Internal control
According to the Swedish Companies Act and the Code, the Board of Directors is
responsible for the internal control of the company.
Control structure
The Board of Directors of OX2 has adopted a number of policies for financial reporting. These include the rules of procedure of the Board and the instructions for the CEO. They provide a framework for ongoing financial review. The company carries out an annual risk assessment of processes in OX2’s financial reporting in accordance with the COSO framework for internal control. The key processes are examined using both qualitative and quantitative analysis. The CFO is responsible for this process. All significant reporting and accounting processes are mapped and adequate controls are designed to prevent and detect any errors. The design and effectiveness of controls implemented are regularly evaluated and the results of controls implemented are reported quarterly to the Audit Committee, which reports annually to the Board of Directors.
Risk assessment
The Group-wide risk process includes financial risks and involves quarterly reporting of the financial risks identified in any of the company’s functions to Group management. Risk reporting is presented to and assessed by Group management at quarterly risk meetings at which risk mitigation measures are also followed up. In OX2’s business process, all significant transaction and project decisions are analyzed in terms of risks, risk management and opportunities.
Read more about our risk management
Control activities
The risks identified in relation to financial reporting are managed via the control activities described in the Risk Policy and OX2’s risk process and the Corporate Governance Policy, rules of procedure for the Board of Directors, instructions for the CEO, Financial Policy and Information and Insider Trading Policy. The purpose of control activities is to prevent, detect and correct errors and nonconformities.
Examples of control activities involving risk assessments are:
- the quarterly reporting from the Group’s business functions and business support functions, which is followed by risk assessment and monitoring of risk mitigation measures by Group management - monthly reports prepared by the company’s CEO in accordance with the company’s instructions for reporting the company’s financial information; these reports are presented by the CEO at ordinary Board meetings
- reviewing and checking the decision-making documents for the Group’s management team meetings and Board meetings
- clear decision-making processes and authorization schemes
In addition, a functioning control environment requires a developed structure with continuous oversight. The CEO has primary responsibility for the day-to-day work to maintain the control environment. The CEO reports regularly to the Board of Directors. OX2 continuously develops its control activities to achieve the most effective organization possible.
Information and communication
OX2’s disclosure procedures are set out in the company’s Information and Insider Trading Policy and in the instructions to the CEO and the financial reporting instructions. The procedures are designed to ensure that external and internal reporting is provided in a timely, accurate, relevant, clear and reliable manner.
The internal reporting produced in the context of the company’s control activities is communicated between the Board of Directors, the CEO and management, providing a basis for making correct decisions.
Financial reporting and operational information is regularly provided in the form of:
- year-end and interim reports, which are published as press releases;
- the annual report, including the sustainability report;
- press releases on significant events;
- presentation to financial analysts, investors and the media on the same day as the
publication of year-end and interim reports and in connection with the publication of
other important information; and - meetings with financial analysts and investors.
Governance and monitoring
Ongoing monitoring of performance and project results takes place at several levels in the company, both at product level and at Group level. Monitoring is in relation to budgets and forecasts. The results are monitored and analyzed by the managers responsible at both technology and market levels and by the finance department. Reporting is to Group management and then to the Board of Directors, where the most significant risks are discussed and how the company is working to mitigate them.
In addition, the company’s auditors must report directly to the Board of Directors at least once a year. The auditors must report their findings from the audit and their assessment of internal control.
Need for internal audit
Overall, the work on internal control in relation to financial reporting described above means that the Board does not consider it justified to have a separate internal audit department.