Skip to main contentSkip to navigationSkip to search

Internal control

According to the Swedish Companies Act and the Code, the Board of Directors is
responsible for the internal control of the company.

Control structure

The Board of Directors of OX2 has adopted a number of policies for financial reporting. These include the rules of procedure of the Board and the instructions for the CEO. They provide a  framework for ongoing financial review. The company carries out an annual risk assessment of  processes in OX2’s financial reporting in accordance with the COSO framework for internal  control. The key processes are examined using both qualitative and quantitative analysis. The  CFO is responsible for this process. All significant reporting and accounting processes are  mapped and adequate controls are designed to prevent and detect any errors. The design and  effectiveness of controls implemented are regularly evaluated and the results of controls  implemented are reported quarterly to the Audit Committee, which reports annually to the Board of Directors.

Risk assessment

The Group-wide risk process includes financial risks and involves quarterly reporting of the  financial risks identified in any of the company’s functions to Group management. Risk reporting  is presented to and assessed by Group management at quarterly risk meetings at  which risk mitigation measures are also followed up. In OX2’s business process, all significant  transaction and project decisions are analyzed in terms of risks, risk management and opportunities. 

Read more about our risk management

Control activities

The risks identified in relation to financial reporting are managed via the control activities described in the Risk Policy and OX2’s risk process and the Corporate Governance Policy, rules  of procedure for the Board of Directors, instructions for the CEO, Financial Policy and  Information and Insider Trading Policy. The purpose of control activities is to prevent, detect and correct errors and nonconformities.

Examples of control activities involving risk assessments are:
    • the quarterly reporting from the Group’s business functions and business support functions, which is followed by risk assessment and monitoring of risk mitigation measures by Group management - monthly reports prepared by the company’s CEO in accordance with the  company’s instructions for reporting the company’s financial information; these reports are presented by the CEO at ordinary Board meetings
    • reviewing and checking the decision-making documents for the Group’s management team meetings and Board meetings 
    • clear decision-making processes and authorization schemes

    In addition, a functioning  control environment requires a developed structure with continuous oversight. The CEO has primary responsibility for the day-to-day work to maintain the control environment. The  CEO reports regularly to the Board of Directors. OX2 continuously develops its control  activities to achieve the most effective organization possible. 

Information and communication

OX2’s disclosure procedures are set out in the company’s Information and Insider Trading Policy  and in the instructions to the CEO and the financial reporting instructions. The procedures are  designed to ensure that external and internal reporting is provided in a timely, accurate,  relevant, clear and reliable manner. 

The internal reporting produced in the context of the company’s control activities is communicated between the Board of Directors, the CEO and management, providing a basis for making correct decisions. 

Financial reporting and operational information is regularly provided in the form of: 
  • year-end and interim reports, which are published as press releases;
  • the annual report, including the sustainability report;
  • press releases on significant events;
  • presentation to financial analysts, investors and the media on the same day as the
    publication of year-end and interim reports and in connection with the publication of
    other important information; and
  • meetings with financial analysts and investors.

Governance and monitoring

Ongoing monitoring of performance and project results takes place at several levels in the company, both at product level and at Group level. Monitoring is in relation to budgets and  forecasts. The results are monitored and analyzed by the managers responsible at both  technology and market levels and by the finance department. Reporting is to Group management and then to the Board of Directors, where the most significant risks are discussed  and how the company is working to mitigate them.

In addition, the company’s auditors must  report directly to the Board of Directors at least once a year. The auditors must report their  findings from the audit and their assessment of internal control.

Need for internal audit

Overall, the work on internal control in relation to financial reporting described above means  that the Board does not consider it justified to have a separate internal audit department.