Internal Control over Financial Reporting

We have a system for Internal Control over Financial Reporting (ICFR) to ensure reliable and timely financial information in our monthly, quarterly and annual reports. We base our ICFR work on the COSO 2013 framework for internal control, published by the Committee of Sponsoring Organizations of the Treadway Commission.

Our management system, “The Statkraft Way”, ensures a good control environment and contributes to achieving the Group’s goals and intentions. Internal control requirements have been incorporated into the relevant internal control area, for instance HSE, Ethics, ICT, corporate responsibility and financial reporting.

A solid management system combined with a strong control environment is the fundament for our further work with ICFR.

Internal Control over Financial Reporting

The ICFR system shall ensure reliable and timely financial information. All subsidiaries are required to comply with the ICFR requirements as described in “The Statkraft Way” and in our Finance Manual. The same applies for associated companies, joint operations and joint ventures where Statkraft is responsible for the book-keeping and financial reporting. If a third party is responsible for the book-keeping and statutory reporting of the partly owned company, the responsible segment shall perform compensating controls.

The board assumes the executive responsibility for having a well-functioning ICFR system in the Group. The main elements of the ICFR system are Risk assessment, Evaluation of control design, Continuous performance and monitoring, Self-assessment and review and Reporting are:

  1. Risk assessment
    The Group's ICFR Network performs an annual assessment of the Group's risk of having errors in the financial reporting. The result of this risk assessment is documented in a financial reporting risk map presenting the likelihood of the risk to occur and the consequence in the financial report given that the risk occurs. The risk map is presented to the Audit Committee.
  2. Evaluation of control design
    Business and support processes for handling the financial reporting risks are identified and assessed. The purpose of this work is to verify if we have the appropriate controls in place to mitigate risk sufficiently. For the identified controls, we describe how these shall be performed, documented and reviewed. In addition, we describe who is responsible for implementing them. The control descriptions are available for all employees from the Finance Manual.
  3. Continuous performance and monitoring
    For each control, we have defined how often the control shall be performed and who is responsible for performing and reviewing the control. The controls shall be performed monthly, quarterly or yearly and managers are responsible for compliance with the control requirements.
  4. Self-assessment and review
    Monthly and on sample basis, the ICFR department reviews compliance with the ICFR requirements. The result of this review is reported to management. Yearly, managers shall perform a self-assessment of how the controls are performed and documented throughout the fiscal year. The result of the self-assessment is presented to the Audit Committee.
  5. Reporting
    We report to the Audit Committee twice per year; the Group’s financial reporting risk assessment is reported in August and the result of the self-assessment is reported in March. If a material breach of the ICFR requirements has occurred, this will be reported to the Audit Committee.

VP FRC - Internal Control is responsible for managing the ICFR system and for assisting management in monitoring compliance with the ICFR requirements. VP FRC - Internal Control is responsible for training and supporting implementation of ICFR requirements. VP FRC – Internal Control reports to the Senior Vice President Financial reporting and accounting who in turn reports to the CFO.

Statkraft has in Q4 2015 implemented and rolled out a new support system, GRC tool, for the ICFR process. This support system will amongst others facilitate efficient monitoring of control performance and review results.