corporate governance

1. Board of Directors

Visma is owned by five funds; Hg and co-investors own 60,4%, GIC owns 15,5%, Intermediate Capital Group owns 7.2%, Montagu owns 5.8% and CPPIB owns 5.0%. A broad management group owns approximately 6.2 % of the shareholder equity in Visma. In addition, key shareholders have co-investors comprised of large Nordic and international pension funds.

The board's responsibility

The overall responsibility of the board is to monitor and supervise Visma's daily operations, and the implementation of a corporate strategy. This strategy is created annually.

The board meets on a monthly basis.

Composition of the Board of Directors

The board currently consists of 8 members (6 members and the chairman). These are representatives from the owners of Visma and Visma's CEO. The Board's members are elected by the stakeholders through the Annual General Meeting and are elected for a period of one year.

Board members

Øystein Moan (Chairman)

Merete Hverven

Nic Humphries

Jean-Baptiste Brian

Mads Hansen

Edward Shuckburg

Vinit Nagarajan

Timo Larjomaa

The Chairman of the Board

The Chairman of the Board has the responsibility to organise the overall work of the board and secure high quality and efficiency in all stages of the board's work.

Criteria for board members

Criteria for becoming a board member is decided through a joint legally binding agreement between Visma's owners.

Independence of the board

The composition of the board should reflect the company's ownership structure.

The composition of the board also ensures that it is able to operate independently of special interests. Each of the owners has members on the board.

Compensation

Compensation of the board is decided by the remuneration committee. The Board's remuneration is not performance-related. Further details about the remuneration of the board can be found in the annual report.

Self-evaluation The board will conduct an annual self-evaluation to identify potential issues relating to the Board and management's procedures, performance, and effectiveness.

More information about the members of the board can be found here.

3. Annual general meeting

The shareholders exercise the highest authority in Visma through the Annual General Meeting. The Annual General Meeting is open to all shareholders, and all shares carry equal voting rights. All shareholders may participate in person or through a proxy. There are no limitations on ownership or shareholders' agreements.

The Board of Directors strives to ensure that the Annual General Meeting is an effective forum for communication between shareholders and the Board. The agenda is decided by the Board, according to the Norwegian Public Limited Liability Companies Act and Visma's Articles of Association. The notice calling the Annual General meeting is distributed to the shareholders no later than 14 days before the meeting, as required by Norwegian law. The notice includes all the necessary information for shareholders to form a view on the matters to be considered, including the deadline for notice of intention to attend and a proxy form.

5. Equity and dividend policy

Transactions with close associates

In the event of substantial transactions between Visma and any of its Board members, executive management or close associates of these parties, the Board will arrange for a valuation from an independent third party, unless the transaction is subject to approval by the Annual General Meeting.

The Board will also arrange for an independent valuation of transactions between companies in the Visma Group if any of the companies have minority shareholders.

Equity

Visma is growing rapidly through acquisitions and needs a strong and liquid balance sheet. The company's most important assets are goodwill associated with Visma's business and software. The intellectual assets in a software company are primarily of value as long as the company is doing well and is financially independent – therefore, Visma needs a higher level of shareholder equity than companies in more traditional industries.

Visma's business activities are, by nature, relatively capital-light in terms of capital expenditure requirements in physical assets, although the organic growth of the company entails increasing working capital requirements. Since Visma is also growing inorganically through acquisitions, Visma seeks to retain a capital buffer to maintain its investment flexibility.

Dividend Policy

The dividend capacity is evaluated annually by the Board of Directors, based on the need to secure the company's stable development, and the requirements for sound equity capital as well as for adequate financial resources to enable future growth. Under Norwegian regulations, dividends are taxable for foreign shareholders, and the company is obliged to deduct tax at source.

Capital increase

Since Visma was taken off the stock exchange in 2006, the Annual General Meeting has granted the board mandates to increase the share capital for defined purposes only. All mandates are limited in time until the following Annual General Meeting. In addition to the stability of the principal owners, key shareholders have co-investors comprised of large international pension and investment funds.

7. Risk management and internal control

Visma is divided into several legal entities, with different products, customers and contracts. Thus, it is important for the Visma Group and its management that each legal entity has a close relationship to the risk in its own business.

Contractual risk

Visma Group is divided into several legal entities, which reduces contractual risk. According to the Group policy, the managing director in each Visma entity produces a monthly report. Risks are, amongst others, assessed here. In addition, monthly board meetings for each legal unit are held.

For large projects, formal steering committees are established with participants from both divisional and top management.

Financial risk

As a leveraged company, Visma has debt service obligations and depends on steady cash flow. Since the company has very limited COGS, it hardly carries any inventory. Visma has strict principles for income recognition, and the main cash flow risk is related with EBITDA performance. As long as Visma has sufficient EBITDA, the risk of a shortfall in the cash flow is limited. Visma manages its cash through a multi currency-, real-time cash management system. This system is managed by the CFO of Visma, and makes it possible to monitor and control large cash flow movements.

Like most companies, Visma is exposed to general market conditions and developments in GDP in its key markets. In addition, Visma is a technology company and, as such, exposed to risks associated with rapid changes in technology and strong competition. The competition can be divided into two categories, large international companies and smaller local players. It is a constant struggle to protect and gain market share. All units of Visma have numerous local specialised competitors, but while some of these may be aggressive in certain areas, their potential impact on the Visma Group as a whole is limited.

Cybersecurity and privacy

Today, the most significant risks that IT-companies are facing are cyber threats and threats against customers privacy rights and freedom. Thus, Visma has invested heavily in both areas.

Visma has extensive security and privacy policies. In addition, Visma has security and privacy teams on management, divisional and company levels.

More information about security and privacy can be found here.

Certifications

In Visma, the division Visma IT & Communications (VITC) has the responsibility for core operation for companies in the Visma Group. This includes migrating services to and maintaining the agreements with our public cloud providers and other key service providers, crucial for companies in, and customers of Visma.

Because of VITC's crucial position in the Visma Group, the company is certified to ensure that the high standards expected from Visma Group and our customers are met. Here is an overview of the current certifications:

ISO-Standards:
ISO 9001 - Quality Management System
ISO 14001 - Environmental Management System
ISO 20000 - IT Service Management System
ISO 21500 - Project Management System
ISO 27001 - Information Security Management System
ISO 27018 - Privacy compliance in cloud

ISAE-Standards:
ISAE 3402 specific controls Change Management, Access Management, Security, Operations
ISAE 3000 Security controls
ISAE 3402 specific controls