Internal controls and risk management for
financial reporting in 2010

The report on internal control related to financial reporting for financial year 2010 was prepared and submitted by the Board in compliance with the Swedish Code of Corporate Governance and the guidelines drawn up by FAR SRS and the Confederation of Swedish Enterprise and through the application of the instructions for 2007 issued by the Swedish Corporate Governance Board. The report describes how internal control related to financial reporting is organised. This year’s report is presented below.

Internal control

Billerud has set the following goals for its internal control.

1. Compliance with regulations

Internal control shall ensure that Billerud complies with applicable laws and regulations.

2. Financial reporting

Internal control shall ensure that Billerud’s financial reporting is reliable and provides managers, the Board and shareholders with information adequate for assessing the Company’s development.

3. Operational activities

Internal control shall ensure that the Company’s operational activities are effective, efficiently organised and performed in such a way that the risk of the business not achieving its financial and operational targets is assessed and dealt with continually. To achieve these goals, work is carried out in a process based on the framework for internal control published by the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). The process includes a control environment that provides the discipline and structure for the other four components in the process: risk assessment, control activities, information & communication, and monitoring, which are described in more detail below.

The process is governed at the overall level by the Board and audit committee and at an operational level by the CEO, senior management team and other staff. The process pays special attention to ensure that the application of internal controls achieves a balance between the control activities and the development of an effective control environment with individual accountability throughout the organisation.

Priority areas in 2010

During financial year 2010, work on internal control focused on the development of a common accounting model and account code structure for the Swedish units and a common accounting system. The development of uniform routines and common working methods, as far as possible.

Financial reporting

• Development of a common accounting model and account code structure for the Swedish units and a common accounting system. The development of uniform routines and common working methods, as far as possible.

Operational risks

• Further development of processes and the organisation for production.

External financial reporting

The following report has been prepared in accordance with the Swedish Code of Corporate Governance and current instructions to the Code and constitutes the Board’s report on internal control for financial reporting. The purpose of internal control for financial reporting is to provide suitable safeguards as to the reliability of external financial reports in the form of interim reports, year-end reports and annual reports, and to ensure that external financial reports are prepared in compliance with all laws, applicable accounting standards and other requirements for listed companies.

Control environment

Solid internal control is basic to the proper functioning of the Board. The rules of procedure for the Board and Board committees as well as the instructions for the CEO are intended to establish a clear division of roles and responsibilities that will facilitate the efficient management of risks identified in operations. The Board has also established a series of fundamental policies significant to internal control activities, such as accounting and reporting instructions, a finance policy and financial goals, and has adopted a suitable organisation, including the Company’s senior management team. The senior management team reports regularly to the Board based on predetermined procedures. The audit committee also reports to the Board. The senior management team is responsible for ensuring that internal control is implemented as necessary to manage significant risks in day-to-day activities. This includes guidelines for how the individual employee shall understand his or her role in maintaining good internal control.

Risk assessment and control activities

The Company uses a model for assessing the risk of errors in financial reporting and continually monitors items where there is special risk for material error. An assessment was performed at the end of 2010 and is discussed in “Risk management and sensitivity analysis” and in note 32 of the 2010 annual report.

Information and communication

Key guidelines, manuals and the like that are significant to financial reporting are kept up-to-date and communicated continually to the staff involved. Both formal and informal information channels carry important information from staff to the senior management team and the Board. Guidelines for external communication ensure that the Company meets the strict requirements on accurate information for financial markets.

Monitoring

The audit committee prepares information that the senior management team and auditors submit prior to the Board’s assessment. The audit committee’s tasks include ensuring, on behalf of the Board, that actions are taken concerning the errors and proposed actions identified in the external audit.

Internal audit

Considering the monitoring performed by the accounting and controller organisation and the organisation for internal control, the Board has decided that a special internal audit or review function is not necessary at present.