Internal control framework
The Company's procedures for internal control are based on two perspectives, internal control and risk management with regard to the business operations and internal control and risk management with regard to financial reporting. The internal control shall ensure that the financial reporting provides a fair picture of the financial position of IES and that the operations continuously meet the requirements and expectations of a company that operates within publicly funded operations.
The board of directors of IES is ultimately responsible for ensuring that the Company complies with the requirements for internal control and control of its financial reporting. The board annually establishes a number of governance documents in order to support the actions of management and all employees in order to promote correct, complete and current accounting. Central documents include rules of procedure for the board of directors, instructions for the CEO, the work allocation between them and overall policies. The CEO of IES has delegated responsibility for implementation and enforcement of formalized routines for financial reporting and internal control to the CFO. Central elements, in addition to the Company's finance policy and other policies, are IES financing hand book. The finance policy has been subject to the board's review and approval.
In parallel with the procedures for financial accounting and reporting, the internal control and risk management of IES is largely based on a systematic quality work. IES has developed its own quality system through the internal procedures. Additionally, the business operations are regularly reviewed by the Swedish Schools Inspectorate.
Within the framework of the IES quality management system, the internal control includes, control of the Company's and the Group's organization and implementation of annual customer, parent and employee surveys at school level, where levels below certain limits result in action plans and further control and monitoring measures. Within the Group's operations, internal audits verify that the operations meet the requirements of laws, regulations and other rules, as well as serving as tools for learning, development and quality work, have been carried out for many years. The audits are carried out by the management and through central resources and include document studies, business visits and interviews with school management, personnel and students and where deficiencies are identified, action plans are presented. In order to monitor and control ongoing regulatory and inspection cases, case logs of all pending cases are kept.
The Group's head of academics and school lawyer prepare and keep a continually updated list of units for which specific risks and deficiencies exist. These are reported to the Group management which decides whether specific actions are necessary.
IES is characterized by high growth rates due to new establishments. IES has well developed routines for newly established operations for the purpose of integrating and to ensure that they are aligned with the Company's quality and financial procedures.
To summarize, the control environment of IES is based upon:
- Steering and follow-up actions by the board and its audit committee
- Steering documents such as work procedures, policies and financing policy
- Continuing follow-up and reviews
- The Company's organization and clear delegation of competence and demands of accountability
- Well established ethical guidelines and the Company's promises to students and parents
- A well-developed internal system for quality management
IES performs an overall risk assessment for the operations annually. In line with what has been described in other parts of the Prospectus, the operations are characterized by relatively low risks within areas such as credit risk (largely public clients/counterparts), market risk (stable markets and income based on a continuous need for education services, demographic developments and rates of price increases) and low risk of corruption or financial irregularities. The risks most important to manage, as assessed by the Company, are quality risk – that is, the risk that the quality does not meet authorit IES or students' requirements – and political risk, based on the fact that the operations are to a large extent conditional upon politically decided frameworks. Both these risks are best managed by a model for quality management, clear ethical guidelines and considerable transparency in the Company's operations. The audit committee is responsible for securing a procedure for risk assessment and management of financial reporting.
The Company continuously reviews and controls the Company's operations in relation to established goals. The board's follow-up measures will, from the listing and forward, primarily be carried out by the audit committee, for example by following up on the management's and the external auditors' reports.
The internal control system aims to ensure both the reliability of financial reporting and the monitoring of the Group's quality results. It shall also guarantee the necessary monitoring of compliance with the Group's policies, principles and instructions. Internal controls shall also ensure that the consolidated financial statements are prepared in accordance with the law and with applicable accounting standards, and that other requirements of the Group are met. Internal control over financial reporting has a number of main elements:
- The organizational structure of competence developed and documented in the order of attestation, which requires that at least two individuals review and approve transactions and costs;
- The documentation of financial procedures and policies found in the Group's financing handbook and financial policies;
- The procedures by which individuals at several levels in the organization analyze the financial results before external reporting occurs; and
- The audit committee's duty to supervise financial reporting and internal control.