Internal control – financial reporting

ASSA ABLOY’s work on internal control regarding financial reporting aims to ensure reliable and accurate reporting in accordance with applicable laws, accounting principles, and external requirements. Internal control is an integrated part of the Group’s governance and follows established roles, processes, and guidelines.

Control environment

The Board of Directors has the overall responsibility for ensuring that the Group has an effective internal control system and approves key documents relevant to financial reporting annually. The Audit Committee oversees the control environment, continuously monitoringrisk management, internal control, and internal audit, including reported deficiencies andactions taken.

Financial reporting is governed by the ASSA ABLOY Accounting and Reporting Manual,which is applied across all entities in the Group. The reporting process is supported by common systems and defined reporting templates. ASSA ABLOY’s control framework includes mandatory controls to ensure consistent and reliable financial reporting throughout the Group.

Risk assessment

The Group conducts an annual structured identification and assessment of risks that mayimpact financial reporting. Risks are categorized and documented, with responsible riskowners designated within the organization. The assessment forms the basis for ASSA ABLOY’s Risk and Control Matrix (RACM), a comprehensive tool used to map and evaluate risks and corresponding controls. The RACM ensures that significant risks are managed through defined controls, helping to identify gaps and areas requiring mitigation. The results of the risk assessment are reported to the Audit Committee.

Control activities

Control activities consist of both Group-wide and local controls in financial and operationalprocesses. The RACM defines the minimum requirements for key controls across the Groupand is updated annually. These controls are implemented by responsible functions withindivisions and local entities to ensure that financial reporting is complete, accurate, and timely.

For outsourced activities, ASSA ABLOY ensures that external suppliers meet the Group’s internal control requirements, with follow-up conducted in accordance with established procedures.

Information and communication

Guiding documents, policies, instructions, and accounting principles are communicated to relevant employees through the Group’s intranet and other established communication channels. The Group ensures that relevant guidelines are accessible and that changes are communicated in a structured manner.

Monitoring

Internal control is monitored through a combination of Group-wide self-assessments andindependent reviews. Self-assessments (Internal Control Self-Assessment, ICSA) are conducted annually by divisions and local entities to ensure that controls are functioning as intended. ICSA is a process where each unit assesses its own internal controls, identifies any deficiencies, and takes corrective actions to ensure risks are effectively managed. Identified deficiencies are documented, action plans are established, and the status is monitored until corrective actions are completed.

The Audit Committee continuously monitors financial reporting, financial performance, andother control areas, receiving regular reports from both internal audit and external auditors.

Internal audit

Internal audit is an independent review function that reports functionally and administrativelyto the Group’s Chief Financial Officer as part of the ASSA ABLOY management structure.The function evaluates the effectiveness of the Group’s internal control, risk management, and governance processes and operates according to an annual risk-based audit plan.

The Audit Committee receives quarterly updates on the work of internal audit, includingconducted audits, recommendations, and the status of actions. During these meetings, internal audit also informs the Committee about the development of internal control within the Group.