Risks and Risk Management

1 of

Internal controls over financial reporting

In tandem with adopting the Interim Report for the third quarter and annual Financial Statement, the company’s Auditors report their observations from auditing and evaluating the company’s internal controls. The company’s Auditors participate in Board meetings and special meetings with the Audit Committee, which enables Board members to ensure that internal control is satisfactory and that reporting to the Board is effective.

According to the Swedish Companies Act, the Board is responsible for internal controls. This responsibility includes issuing annual financial reports each year. The Board of Directors receives the reports and sets standards on their content and presentation to assure quality. This implies that financial reporting should be expedient by applying applicable accounting standards and other requirements of listed companies. The CEO presents a financial report to the Board of Directors at least once monthly, presented in a manner specified by the Board of Directors in advance. This enables the Board of Directors to monitor any non-compliance in terms of reporting or content.

Control environment, risk assessment and control structures

Ependion structures and organizes its operating activities proceeding from decentralized responsibility for profitability. The base of internal controls in a decentralized operation consists of a well-secured process intended to define targets and strategies for each business.

Defined decision-paths, authorizations and responsibilities are communicated through internal instructions, regulations and policies adopted by the Board of Directors. The Group’s primary financial policy documents are its accounting policies, finance policy and a reporting manual, including instructions for each financial statement. The company has an established control structure to manage the risks the Board of Directors and management consider material to internal controls regarding the Group’s accounting organization.

Accounting managers at all levels play a key role in terms of integrity, skills and the ability to create the environment necessary to achieve transparent and accurate financial reporting. Another important overall control activity is the monthly update on results that is conducted via the internal reporting system, and analyzed and subject to comment in reports to the Board. Monitoring the results of operations includes reconciliation against targets set previously, the most recent forecast and monitoring established key financial ratios.

Board of Directors’ standpoint on internal audit

In accordance with the Code’s stipulations, the Board of Directors has taken a view on the need for a dedicated internal audit function, and concluded that at present, there is no need to create such resources within the Group.

Coincident with its evaluation of this need, the Board of Directors considered the Group’s size, risk outlook and the control functions already established within the Group, which include regular internal audits operated by the central finance function.