Internal control

Oncopeptides board of director’s are responsibility for the internal control is governed by the Swedish Companies Act, the Swedish Annual Reports Act – which requires that information about the main features of Oncopeptides’ system for internal control and risk management related to financial reporting each year must be included in the corporate governance report – and the Code.

The board shall, among other things, see to that Oncopeptides has sufficient internal control and formalized routines to ensure that established principles for financial reporting and internal control are adhered to and that there are effective systems to monitor and control the Company’s operations and the risks associated with the Company and its operations. The overall purpose of the internal control is to, to a reasonable degree, ensure that the Company’s operating strategies and targets are monitored and that the owners’ investments are protected. Furthermore, the internal control shall ensure that the external financial reporting, with reasonable certainty, is reliable and prepared in accordance with GAAP, that applicable laws and regulations are followed, and that the requirements imposed on listed companies are complied with. The internal control primarily consists of the following five components. In addition to the above mentioned internal control, there is also internal, business specific control of data as regards research and development, as well as quality control including systematic surveillance and evaluation of the Company’s development and manufacturing operations and the Company’s products.

Control environment

The board of directors has the overall responsibility for the internal control in relation to financial reporting. In order to create and maintain a functioning control environment, the board has adopted a number of policies and regulatory documents governing financial reporting. These documents primarily comprise the rules of procedure for the board of directors, instructions for the CEO and instructions for financial reporting. The board has also adopted special authorization procedures and a finance policy. The Company also has a financial manual which contains principles, guidelines and process descriptions for accounting and financial reporting.

Furthermore, the board of directors has established an audit committee whose main task is to monitor the Company’s financial position, to monitor the effectiveness of the Company’s internal control, internal audit and risk management, to be informed about the audit of the annual report and consolidated financial statements, and to review and monitor the auditor’s impartiality and independence. The responsibility for the ongoing work of the internal control over financial reporting has been delegated to the Company’s CEO. The CEO regularly reports to the board of directors in accordance with the established instructions for the CEO and the instructions for financial reporting. The board also receives reports from the Company’s auditor. The responsibility for the internal, business specific control in the daily operations lies with the person responsible for quality at the Company.

Risk assessment

Risk assessment includes identifying risks that may arise if the basic requirements for the financial reporting of the Company are not met. Oncopeptides’ management team has, in a specific risk assessment document, identified and evaluated the risks that arise in the Company’s operations, and has assessed how these risks can be managed. Within the board of directors, the audit committee is primarily responsible for continuously assessing the Company’s risk situation, after which the board also conducts an annual review of the risk situation.

Control activities

Control activities limit the identified risks and ensure accurate and reliable financial reporting. The board of directors is responsible for the internal control and monitoring of the Company’s management. This is done through both internal and external control activities, and through examination and monitoring of the Company’s steering documents related to risk management. The effectiveness of the control activities are assessed annually and the results from these assessments are reported to the board of directors and the audit committee. In agreements with sub-suppliers the Company is secured the right to audit each respective sub-suppliers’ fulfilment of relevant services, including quality aspects.

Information and communication

The Company has information and communication channels to promote the accuracy of the financial reporting and to facilitate reporting and feedback from operations to the board and senior management, for example by making corporate governance documents such as internal policies, guidelines and instructions regarding the financial reporting available and known to the employees concerned. The board of directors has also adopted an information policy governing the Company’s disclosing of information.

Monitoring

The compliance and effectiveness of the internal controls are constantly monitored. The CEO ensures that the board of directors continuously receives reports on the development of the Company’s activities, including the development of the Company’s results and financial position, as well as information on important events, such as research results and important contracts. The CEO also reports on these matters at each board meeting. The Company’s compliance of relevant policy’s and guidelines are assessed annually. The results from these assessments are compiled by the CFO in the Company and then reported to the board of directors and the audit committee.