Description of the main characteristics of the issuer’s internal control and risk management systems in connection with the financial reporting process

The internal control system of the financial reporting and reporting in the companies of Sopharma Group has been developed as a result of studies of good accounting and control practices in Bulgaria and of large pharmaceutical groups, as well as in compliance with national legal requirements, incl. for companies and groups listed on regulated markets. It is in a constant process of monitoring by the management and of further development and improvement.

Most of the parameters that will be provided in this document are from the practice of the companies with the most developed internal control systems, namely — "Sopharma" AD and "Sopharma Trading" AD.

The internal control system of the financial reporting and reporting of the companies in the Group are set of behavioral and technical principles, rules, means, procedures and control actions, which are specially developed and adapted to the specifics of the companies, its activities and reporting system. It is aimed at:

  • ensuring current monitoring and directing the reporting activities towards their goals and expectations of its various users, and achieving their necessary efficiency and effectiveness, incl. when using the borrowed resources; and
  • ensuring adequate and timely addressing of identified business risks that have an impact on financial, management and operational reporting.

In particular, it is designed to create leadership comfort that:

  • the companies in the Group comply with the applicable legal requirements in the field of accounting, reporting and other directly related areas and especially the requirements of the Accounting Act and International Financial Reporting Standards;
  • the Group follows the instructions and guidelines of the top management regarding the reporting and documentation;
  • there is the required efficiency and effectiveness of the financial and accounting process, incl. consolidation and documentary justification;
  • there is a high degree of security in the protection and maintenance of the assets of the companies in the Group, incl. and prevention of fraud and error; and
  • there is the provision of reliable, high-quality and timely financial and operational information for internal and external users.

The main components of the internal control system for financial reporting and reporting include:

  1. adoption and observance of the ethical principles and rules of conduct, which are adopted by the Code of Ethics of the employees in the companies of Sopharma Group and with regard to financial reporting and accounting and all related processes, procedures and actions of all staff of the company;
  2. development and determination of an optimal structure of units involved in the processes related to financial reporting, with clearly defined responsibilities and delegations, powers and obligations, incl. through developed written internal documents;
  3. developing policies for the selection, training and development of staff involved in accounting and financial reporting;
  4. development, implementation and maintenance of control procedures and rules for each stage of the processes related to accounting, financial reporting and reporting, with priority phased introduction of formalized written procedures;
  5. development of procedures for identification, monitoring and management of risks related to accounting, financial reporting and accounting, incl. the development of adequate measures and actions for their minimization; and
  6. development and maintenance of adequate organization of the information system, incl. controls for access, input, processing and retrieval of data, changes in the system, distribution of responsibilities of its employees, as well as storage and protection of the integrity and authenticity of data in the system.

Control environment

Ethical principles and rules related to the processes of accounting, financial reporting and accounting

The managements of the various levels of the companies in the Group has introduced and constantly monitor the observance of ethical values such as integrity, independence and objectivity as the foundations of the professional conduct of all persons involved in the processes related to accounting and financial reporting in the Group.

They are the framework against which the control environment is built and which have influenced the effectiveness of model design, administration and ongoing monitoring of other components of internal control in the field of accounting and financial reporting. Integrity and ethical behavior are a product of the established general ethical and behavioral standards of the companies in the Group. They are clearly communicated with all financial and accounting and control staff and they are constantly validated in practice.

The ethical principles that guide professional conduct that should be followed by all persons directly or indirectly involved in accounting and financial reporting processes are: objectivity; impartiality; independence; conservatism; transparency; methodological justification; consistency and use of independent experts. These principles are applied at all stages of financial reporting when: choosing an accounting policy; accounting closing; the preparation and application of accounting estimates and the preparation of public and management financial statements, other public reports and documents containing financial information.

