concerned. Attendo’s Group Accounting Department is responsible for legal accounting and for implementing and communicating Group-wide accounting policies.
Internal control in 2025
During 2025, the work around risk assessment and risk monitoring, including internal control, has continued to be highly prioritised. The focus has been on information security and data protection, in line with NIS2, and on strengthening the internal control framework by developing existing processes and implementing processes linked to the CSRD.