Internal Control and Risk Management
The board’s responsibility for internal control is regulated in the Swedish Companies Act, the Annual Accounts Act – which contains requirements that information on the most important elements of the company’s system for internal control and risk management in connection with financial reporting shall be included in the corporate governance report each year – and the Code. The board of directors shall, among other things, ensure that the company has good internal control and formalised procedures that ensure compliance with established principles for financial reporting and internal control, and that there are appropriate systems in place for monitoring and controlling the company’s operations and the risks associated with the company and its operations.
The overall purpose of internal control is to ensure to a reasonable degree that the company’s operational strategies and goals are followed up and that the owners’ investments are protected. Internal control shall also ensure that the external financial reporting with reasonable assurance is reliable and prepared in accordance with generally accepted accounting principles, that applicable laws and regulations are complied with, and that requirements for listed companies are complied with.
The control environment forms the basis for internal control, which also includes risk assessment, control activities, information and communication, and follow-up. These components are described in more detail below.
Control environment
The company’s overall control environment follows Nasdaq’s guidance for internal control. The board of directors has the overall responsibility for the internal control of the financial reporting. In order to create and maintain a functioning control environment, the board of directors has adopted a number of policies and governing documents that regulate financial reporting. These mainly consist of the rules of procedure for the board, instructions for the CEO, instructions for committees established by the board of directors and instructions for financial reporting. The Board has also adopted a special instruction for evaluating internal control, an authorization manual and a finance policy. The board of directors has furthermore established an Audit Committee whose main task is to ensure the fulfilment of the Board’s supervisory responsibilities regarding internal control, internal audit and risk management linked to financial reporting, prepare matters regarding the procurement of auditing and other services from the auditor and prepare certain accounting and audit matters to be considered by the board.
In addition to internal follow-up and reporting, the company’s external auditors report to the CEO and to the board of directors during the financial year. The auditors’ reporting gives the board a good understanding and a reliable basis regarding the financial reporting in the annual report.
Risk assessment and control activities
The risk assessment includes identifying and evaluating the risk of material errors in the company’s business processes, which among other things includes accounting and reporting at group and subsidiary level, personnel and payroll management, etc. Risk assessments are carried out on an ongoing basis and in accordance with established guidelines with a focus on the company’s essential business processes. Within the board, the Audit Committee is primarily responsible for continuously evaluating the company’s risk situation, after which the board conducts an annual review of the risk situation.
Control activities have been designed to manage the risks that the board of directors and management consider to be significant to operational activities, compliance with laws and regulations, and to financial reporting. Defined decision-making procedures, including authorization instructions, are for example established for investments and signing agreements. Several control activities are integrated into EQL Pharma’s key processes, such as investments, supplier contracts and purchasing.