Internal control

IRLAB’s board of directors is responsible for the internal control processes, including for example risk management and financial reporting. The internal control is governed by the Swedish Companies Act (Sw: aktiebolagslagen), the Annual Reports Act (Sw: årsredovisningslagen) and the Swedish Corporate Governance Code.

The Board will ensure that the company has good internal control procedures and formalized routines that safeguard adherence to set principles for reporting and internal control, and that there are appropriate systems for monitoring and control of the company’s operations and the risks that the company and its operations are associated with.

The overall purpose of the internal control is to, to a reasonable degree, ensure that the company’s operating strategies and targets are monitored and that the owners’ investments are protected. Furthermore, the internal control shall ensure that the external financial reporting, with reasonable certainty, is reliable and prepared in accordance with GAAP, that applicable laws and regulations are followed, and that the requirements imposed on listed companies are complied with.

The internal control primarily consists of the following five components.

Control environment

Strong internal control is built on a functional control environment. At IRLAB, the control environment consists of such aspects as the organizational structure, policies, standard operating policies, instructions, reporting and defined areas of responsibility.

The board of directors has the overall responsibility for the internal control and has adopted reporting procedures to maintain adequate oversight.

In relation to financial reporting, the board of directors has adopted a number of regulatory documents governing financial reporting. These documents primarily comprise the rules of procedure for the board of directors, instructions for the CEO and instructions for financial reporting. The board has also adopted special authorization procedures and a finance policy.

Furthermore, the board of directors has established an audit committee to monitor the effectiveness of the IRLAB’s internal control, including the company’s financial position.

The responsibility for the ongoing work of the internal control has been delegated to the CEO. The CEO regularly reports to the board of directors in accordance with the established routines. The board also receives reports from the company’s auditor.

Risk assessment

IRLAB’s processes for risk assessment is intended to identify, evaluate and manage the most significant risks to the achievement of the company objectives. It also includes regular assessment of changes within and around the company that could significantly impact the system of internal control.

Within the board of directors, the audit committee is primarily responsible for continuously assessing the company’s risk situation, after which the board also conducts an annual review of the risk situation.

Control activities

The structure of control activities at IRLAB is built on clear roles in the organization that facilitate efficient allocation of responsibility for specific control activities, some of which include authorization controls in IT systems, business systems, and attestation routines. The continual analysis of financial reporting is very important for ensuring that the reporting contains no significant inaccuracies.

Control activities limit the identified risks and ensure accurate and reliable financial reporting. A core component of the control activities at IRLAB is the Quality Management System (QMS) including Policies, Standard Operating Procedures (SOPs) and Working Instructions that supports in the work to both prevent and detect potential deficiencies.

Information and communication

IRLAB has information and communication channels to promote the accuracy of reporting and to facilitate reporting and feedback from operations to the board and senior management, for example by making corporate governance documents such as internal policies, guidelines and instructions available and known to the employees concerned. The board of directors has also adopted an information policy governing the company’s disclosing of information.

Internal information and communication pertains to ensuring that the company’s employees, who have the possibility of impacting financial information or who manage identified risks, are kept updated with regards to changes of applicable policies, guidelines, laws or regulations. It starts at management team meetings and the full staff is routinely informed about relevant changes.

External information is intended to keep the market updated on developments in the company’s operations and to ensure that IRLAB is fulfilling the requirement for providing correct information to the market. This is also governed by the company’s established information policy.

Monitoring, evaluation and reporting

The board of directors receives continual reporting from company management and can monitor trends for the company. The Group’s financial and operational position, capital requirements, investments and cost base are discussed at each board meeting. The budget and the outcomes of previous years are routinely reconciled, and larger discrepancies are also reported to the board at every board meeting.

Internal control is evaluated regularly, and new routines are continually set up in order to further increase internal control and to handle the risks that have been identified.

The external auditors, the company’s accounting function and the Audit Committee are in continual contact for the purpose of capturing any risks and for managing potential issues. The auditors also report to the board on a regular basis.