The board of directors and the company’s management attach great importance to the quality of the control functions, and this is reflected in StatoilHydro’s management and control systems.
Risk management
In order to handle the various market risks, StatoilHydro has developed a comprehensive model that is used to optimise risk exposure and returns.
In StatoilHydro, risk management is divided into three categories:
• Risk that can be covered through insurance and which is managed by StatoilHydro’s own insurance company.
• Tactical risks defined as short-term trading risks based on underlying exposure and which are managed by the line management.
• Strategic risks that are long-term fundamental risks, and which are monitored by the company’s group risk committee, which gives advice and makes recommendations to the corporate executive committee.
The company has a separate group risk committee which is chaired by the chief financial officer. The committee meets once a month to consider and adopt the company’s strategies for risk management.
Internal control
StatoilHydro applies the framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in its work on internal control relating to financial reporting. Pursuant to this framework, internal control consists of five interrelated components: the control environment, risk assessment, control activities, information and communication, and follow-up.
The control activities that have been established in connection with financial reporting are based on a formalised process for risk assessment. The risk assessments are carried out with the focus on the risk of material errors in the financial reporting and the risk of dishonesty. The control activities are enshrined in governing documents. Responsibility in connection with internal control relating to financial reporting is clearly defined and communicated to relevant personnel at both the management level and operational level.
The follow-up of internal control in connection with financial reporting takes place through management’s day-to-day follow-up, through the process owners’ follow-up and through independent testing by the corporate audit entity. Non-conformities are systematically followed up and corrective measures initiated. StatoilHydro is in the process of implementing system support for all management levels in relation to their continuous follow-up of internal control. This is being done in the same system in which the management keeps other relevant management information. The corporate audit entity has established a separate department which is responsible for testing internal control in connection with financial reporting.
The board’s audit committee and the corporate executive committee follow up internal control in connection with financial reporting through quarterly reporting from the corporate audit entity, and through other reporting as required. The CFO, head of the corporate audit entity and representatives of the external auditor attend meetings of the audit committee on a regular basis.
| Pursuant to section 404 of the Sarbanes-Oxley Act, StatoilHydro’s management, represented by its CEO and CFO, must issue an annual statement confirming StatoilHydro’s internal control in connection with financial reporting. The company’s external auditor issues a corresponding confirmation. |
Published 2007-09-02, 15:01 CET | Updated 2007-10-16, 22:59 CET
