The Board of Directors has the ultimate responsibility for operations and processes involving risk management and control at Swedbank. The foundation for Swedbank’s internal control is based on the bank’s culture as well as the organisational structure, policies and instructions established by the Board and executive management. In an overarching policy document, the Board has decided on the principles for internal control. Furthermore, Swedbank's CFO has issued a directive with guidelines specifically for internal control over financial reporting. This creates an environment that supports reliable and accurate reporting.

Internal audit

The purpose of Internal Audit’s work is to create improvements in operations by evaluating risk management, governance and internal control. Internal Audit is directly subordinate to the Board and is therefore a review function independent of the executive management. All of the bank’s activities and Group companies are the purview of Internal Audit, which evaluates whether the executive management, through the internal controls and governance
structures it has implemented, has ensured that (1) the controls in business operations are effective, (2) risk management processes are effective, and that (3) governance processes and the organisation are appropriate, functional and support the purpose of the business.

External audits

The external Auditor is an independent reviewer of the bank’s financial accounts who determines whether they are essentially accurate and complete and provide a fair portrayal of the bank and its financial position and results. Swedbank’s auditors are chosen by the AGM. The only accounting firm, appointed since 2007, is Deloitte AB, Sweden, with Authorised Public Accountant Patrick Honeth as Team Leader. Aside from Swedbank, he has auditing assignments for primarily the following companies: Bluestep Bank, Danske Bank, filial i Sverige, SBAB Bank, Skandiabanken, Sparbanken Rekarne, Svea Bank. Patrick Honeth has no assignments for other companies that affect his independence as an auditor of Swedbank.

Aside from its assignment as elected auditor, Deloitte has also performed audit-related services involving acquisition and accounting issues. Tasks closely associated with the audit normally do not pose a risk to the Auditor’s independence. In accordance with the bank’s policy, other consulting services by the Auditor are greatly restricted. To minimise the risk of a situation where the Auditor’s independence can be questioned, consulting services exceeding SEK 250 000 must be approved by the Audit Committee and may not commence until approval is received.