Internal control

The internal control regarding financial reporting shall ensure that the company’s financial reporting provides a fair reflection of the financial position. The board is responsible for internal control under the Swedish Companies Act and the Code. Cherry has transparent operations and established control systems.

The board annually adopts policy documents in the form of terms of reference for the CEO, a decision matrix for all companies in the Group, a finance and currency policy and risk management policy and procedures. The terms of reference for the CEO provide key instructions and clarify which decisions are taken by the board and which by the CEO. The finance and currency policy sets limits for financing and management of financial risks.

The board regularly evaluates the financial reporting received at board meetings covering profit and financial position, indebtedness, liquidity and other important aspects. Continuous dialogue takes place with the company’s auditor on the audit committee regarding the scope and quality of the company’s financial reporting and risk and internal control.

Control environment

The Board’s rules of procedure and the terms of reference for the CEO ensure a clear distribution of roles and responsibilities for management of the company’s risks. Decision lines, powers and responsibilities are defined through our decision matrix, which is decided by the Board of Cherry AB (publ) and applies to all the companies in the Group, as well as our Group-wide risk policy.

Other processes with a bearing on financial reporting are governed by Cherry’s Group-wide finance manual, financial and currency policy, insider policy and information policy.

Risk assessment

In conjunction with the Board’s strategy days, the Board evaluates the Group’s operational risks during the autumn of each year. Risks in financial reporting are likewise evaluated during the autumn by the audit committee. The conclusions drawn from these efforts set the basis for the design of internal control.

The principal operational risks at present are:

  • Compliance with the General Data Protection Regulation from May 2018
  • Refinancing and interest-rate risks
  • Regulatory risks

The most significant risks in financial reporting are:

  • Valuation of goodwill

Control activities

Control activities are formulated at Group and company level to manage the significant risks identified during the risk assessment. Control activities regarding operational risks are performed at local level in the subsidiaries. Control activities regarding risk in financial reporting are performed both at central corporate staff level and at local level in the subsidiaries.

Information and communication

Internal communication – primarily updated policies and the financial accounting manual – is kept available on our intranet for staff concerned. External communication takes place in accordance with our information policy.


Control activities concerning operational risks are followed up every six months. With effect from 2017, feedback to the Board takes place during the spring each year.

With regard to internal control of financial reporting, corporate staff, based on the specific risks of the different business areas in respect of financial reporting, in the spring of 2017 formulated specific internal control programmes, known as Minimum Internal Control Requirements (“MICR”) for each business area. Feedback on these takes place regularly every quarter and are also examined by the company’s auditor. Previously,feedback on internal control took place through the company’s auditor.