System of Internal Control and Risk Management


The purpose of internal control is to achieve an effective organisation that achieves goals set by the Board of Directors. This means to a reasonable extent ensure that the company's business is conducted appropriately and effectively, that laws and regulations are complied with and to provide reasonable assurance in relation to the reliability of the financial reporting. Catena Media has chosen to describe the work on internal control in accordance with COSO’s components: control environment, risk assessment, control activities, information and communication as well as monitoring. The Board of Directors is responsible for internal control of the company.

Control Environment

The control environment is based on the distribution of work between the Board of Directors and its committees and the CEO. The control environment also include the values that the Board of Directors and the management have communicated and are operating from. Governing documents are established and assessed on a continuous basis by management and policies are approved by the Board of Directors.   Policies, procedures and process descriptions are distributed to and signed for by each staff member using Catena Media’s online compliance system. All employees have to formally sign off the Code of Conduct and Insider Policy, while specific departments also need to sign off on policies and procedures relevant to them.


Risk assessment

Catena Media follows a process for risk management where the business annually carries out a risk analysis. Risks are identified in the following categories:

  • Strategic risks
  • Operational risks 
  • Financial risks 
  • IR/Compliance risks

The goal of the risk analysis is that the greatest risks that threaten the company’s overall objectives and strategic direction are identified and evaluated in relation to the likelihood of the risk occurring during the planning period as well as its impact on the goal achievement. How well the risks are managed should be taken into consideration. Each risk has a designated risk owner in the line organisation with the mandate and responsibility to ensure that measures and controls for managing the risk have been implemented. The risk owner is also responsible for monitoring, follow-up and reporting of any changes to the risk exposure. Management reports the identified risks to the Audit Committee. Through the Audit Committee, the Board reviews the company’s risk management framework and related processes, including risk assessments, the annual risk report and the top 5 risks in detail. This is to ensure that all significant risk areas are covered and that controls are implemented to mitigate the identified risks. The company’s largest operational risks are related to the quickly changing environment that characterises the gaming industry specifically and the rapidly evolving area of search engine optimisation in general.

Control Activities

Catena Media has established a risk management procedure including a number of key controls that serve as a basis for the minimum level of control that must be established in the business processes. The control requirements are important tools and instruments for the Board of Directors to be able to manage and evaluate information from the management and take responsibility in relation to the identified risks. Catena Media has placed special emphasis on mapping and assessing the most significant risks relating to financial reporting to ensure correct reporting. As an example, intangible asset controls include the periodic impairment testing procedure in order to determine return and potential impairment. The effectiveness of each control is tested regularly through self-assessment.

Information and Communication

Internal information and external communication are regulated using the Communication and Disclosures Policy as well as the Insider Policy. Internal communication to and from the Board and the CEO to the staff is conducted through the weekly newsletter and internal communication tools such as Slack, Jira. Formal policies and procedures are issued on the compliance portal. The Board of Directors regularly receives financial reports on the Group’s position and earnings trend. Within the company meetings are held at the management level, then proceeding to the level each entity finds appropriate.

Monitoring activities; 

  • Annual review and approval policies by the Board of Directors.
  • Reporting of risk analysis once per year to the board of directors.
  • Reporting of control self- assessment yearly.
  • Monthly / continuous follow-up and variance analysis of financial reporting figures.


Internal audit

Internal Audit There is no formal internal audit function within the company, although Catena Media has implemented a risk management process including risk assessment, control requirements and self-assessment process for controls. The framework and Self-Assessment results have been reviewed by management and reported to the Board. The head of each area and function within the company has a responsibility to carry out the self-assessment while the Audit committee bears the responsibility together with the Board to ensure compliance with established principles of internal control. The Audit Committee has absolute freedom to call for an external review of certain areas of the company should it be deemed necessary. For ad hoc assignments, external advisors can be commissioned to review particular areas for a second opinion to the Board, should this be considered necessary. Moreover, the company has a Compliance function within the legal team that liaises with the CEO and the Chairperson. 

Division of roles within Catena Media – Internal control and risk management

Board of DirectorsUltimately responsible for reviewing risks and controls
within the Catena Media Group of companies.
Audit CommitteeReporting results of audit meetings to the Board
as well as initiating reviews where necessary.
Remuneration CommitteePreparing the Board’s decisions regarding remuneration principles, remuneration
and terms of employment of the CEO and guidelines for remuneration and terms
of employment for group executive management position holders and the CEOs of subsidiaries.
Additionally, the committee is tasked with preparing proposals for incentive programs.
M&A CommitteeReviewing potential acquisitions and making proposals to the Board of Directors.
Group ManagementOperationally responsible for controls being put in place to mitigate identified risks.
Ensuring there are policies and procedures in place, as well as ensuring that employees have
sufficient knowledge of internal control.
CFOOperationally responsible for the financial reporting including ensuring sufficient
internal control in the financial reports.
Country ManagersResponsible for implementing and following-up on policies that apply to their markets.
EmployeesResponsible for day-to-day as applicable to their specific roles and for reviewing the controls as applicable.