Internal control

The Board of Directors’ responsibility for internal control is governed by the Swedish Companies Act and the Swedish Corporate Governance Code. Internal control primarily consists of the following five components: control environment, risk assessment, control activities, information and communication, and monitoring.

Among other tasks, the Board is responsible for ensuring that Oncopeptides has sufficient internal control and formalized procedures to ensure that established principles for financial reporting and internal control are adhered to and that there are appropriate systems in place to monitor and control the company’s operations and the risks associated with the company and its operations.

The overall purpose of the internal control is to ensure that the company’s operating strategies and targets are monitored and that the owners’ investments are protected, to a reasonable degree. Furthermore, the internal control is to ensure, with reasonable certainty, that the external financial reporting is reliable and prepared in accordance with generally accepted accounting principles, that applicable laws and regulations are followed, and that the requirements imposed on listed companies are complied with.

In addition to the aforementioned internal control, there is also an internal, business-specific control of data as regards research and development as well as quality control including systematic monitoring and evaluation of the company’s development and manufacturing operations and the company’s products.

Control environment

In order to create and maintain a functioning control environment, the Board has adopted a number of policies and steering documents governing financial reporting. These documents primarily comprise the rules of procedure for the Board of Directors, instructions for the CEO and instructions for financial reporting. The Board has also adopted special authorization procedures and a financial policy. The company also has a financial manual which contains principles, guidelines and process descriptions for accounting and financial reporting.

Furthermore, the Audit Committee’s main task is to monitor the company’s financial position and the effectiveness of the company’s internal control, internal audit and risk management, to remain informed about the audit of the Annual Report and consolidated financial statements, and to review and monitor the auditor’s impartiality and independence. Responsibility for the ongoing work of the internal control over financial reporting has been delegated to the company’s CEO. The CEO regularly reports to the Board of Directors in accordance with the established instructions for the CEO and the instructions for financial reporting. The Board also receives reports from the company’s auditor.

Risk assessment

Risk assessment includes identifying risks that may arise if the basic requirements for the financial reporting of the company are not met. Oncopeptides’ management team has, in a specific risk assessment document, identified and evaluated the risks that arise in the company’s operations, and has assessed how these risks can be managed. Within the Board of Directors, the Audit Committee is primarily responsible for continuously assessing the company’s risk situation as it related to the company’s financial reporting. The Board also conducts an annual review of the risk situation.

Control activities

Control activities limit identified risks and ensure accurate and reliable financial reporting. The Board of Directors is responsible for the internal control and monitoring of the company’s management. This is done through both internal and external control activities, and through examination and monitoring of the company’s steering documents related to risk management. The effectiveness of the control activities is assessed annually and the results from these assessments are reported to the Board of Directors and the Audit Committee. In agreements with sub-suppliers, the company has secured the right to audit each respective sub-supplier’s fulfillment of relevant services, including quality aspects.

Information and communication

The company has information and communication channels to promote the accuracy of the financial reporting and to facilitate reporting and feedback from the operations to the Board and senior management, for example, by making corporate governance documents, such as internal policies, guidelines and instructions regarding the financial reporting, available to the co-workers concerned and ensuring the co-workers are familiar with them. The Board of Directors has also adopted an information policy governing Oncopeptides’ disclosure of information.

Monitoring, evaluation and reporting

Compliance with and effectiveness of the internal controls are constantly monitored. The CEO ensures that the Board of Directors continuously receives reports on the development of the company’s activities, including the development of the company’s earnings and financial position, as well as information on important events, such as research results and important contracts. The CEO also reports on these matters at each Board meeting. The company’s compliance with all relevant steering documents and guidelines is assessed annually. The results from these assessments are compiled by the company’s CFO and then reported to the Board of Directors and the Audit Committee.

The Board deems that the internal controls are effective in all material respects and, on this basis, has determined that there is no need to establish a special internal-audit function.