Internal control

The goal of internal control is to assess which risks in BioArctic are significant for the company and should thus be routinely managed through monitoring and control. Using effective risk management, the work can concentrate on the areas that are most important for reducing the company’s total risk exposure.

In accordance with the Companies Act and the Swedish Code of Corporate Governance (the Code), the Board is ultimately responsible for structuring the company’s organization so that financial reporting, administration and operations are monitored and controlled in a satisfactory manner. The Board shall, among other things, ensure that BioArctic has proper internal control and formal procedures ensuring that established principles
for financial reporting and internal control are observed and that there are adequate systems for monitoring and control of the company’s operations and the risks associated with the company and its operations.

The CEO of BioArctic is ultimately responsible for monitoring whether the work on the company’s internal control is being carried out in accordance with the form decided on by the Board of Directors. BioArctic’s finance division, under the management of the CFO, manages the Group’s work as regards internal control concerning financial reporting. The overall purpose of the internal control is to ensure, to a reasonable degree, that the company’s operating strategies, targets and defined risks are monitored and that the owners’ investments are protected. Furthermore, the internal control shall ensure, with reasonable certainty, that external financial
reporting is reliable and prepared in accordance with accepted accounting practices in Sweden, that applicable laws and regulations are followed, and that the requirements imposed on listed companies are complied with.

In order to maintain good internal control, the Board has adopted a number of governing documents (e.g. rules of procedure for the Board, instructions to the CEO, instructions for financial reporting, a financial policy and an information policy). The Board has assessed the need for a special audit function (internal audit) and has come to the conclusion that such a function is not currently justified in BioArctic considering the scope of the operations and the existing internal control structures. The Board annually reassesses the need for a separate internal audit function. During the 2019 financial year, however, the Audit Committee resolved to add an external review function to be performed by an external party. This external review function carried out its work in 2019 and will review the financial year in its entirety. It is the opinion of the Board that monitoring, documentation and review of the company’s internal control will henceforth be strengthened by the establishment of an external review function, which will serve as a special review function. Since its listing in 2017, BioArctic’s internal control structure has been based on the Committee of Sponsoring Organizations of the Threadway Commission (COSO) model, the framework of which has been applied to the company’s operations and conditions. Under the COSO model, internal control is reviewed and assessed in five main areas: control environment, risk assessment, control activities, information and communication and monitoring.