Risk management

Bonava’s internal control system is designed to manage risks and ensure a high degree of reliability in the processes surrounding the preparation financial statements, ensure compliance with applicable accounting standards and handling operational risks. Bonava complies with the Committee of Sponsoring Organisations of the Treadway Commission’s (“COSO”) framework for evaluating a company’s internal control, “Internal Control—Integrated Framework.” The Framework includes the following five components: control environment, risk assessment, control activities, information and communication, and follow-up.

The Board of Directors monitors and ensures the quality of the company’s internal control in accordance with the Board’s Rules of Procedure and instructions to the Audit Committee.

Bonava has established a central Risk Committee and introduced an annual cycle for systematic risk assessment and internal control reporting for financial and non-financial risks.

The Risk Committee comprises the company’s CFO, General Counsel, Group Head of Strategy & Analysis, Group Head of Sustainability, and the Group Head of Risk and Compliance. At the beginning of each cycle, the company performs and assessment of probability and impact of the most relevant financial and non-financial risk types. The result of this assessment is then considered in the annual update of minimum control requirements. Minimum control requirements are sets of internal controls that are common for all Business Units and for the Group functions. All internal controls have clearly defined control owners to facilitate responsibility and accountability.

The effectiveness of the internal controls that form in the minimum internal control requirements is assessed by all Business Units and Group functions. The assessments results including evidential documentation are reviewed by the Risk Committee which provides feedback to ensure completeness and a consistent approach of the internal control reporting.

Actions to address areas of improvement that have been identified in the internal control report process are regularly followed-up by management and the Risk Committee.

The outcome of the risk management process is compiled in an annual Risk and Compliance Report that is presented to the Audit Committee and Board of Directors.

The minimum internal control requirements cover the following areas of Bonava’s operations and comprise around 200 individual internal controls for the Group functions and 160 individual controls for the Business Units.

  • Management
  • Strategy
  • Controlling
  • Accounting
  • Treasury
  • Legal
  • Personnel
  • Communication & Investor relations
  • Human Resources
  • Project & Change Management
  • IT
  • Sustainability
  • Health & Safety
  • Project Development
  • Procurement
  • Design & Production
  • Customer Service