According to the Swedish Companies Act and the Swedish Corporate Governance Code, the Board of Directors is responsible for internal control and risk management.
Loomis’ internal control system is designed to manage, rather than eliminate, the risk of failing to reach business-related goals.
Loomis’ group-wide internal control of financial reporting is managed by the financial departments of the Group and the regions. Group management and the Group’s financial department have joint responsibility and are to oversee and verify that the Group has local routines in place to meet the provisions in both global and local laws and regulations, and to ensure that the financial reporting is accurate.
Since 2012 Loomis is divided into regions responsible for monitoring and guiding the countries in each region. Loomis believes the regional structure strengthens the Group’s internal control. However, responsibility for compliance with laws and regulations, adherence to the Group’s routines and procedures, internal control and accurate financial reporting are the responsibility of each subsidiary and country management team.
Operational risk management
Handling cash in environments where there are criminal elements is associated with significant risk to both personnel and property. Sound operational risk management is therefore one of Loomis’ most important success factors. For this reason Loomis has established a risk department to focus on operational risk management. This department has developed a strong understanding of the risks the operations are exposed to.
The Board of Directors evaluates future business opportunities and risks and draws up a strategy for the Group. Group management and the respective country management are responsible for managing operational risk. Group management has responsibility for identifying, evaluating and managing risk, and for implementing and maintaining risk control systems in line with the policies adopted by the Board of Directors. Each country management team is responsible for ensuring that there is a process in their country aimed at promoting risk awareness. Operational branch managers and the individuals in charge of risk management in each country are responsible for ensuring that risk management is an integral part of their local operation at all levels in the country’s organization.
The control environment forms the foundation for internal control by creating the culture and the values based upon which Loomis operates. This part of the internal control structure includes the prevailing core values that exist, and how authority and responsibility structures are communicated and documented in governing documents such as internal policies and instructions.
Loomis has adopted a number of policies and governing documents for areas of key importance and these are evaluated and updated annually or as needed. The policies and governing documents include:
- Code of Conduct
- Financial Policy
- Purchase procedures
- Guidelines for Relationships
- Customer Contract Policy
- Risk Management Policy
- Internet and IT Policy
- Information Security Policy
- Insider Policy
- Communication Policy
- Internal Control Requirements