Management bodies responsible for the individual components of the overall accounting and financial reporting process

Management bodies that have certain responsibilities and powers regarding the process of financial reporting and resp. other related processes are different for the Group companies. For the Group they include: the Board of Directors, the Audit Committee, the Chief Financial Officer, the Chief Accountant, the Head of the Reporting Department and the Head of the Internal Audit Department.

Their functions and responsibilities can be summarized as follows:

  • The Board of Directors accepts and confirms: the accounting policy and the changes in it for each reporting period, the developed accounting estimates as of the date of each reporting period, incl. the applied methodology; financial statements and other public documents containing financial information; the functions, organization and responsibilities of all structural units and their heads, engaged in the processes of and related to financial reporting; the development, implementation and ongoing monitoring of the functioning of the individual components of the internal control system, incl. the activity of the Internal Audit Department;
  • The Audit Committee independently monitors the implementation of the financial reporting processes, the applied accounting policies and the effectiveness of the internal control system of the company, incl. risk management, as well as the implementation and results of the external and internal audit;
  • The CFO is responsible for the overall organization, operation and ongoing control of accounting and financial reporting. He directly manages the whole process, makes all key decisions related to financial statements and other public documents with financial information. It also approves at the first level the accounting policy, the main reporting methodologies and evaluates and accepts the work of used independent experts (appraisers, actuaries, consultants, etc.) involved in the financial reporting process. He monitors on an ongoing basis, together with the Chief Accountant and the Head of the Reporting Department, the effects and risks on the financial statements of the identified business risks for the company;
  • The Chief Accountant organizes and manages the accounting activities of the company — controls and methodologically directs the current accounting, manages the preparation of financial and management reports; is responsible for the development and implementation of accounting methodologies and techniques; is responsible for the process of closing the accounts and preparing all accounting estimates, proposes and develops accounting policies and changes in them, monitors ongoing changes in IFRS. It is the direct contact with the used internal and external experts for the purposes of financial reporting;
  • The Reporting Department and its head carry out the overall organization, methodological support and implementation of the process related to the preparation of the consolidated financial statements of the company, incl. the current control, instruction, monitoring and analysis of the financial statements for the purposes of consolidation of the companies of Sopharma Group;
  • The Internal Audit Department performs ex-post control over the operations and activities related to the preparation of the company’s financial statements and compliance with the established internal controls over the individual routine and non-routine processes.

Policy and practice related to human resources in the financial and accounting departments

The companies of the Group have established policies and rules related to the management of human resources involved in the process of financial reporting and other processes related to it. These include imposed and implemented policies and procedures in the selection and appointment of such staff, aimed at education and professional experience, computer literacy and foreign language skills of the candidates.

Personnel management policies also include those related to the continuous additional professional training, updating and expanding the knowledge and skills of the employed specialists. It is obligatory to conduct trainings in case of changes in normative acts, IFRS, tax laws and others, directly related to their work. The purpose of this policy is to increase their expertise and improve their skills to increase efficiency in the performance of their duties.

Process of the Group for risk assessment related to financial reporting

The Board of Directors, the Audit Committee, the Chief Financial Officer and the Chief Accountant of the Group`s public companies have a key role in the process of continuous identification, monitoring and control of business risks, incl. to establish and control the effects of those of them that have a direct impact on individual processes and objects of accounting, financial reporting and reporting of the company. Together, they provide comprehensive monitoring of the risk management process.

Risk factors related to sound financial reporting include external and internal events, transactions and circumstances that may arise and adversely affect the entity’s ability to create, maintain and process accounting and operational data in a manner that ensures reliable financial statements, reports and reports. The following factors are defined in the Group as main:

  1. external risks are defined as: change in the business environment and the market environment of the companies and its main products; the activity of competitors; change in the legal and regulatory framework; changes in key suppliers or customers; unscrupulous or malicious actions by outsiders; rapid corporate growth and group growth; development of companies in which it holds significant investments in the form of participations and/or loans.
  2. the internal risks include: change of the technological base of the companies, the manner and intensity of use of its assets and resources; new products and activities; new accounting policies and IFRS; changes in the staff of the departments responsible for and/or financial reporting; changes in information systems; errors in work and/or insufficient knowledge or skills of staff, rapid expansion abroad; application of multiple estimates — in particular the application of fair values and the calculation of the recoverable amount of certain non-current assets, with the participation of external experts.

