Internal control
The framework used as a basis for Pandox’s work on and description of internal governance and control is COSO, the Committee of Sponsoring Organizations of the Treadway Commission. COSO provides a structure for internal control based on five components: control environment, risk assessment, control activities, monitoring activities, and information and communication.
According to the Swedish Companies Act and the Code, Pandox’s Board of Directors is responsible for the Company’s internal control. This report has been prepared in accordance with the Annual Accounts Act and the Code and is mainly intended to describe internal control and risk management with respect to financial reporting.
Control environment
The Board of Directors has overall responsibility for ensuring good internal control and effective risk management. Every year the Board of Directors adopts work procedures that define the Board’s responsibilities and the distribution of duties among the board members. The Board exercises its control primarily by annually adopting policy documents, CEO instructions, delegation rules, instructions for financial reporting, business targets and strategies, as well as business plans and a budget.
The control environment provides a basis for good internal control over financial reporting. Pandox works continually to define, document and adapt an organisational structure, decision paths, responsibilities and powers that strengthen Pandox’s corporate culture and control environment.
Risk assessment
Risk assessment with respect to financial reporting involves identifying the procedures and income statement and balance sheet items in which there is a risk that errors, incomplete information or irregularities may arise if there is insufficient control built into the routines. Risk assessment includes analysing whether any errors could occur and if so, how they may occur and in which part of the process. Pandox’s risk assessment has identified items where the risk of significant errors is the highest. These are items involving substantial transactions or where the processes are highly complex and require strong internal control.
An assessment of the risk of errors in financial reporting is performed annually for each line in the income statement, statement of financial position and cash flow statement. For items that are significant and/or associated with an elevated risk of errors, special procedures are employed to minimise the risks. The three main areas of risk are:
• Property valuation
• Financing activities
• Investment and renovation programmes
Pandox has a well-established operational risk model (the Pandox Method). It is used to evaluate and document identified risks associated with the hotel properties and is an important part of Pandox’s overall work on risk. Based on an individual business plan for each hotel property, it creates the conditions for increased cash flow and lower risk. The risk model also provides knowledge that can be beneficial when pursuing business opportunities.
The four parts of the Pandox Method are:
• Market analysis
• Marketing strategy
• Profitability optimisation
• Agreement optimisation
There is an individual business plan for each hotel property. Twice a year a review of all the hotels and properties is performed and the business plan is updated based on the Pandox Method. Recurring operational risk areas are revenue/occupancy, property operation/maintenance, lease issues and investments. The most significant risks are documented in a “Hot Pile” and, where relevant, are followed up at monthly executive management meetings. Topics discussed at these meetings include any impact from macroeconomic forces, the hotel market cycle, geographic exposure and operator/brand exposure, hotel demand, supply of new capacity, competitors etc.
In its role as an active hotel property owner and in cooperation with its lease partners, Pandox makes every effort to identify joint investment and renovation programmes to ensure that the hotels are competitive and play a part in increasing cash flow. Pandox takes a long-term perspective and has a structured process for managing, implementing and following up on invest-ments. Pandox normally works according to three- to five-year maintenance plans and implements specific projects for cash flow-driving investments. For investments exceeding MSEK 10, a memorandum is submitted to the Board for approval. An in-vestment budget is established every year in connection with the preparation of the budget and business plan, which is adopted by the Board of Directors and adjusted on a quarterly basis. The outcome of the investments is monitored in relation to the budget and reported to the Board.
Interest expense is Pandox’s largest expense item. Interest expense is affected by market interest rates and by credit institution margins, as well as by Pandox’s strategy with respect to fixed interest rates. With a fairly high proportion of loans in foreign currency, interest expense is also affected by fluctuation in exchange rates.
The majority of Pandox’s credit facilities have a variable rate of interest. Interest rate derivatives – mainly interest rate swaps – are used to manage interest rate risk and increase the predictability of Pandox’s earnings. Variable interest rates are partially swapped through interest rate swaps, giving Pandox fixed interest rates. Pandox’s Board establishes the risk mandate. The risk mandate is reflected in Pandox’s Financial Policy and ensures that the Company has access to long-term financing. The Financial Policy is updated annually by the Board of Directors. Pandox works closely with its lenders and external experts to ensure that the Company plans well in advance with respect to its financing requirements.
In connection with Pandox’s annual strategy and budgetary work the executive management team presents a chart of the Group’s top risks to the Board of Directors.
Control activities
To avoid errors, a number of control activities have been implemented to ensure that control objectives are achieved. Pandox’s most important financial processes, such as closing the accounts, consolidation, monitoring results and reporting, have been documented in a Financial Handbook. The control measures involve guaranteeing the quality of financial reporting.
Monitoring activities
Pandox monitors performance in relation to both operational and financial targets on a monthly basis. The performance follow-up meetings are attended by the CEO, CFO, Business
Intelligence, Group Accounting & Control and the heads of the business areas. Material differences are investigated immediately by the CFO and significant cases are reported to the Board. At least every quarter the Board follows up on any high risks identified. The Audit Committee always examines the external reports before they are published for the stock market.
These follow-up processes are the basis for guaranteeing the quality of Pandox’s financial reporting.
The CFO reports annually to the Board on internal control over financial reporting.
In addition to this, Pandox’s external auditors also examine the Company’s internal control over financial reporting and annual reporting, and perform a review of the third quarter interim report. Any shortcomings and/or errors identified by the auditors are reported to Pandox’s executive management or, in the case of more serious issues, directly to the Board.