Roles and Responsibilities Regarding Risk Management and Internal Control
The key roles and responsibilities regarding the Company´s internal control and risk management are defined as follows:
Board of Directors
The Board of Directors is ultimately responsible for the administration and the proper organization of the operations of the Company. According to good corporate governance, the Board also ensures that the Company has duly endorsed the corporate values applied to its operations. The Board approves the internal control, risk management, and corporate governance policies. The Board establishes the risk-taking level and risk-bearing capacity of the Company and re-evaluates them regularly as part of the strategy and goal-setting of the Company. The Board reports to the shareholders of the Company.
Audit Committee is responsible for the following internal control related duties:
- to monitor the reporting process of financial statements;
- to supervise the financial reporting process;
- to monitor the efficiency of the company´s internal control, internal audit, if applicable, and risk management systems;
- to review the description of the main features of the internal control and risk management systems pertaining to the financial reporting process, which is included in the company´s corporate governance statement; and
- to monitor the statutory audit of the financial statements and consolidated financial statements.
More detailed descriptions of how the Audit Committee is fulfilling its monitoring role are defined in the Committee´s annual plan. The Audit Committee reports to the Board of Directors of the Company.
Chief Executive Officer
The CEO is in charge of the day-to-day management of the Company in accordance with the instructions and orders given by the Board. The CEO sets the ground for the internal control environment by providing leadership and direction to senior managers and reviewing the way they are controlling the business. The CEO is in charge of the risk management process of the Company and its continuous development, allocation of resources to the work, review of risk management policies as well as defining the principles of operation and the overall process. The CEO reports to the Board on risk management as part of the monthly reporting. The CEO and the Management Group, which operates under the CEO, are responsible for the management of risks endangering the fulfillment of objectives set for the Company.
The members of the Management Group are responsible for internal control implementation in their responsibility areas. More specific internal control policies and procedures are established within the principles set by the Board and CEO. Additionally, the management of the subgroup and the Group Management is responsible for implementing risk management practices in the planning cycle and daily operations and ensuring adherence of:
- internal policies; and
- ethical values in their designated responsibility areas.
- ensures a setup of adequate control activities for product and service areas in cooperation with the business management;
- follows the adequacy and effectiveness of control activities; and
- ensures that external reporting is correct, timely and in compliance with regulations.
The finance function does not have a separate internal control function. CFO reports any supervisory findings to the Audit Committee.
The CLO ensures that the Group´s corporate governance practices comply with the law and that legal matters of the Group are handled appropriately, in particular the contractual risks relating to business operations.
The Company has no specific internal audit organization. This is taken into account in the content and scope of the annual audit plan. On one hand, external auditing focuses on specific areas in turn to be audited, and on the other hand, on separately agreed priority areas.