Risk factors that are recurring and/or related to the application of accounting policies and estimates are currently monitored by the chief accountant of the Group, who proposes management solutions and properly reflects their effects in the financial statements. The new risk factors are identified by the CFO of the Parent Company and are assessed and developed by him, together with the Chief Accountant and the Head of the Reporting Department. If necessary, the help of independent consultants is used, incl. and the application of new IFRSs. The general monitoring of the process of managing the risks related to financial reporting is carried out by the audit committee of the company.

Information system of the companies in the Group. Accounting Department — organization of the accounting function in the companies in the Group and the financial reporting process

Information System

information system of "Sopharma" AD includes infrastructure (physical and hardware components), software, people, procedures and data. In 2013, the Company implemented the Microsoft Dynamics AX ERP system. It covers all processes of sales, warehousing, master planning, production and accounting. The system has been adapted and implemented, taking into account the specifics of the company itself, but good practices have been borrowed from the pharmaceutical sector and other industries.

In addition to the main information system, the Company also uses the following systems: Hermes — human resources management system, which covers the entire management cycle related to planning, evaluation, remuneration and human capital development in "Sopharma" AD. The connection between them is that Hermes data is entered into Microsoft Dynamics AX. The quality of information generated by Microsoft Dynamics AX and other products provides significant opportunities for management to make adequate, reasonable and timely decisions in the management and control of activities for the preparation of various financial and management reports and other public documents with financial information.

The information system of "Sopharma Trading" AD includes infrastructure (physical and hardware components), software, people, procedures and data. The company started in 2014 the phased implementation of the SAP ERP system. It covers all major transaction processes in the Company. The system has been adapted and implemented, taking into account the specifics of the Company itself, but good practices have been borrowed from the pharmaceutical sector and other industries.

In addition to the main information system, the Company also uses the following systems: FM + transport planning and management, mobile application for driver management (on SAP mobile platform), KNAPP WMS and SAP WMS — warehouse management, SAP Hybris — online management sales, Hermes — HR management. The connection between them is made through interfaces. The quality of the information generated by the ERP system SAP and other products provides significant opportunities for the Management to make adequate, reasonable and timely decisions in the management and control of the activities for the preparation of various financial and management reports and other public documents with financial information. Given the smaller scale of the other companies in the Group, each of them uses software appropriate to its needs. The information system relevant to the objectives and process of financial reporting covers methods and documentation that:

  • identify and reflect all valid transactions and operations;
  • describe transactions and operations in a timely manner in sufficient detail to enable them to be properly classified for financial reporting purposes;
  • assess the value of transactions and operations in a way that reflects their appropriate monetary value in the financial statements;
  • determine the time period during which the transactions and operations have occurred in order to allow their recording in the appropriate accounting period;
  • present the transactions and operations and related disclosures in the financial statements in accordance with the requirements of the reporting framework.

The "Information Technology" Department is responsible for the risk-free functioning of the information system in the Parent company and in "Sopharma Trading" AD — "Business and Technological Development". In each of the companies in the Group was established "Information technology" department, which is responsible for the smooth functioning of the different types of software.

Accounting Department — fulfillment of the accounting function and key role in the financial reporting process

The Accounting Department of the Parent Company is directly subordinated to the Executive Director. It is headed by a chief accountant. It consists of: Deputy Chief Accountant, and heads of sectors and operational accountants. Structurally, it consists of the following sectors: fixed assets, materials, cost, sales, foreign exchange operations, lev operations, wages. According to its functional characteristics, it covers and fully implements the accounting function in the Company, internal accounting control and preparation of financial statements.

