System of Internal control and risk management

Introduction

The purpose of internal control is to achieve an effective organisation that achieves the goals set by the board of directors. This means taking reasonable steps to ensure that the company's business is conducted appropriately and effectively and that laws and regulations are complied with. It also means providing reasonable assurance in relation to the reliability of the financial reporting. Catena Media has chosen to describe its internal control in accordance with COSO’s components: control environment; risk assessment; control activities; information and communication; and monitoring. The board of directors is responsible for internal control.

Control environment

The control environment is based on the distribution of work between the board of directors and its committees and the CEO. The control environment also includes the values that the board of directors and management have communicated and operate from. Management continuously establishes and assesses governing documents and the board of directors approves policies. Policies, procedures and process descriptions are distributed to and signed for by each staff member via Catena Media’s online compliance system. All employees have to formally sign off on the code of conduct and insider policy. Specific departments also need to sign off on policies and procedures relevant to them.

Risk assessment

The company operates a risk management process under which the business carries out an annual risk analysis. Risks are identified in the following categories:

  • Strategic risks
  • Operational risks 
  • Financial risks 
  • Investor relations and compliance risks

The goal of the risk analysis is to identify the primary risks to the company’s overall objectives and strategic direction and to evaluate the likelihood of the risk occurring during the planning period and its impact on goal achievement. Risk management efficacy should be taken into consideration. Each risk has a designated risk owner in the line organisation with the mandate and responsibility to ensure that measures and controls for managing the relevant risk have been implemented. The risk owner is also responsible for monitoring, follow-up and reporting of any changes to the risk exposure.

Management reports identified risks to the audit committee. Through the audit committee, the board reviews the company’s risk management framework and related processes, including risk assessments, the annual risk report and the top five risks in detail. This is to ensure that all significant risk areas are covered and that controls are implemented to mitigate identified risks. The company’s primary operating risks relate to the fast-changing environment that characterises the online sports betting and casino gaming industry and the rapidly evolving area of search engine optimisation.

Control activities

Catena Media has established a risk management procedure including a number of key controls that serve as a basis for the minimum level of control that must be established within the business’s processes. The control requirements are important tools and instruments for the board of directors to be able to manage and evaluate information from management and to take responsibility in relation to the identified risks. Catena Media places special emphasis on mapping and assessing the most significant risks relating to financial reporting to ensure correct reporting. As an example, intangible asset controls include a periodic impairment testing procedure to determine asset values and potential impairment. The effectiveness of each control is tested regularly through self-assessment.

Information and communication

Internal information and external communication are regulated by the communication and disclosures policy as well as the insider policy. Internal communication to and from the board and the CEO to staff is via a weekly newsletter and through internal communication tools such as Slack and Jira. Formal policies and procedures are issued on the compliance portal. The board receives regular financial reports on the group’s financial position and earnings trend. Meetings are also held at management level and at any level each entity finds appropriate.

Monitoring activities 

  • Annual review and approval of policies by the board
  • Annual risk analysis report to the board
  • Annual reporting of self-assessment control
  • Monthly/continuous follow-up and variance analysis of financial reporting figures

Internal audit

The company has no formal internal audit function but operates a risk management process including risk assessment, control requirements and control self-assessment process. The framework and self-assessment results are reviewed by management and reported to the board. The head of each area and function is responsible for carrying out the self-assessment. The audit committee and the board are responsible for ensuring compliance with established internal control principles. The audit committee has absolute freedom to call for an external review should it be deemed necessary. External advisors can also be commissioned to review particular areas and provide a second opinion to the board, should this be considered necessary. Moreover, a compliance function within the legal team liaises with the CEO and the chairman of the board. 

Division of roles within Catena Media – Internal control and risk management