Risk management
1
Group
approval
matrix
ERM
self-assessment 1
5
Continuous
policy
development and
implementation
Letter of
representation 1
Group-wide
Control
Activities
4
2
Basic
controls 1
Financial
control 1
Group-level
reporting
instructions and
framework
3
Business
controls
Audit,
risk and control
diagnostics 1
This illustration shows an overview of the key Group-wide control activities.
1 Described in further detail below.
Group-wide control activities
Internal control covers all divisions and subsidiaries
in the Group. Internal control activities are estab-
lished by policies and processes, which help ensure
that all management directives to manage risks are
executed. Controls are performed on several levels
within the organization and are established based
on the process concerned.
ERM self-assessment
Every major country throughout the Group
performs an annual self-assessment, which is a part
of the process to manage enterprise-wide risks. It
covers key risks, including financial reporting risks,
measures taken and compliance with Securitas
Group Policies and S
ecuritas Reporting Manual. An
example of an operational risk included in the self-
assessment package is assignment execution risk.
An example of a financial reporting risk is manage-
ment estimates. For further information, refer to
www.securitas.com.
The self-assessments promote control aware-
ness and accountability and are signed off by each
country president. The external auditor and / or
another internal or external resource validates the
answers to questions in the questionnaire deemed
to be risk areas for the selected reporting countries.
The answers are compiled at the divisional and
Group levels to support benchmarking within and
1
between divisions. Each reporting country is
responsible for acting on any deviations.
Basic controls
Detailed controls in financial reporting pro-
cesses such as revenue, payroll and IT, are included
as one component of S
ecuritas’ overall Group-wide
control structure called “basic controls”. Basic con-
trols set the minimum Group requirement with
regard to what needs to be in place based on risk
assessment. Supplementary controls ensure full
protection of the company’s assets and assure
accurate and reliable financial reporting tailored to
the entity’s company’s specific conditions. These
controls can include manual, application or general
IT controls.
2
Key areas covered:
• protection of company assets
• completeness and timeliness of customer invoicing
• credit collection procedures
• contract management
• HR / payroll
• IT
• business continuity planning
• validity of payments to third parties
• accuracy of general ledger
• timeliness and accuracy of Group reporting
• compliance with local requirements
Securitas Sustainability Report 2016
17