His responsibilities include the correct and consistent application of the developed accounting policies, the development and implementation of an internal chart of accounts; accounting methodologies, current accounting; current accounting analysis and control of reporting data and documentation; summarizing and classifying the reporting data for the purposes of the financial statements; the preparation and/or processing of the input data for the accounting estimates together with the engaged experts, as well as the reporting of established deviations and discrepancies to the Financial Director; and compliance with regulatory requirements in the field of accounting, taxes and other related areas.

The accounting department of "Sopharma Trading" AD is managed by a chief accountant, who is directly subordinated to the Financial Director. Structurally, the accounting department consists of two structural areas: 1) accounting of Sopharma Trading, which involves one deputy chief accountant and 8 operational accountants and 2) group accounting, which involves one senior accountant and 1 operational accountant. The financial and accounting operations of the company in Serbia and in the Retail segment in Bulgaria are taken care of by two separate accounting teams.

In each of the companies in the Group there are respective structures that ensure the good functioning of both the company itself and the control of its financial and accounting activities.

The accounting policy of the Parent Company and the Group, respectively, for the purposes of preparing the consolidated financial statements, is subject to annual approval at two levels — by the Financial Director and the Board of Directors of the Parent Company. The most important aspects of it, necessary for the correct understanding of the financial statements, must be disclosed.

The choice of the reporting framework is defined on the basis of the requirements of the Accounting Act. The company applies the International Financial Reporting Standards (IFRS) adopted by the European Union. Ongoing control over the proper application of IFRS is performed by the Chief Accountant, the Chief Financial Officer and the Audit Committee. Additional confirmation of the correctness of the application is received from external auditors.

The preparation of the financial statements of the Parent Company for public use is the result of a complete process of accounting closing of the reporting period. This process is formalized through documents and rules adopted by the Management. They are related to the performance of certain actions and procedures, and resp. the preparation of certain documents by persons from the Accounting Department or by other officials and these actions and procedures are aimed at: carrying out inventories; analysis of accounts; sending confirmation letters; determining best estimates such as depreciation, revaluation, impairment and accruals based on reasonable assumptions, consolidation and classification of accounting data; studies and analyzes of certain legal documents (contracts, lawsuits, opinions of legal advisers); studies and evaluation of expert reports (appraisers, actuaries, internal auditors, other internal experts and officials); preparation of reports and financial packages for consolidation; preparation, analysis and discussion of draft financial statements.

The closing process is led directly by the Chief Accountant and Head of Reporting Department, with the CFO monitoring and finalizing key issues related to the recognition, classification, valuation, presentation and disclosure of certain items, transactions and events, and the overall presentation of the financial statements — individual and consolidated financial statements of the Parent Company.

Control activities

The control actions, which are envisaged in the developed and implemented internal controls by processes, include: reviews of the implementation and the results of the activity; information processing; physical controls and division of duties and responsibilities.

The general controls related to financial reporting can be categorized as procedures related to current and periodic reviews and analyzes of financial indicators and the input data for them, through which the performance and results of the company’s activities are presented in the financial statements.

These, in turn, include such reviews and analyzes of actual reported performance data against budgetary, forecast, previous periods and industry. Such financial analyzes are performed with the QlikView platform — upgrading the ERP system Axapta 2009. They can usually contain proposals for optimization or revision of certain budgets.

The controls assigned to the Parent Company’s information systems cover both the controls of the application programs and the general IT controls, which are policies and procedures that help to ensure the continuous proper functioning of the information systems. The typical controls on the application programs that are set are: checking the mathematical accuracy of records, maintaining and reviewing accounts and turnover sheets, automated controls, such as input checks and checks on the sequence of numbering and non-automatic tracking of exception reports. Common IT controls include: program change controls, controls that restrict access to programs or data, controls on the deployment of new releases of bundled software applications, and controls on system software that restrict access or ongoing monitoring of the use of system utilities that could change financial data or records without leaving a trace for follow-up.

