Internal audit and control

The overall purpose of the internal control is to ensure, to a reasonable degree, that the Company’s operating strategies and targets are monitored and that the owners’ investments are protected. Furthermore, the internal control shall ensure, with reasonable certainty, that the external financial reporting is reliable and prepared in accordance with good accounting practice, that applicable laws and regulations are followed, and that the requirements imposed on listed companies are complied with. The board of directors has the overall responsibility for the internal control.

The Swedish Companies Act and Annual Accounts Act contain requirements which mean that information about the main features of BioArctic’s system for internal control and risk management should be part of the company’s corporate governance report. The board’s responsibility for the internal control is also regulated in the Code. The board shall among other things ensure that BioArctic has good internal control and formal procedures ensuring that established principles for financial reporting and internal control are observed and that there are adequate systems for monitoring and control of the Company’s operations and the risks associated with the Company and its operations.

In order to maintain a good internal control the board has adopted a number of governing documents, e.g. rules of procedure for the board, instructions for the CEO, instructions for financial reporting, a financial policy and an information policy.

The board has also established an audit committee whose main tasks among other things include monitoring and quality assurance of the Company’s financial reporting, continuous contacts with the Company’s auditor, to monitor the effectiveness of the Company’s internal control concerning financial reporting, and to review and monitor the auditor’s impartiality and independence. Within the board the audit committee also has the main responsibility for monitoring and managing risks that may affect the Company’s operations negatively.

The responsibility for ongoing internal control and risk management has been delegated to the Company’s CEO who regularly reports to the board in accordance with the established instructions.

The internal control and risk management are controlled and evaluated on an ongoing basis through internal and external audits and evaluations of the Company’s governing documents.

In addition to the above described internal control there is also internal operations specific control of data regarding research and development and quality control including a systematic monitoring and evaluation of the Company’s research and development work and products.