Internal control and risk management regarding financial reporting

Control environment

Pursuant to the Swedish Companies Act, the Board of Directors is responsible for internal control and governance of the company. To maintain and develop a functional control environment, the Board has established a number of basic documents of importance to financial reporting. These include the Board’s work plan and instructions for the President, and the accounting and reporting instructions. In addition to this, a functioning control environment demands a developed structure with continuous monitoring. The responsibility for the daily work of maintaining the control environment is primarily incumbent on the President. The President regularly reports to the Board based on established procedures. The Board also receives reports from the company’s auditor. Company managers have defined powers and responsibilities concerning internal control in each of their respective areas.

Risk assessment 

Orexo continuously analyzes the risks that may lead to errors in financial reporting. In this analysis, Orexo has identified a number of items in the statement of operations and balance sheet and administrative flows that are particularly important from a risk perspective. The company works continuously with regard to these risks to develop and improve the control procedures, and in 2008 this involved a number of points. Furthermore, risks are addressed in special forums such as the management group, the Board and the Audit Committee.

Control activities 

Orexo’s control activities are designed in a way that provides good internal control over financial reporting. Multiple control documents and procedures have been established with regard to reporting, procedures for accounting and the follow-up of reported earnings. The authorization system, purchasing instructions, financial handbook and agreement instructions are examples of such control documents.

An important role for assuring and controlling Orexo’s financial reports and procedures is filled by the company’s accounting and controller functions. These units are responsible for the accuracy, completeness and timely submission of the financial reports. Orexo inventories, evaluates and continuously improves its internal control system in a systematic process and, in some cases, has also engaged external assistance to validate these controls.

Information and communication

Orexo has internal information and communication channels that are intended to ensure that guidelines, etc. important to the reliability of financial reporting are continuously updated and communicated to the employees concerned. The company’s intranet, where procedures and descriptions are available, plays an important role. Orexo has also established procedures for the external communication of financial information that can affect the market value of the company. These procedures shall ensure that the financial reporting is received by the players on the financial market at the same time and provides an accurate presentation of the company’s financial position and performance.

Follow-up

Orexo’s management conducts a monthly performance follow-up with an analysis of deviations from the budget and the preceding period. Orexo’s controller function also conducts monthly controls, evaluations and follow-ups of the financial reporting down to the project level. The Board of Directors and Audit Committee review the annual report and interim reports prior to publication. The Audit Committee discusses special accounting principles, risks and other issues associated with the reports. The company’s external auditor also participates in these discussions.  

Orexo has no separate auditing function (internal audit). The Board annually evaluates the need for such a function and, considering the size of the company, it is not warranted to establish such a separate auditing function.