At "Sopharma Trading" AD the general controls relevant to financial reporting can be categorized as procedures relating to ongoing and periodic reviews and analyses of financial performance and inputs that are used to present the performance and results of the Company’s operations in the financial statements. These, in turn, include such reviews and analyses of actual reported performance data against budget, forecast, prior period and industry data. Such financial analyses are performed using the SAP ERP and SAP Bl platform.

For management purposes, separate forms have been established and approved under which monthly reports are prepared. The reports contain actual and budget figures, analysis of variances, comparison of current with previous period. They may also normally contain proposals for optimization or revision of certain budgets.

Most of the Group companies have an Information Technology department responsible for implementing control activities.

The applied physical controls of the companies of the Group include:

  1. measures for the physical security of the assets — secure facilities and premises, as well as special conditions for access to assets and documents;
  2. a special procedure for granting access to computer programs and data files;
  3. periodic inventories — procedures for organizing and conducting inventories by physical counting /weighing/ sending appropriate letters for confirmation and comparison with the amounts reflected in the control inventories and accounting documents/registers. Procedures have been introduced for the timely analysis of the results of the inventories, development of solutions for their accounting and resp. approval by the Executive Director.

The developed and implemented procedures for management, organization and implementation of the main routine processes (supplies and sales), as well as for the processes of preparation and acceptance of complex estimates (depreciation, impairment, revaluation, actuarial calculations and long-term provisions) also provide internal controls. They are aimed at: authorization of the individual operation and the issued primary documents; review and verification of the issued documents and the assets involved in the operation; subsequent recalculation and comparison with other documents (contracts, applications, confirmations, price lists, etc.) and persons, as well as the division of duties and responsibilities of the participating officials at each step of the process, to ensure mutual control between them, as and to reduce the possibility of allowing a person to be in a position to both commit and conceal errors or fraud in the normal course of his or her duties.

The Group is in the process of constantly expanding the formalized control procedures and activities.

Ongoing monitoring of controls

An important priority goal of the management of the companies in Sopharma Group, in the person of the CFO is to establish and maintain continuous and effective internal control. Ongoing monitoring of controls by management includes an assessment of whether they are operating as intended and whether they are being modified in an appropriate manner to reflect changes in conditions. Ongoing monitoring of controls may include activities such as management review of whether internal management reports are being prepared in a timely manner and whether key data in them are in line with third-party confirmation and its projections, and internal auditors’ assessment of compliance with policies and procedures. on the implementation of routine processes (sales and deliveries) by the staff employed in them, incl. the set internal controls, incl. and in comparison with the contracts with the counterparties, as well as supervision over the observance of the ethical norms or the policy for business practice by the legal department of the companies and the department for relations with the investors. Ongoing monitoring is carried out to ensure that controls continue to be effective over time.

Internal auditors, as well as other staff performing supervisory, monitoring or control functions, incl. the accounting department and the reporting department also contribute to the ongoing monitoring of internal controls over the company’s processes through their assessments of individual controls or groups of controls. They usually provide such information periodically, in the course of their duties and functions, and their assessments of the functioning of certain internal controls, focusing considerable attention on assessing their effectiveness, communicating with relevant persons information on identified strengths and weaknesses of internal controls and make recommendations for their improvement.

Ongoing monitoring activities include the use of external information that identifies problems or identifies areas for improvement. Such countries are customers, suppliers and servicing banks. In addition, the regulatory body, represented by the FSC, may also communicate with the company’s management issues that affect the functioning of internal control, for example, exchange of information directly monitored by the Commission related to the implementation of certain actions or transactions of the company or inspections from the FSC itself. Also, in the implementation of ongoing monitoring activities, the management always takes into account the communication with the external auditors related to the internal control and the identified weaknesses and recommendations.