The overall purpose of the internal control is to ensure that the company’s strategies and objectives can be implemented within the business and to ensure that the financial reporting has been prepared in accordance with applicable laws, accounting standards and other requirements imposed on listed companies. The board of directors’s responsibility for the internal control is governed by the Swedish Companies Act, the Swedish Annual Reports’ Act and the Code.
In the rules of procedure for the board of directors, the instructions for the CEO and the instructions for financial reporting, all of which have been adopted by the board of directors, the allocation of the roles and responsibilities have been stated to contribute to an effective management of the company’s risks. The board of directors has also established an audit committee whose tasks mainly include to monitor the effectiveness of the company’s internal control, internal audit and risk management, to be informed about the audit of the annual report and consolidated financial statements, and to review and monitor the auditor’s impartiality and independence.
In addition to the above-mentioned controls, the company has standard operating procedures that govern the control and quality of its drug development (including requirement to its partners participating in drug development). With regards to risk assessments, these are carried out in connection with strategic planning and forecasting work and specific risk sessions are held to identify and quantify as well as evaluate and decide how the identified risks can be managed and, if possible, be eliminated. The presentation of the identified risks shall, as a minimum, be submitted to the board of directors once per year. The company’s most recent risk assessment session was held in August 2018. Within the board of directors, the Audit Committee is responsible for continuously assessing the company’s risks.
The board of directors bears the overall responsibility for internal control over financial reporting. To create and maintain a functioning control environment, the board of directors has adopted a number of policies governing financial reporting. These mainly comprise the rules of procedure for the board of directors, the instructions for the CEO and the instructions for financial reporting. The board of directors has also adopted a special set of signatory rules and a financial policy. The company also as a manual containing principles, guidelines and process specifications for accounting and financial reporting. The audit committee within the board of directors ensures that the approved principles for financial reporting and internal control are complied with and that regular contact with the company’s auditor is maintained. The responsibility for maintaining an effective control environment and for the day-to-day work on internal control over financial reporting rests with the CEO with assistance from the CFO. The CEO and CFO reports to the board of directors on a regular basis in accordance with the instruction to the CEO and the terms of reference for financial reporting. The board of directors also receives reports from the company’s auditor. Based on Ascelia’s current size and operations, the board of directors has decided not to set up a separate internal audit function.
The company’s management have regular discussions to identify and evaluate the risks arising in the company’s operations and to assess how these risks can be managed. Once a year, these risks are presented to the board of directors in a risk session accompanied by a risk assessment memo, which include a heat map quantifying the impact and likelihood of identified risks. The risk assessment work also includes identification of risks that may impact the basic requirements for the financial reporting of the company. The risk assessment results in a number of control targets supporting the basic requirements for financial reporting. These control targets aim to ensure that the company meets its objectives for financial reporting. The financial reporting shall be correct and complete, and meet all applicable laws, rules and recommendations, provide a fair description of the company’s business and support a rational and informed valuation of the business. In addition to these three objectives, internal financial reporting shall support proper business decision-making at all levels.
Control activities limit the identified risks and ensure correct and reliable financial reporting. The CFO plays a key role in analysing and following up the Group’s financial reporting and results. There are functions for the analysis and follow-up of the financial reporting of the Group and subsidiaries. Control activities also comprise a review and follow-up of the company’s governing documents relating to risk management and analysing complex transactions or valuation of assets or liabilities encompassing a significant element of judgement. The board of directors is responsible for internal control and monitoring of the company’s management. This is done primarily by examining the company’s steering documents and identified risk factors.
INFORMATION AND COMMUNICATION
The company has information and communication channels intended to promote the accuracy of financial reporting and to facilitate reporting and feedback from operations to the board of directors and the management, for example by making corporate governance documents such as internal policies, guidelines and instructions regarding the financial reporting available and known for employees. The board of directors has also adopted an information policy that governs Ascelia’s provision of information.
The compliance and effectiveness of internal controls are monitored regularly. The CEO ensures that the board of directors receives continuous reports on the development of the company’s activities, including the development of the company’s results and financial position, and information about important events, such as operational events of the drug development and major agreements and contracts. The CEO also reports on these issues at each board meeting. The audit committee supports the board of directors by preparing activities that assure the quality of the company’s financial reporting. This is partly achieved by the audit committee checking the financial information and the company’s financial controls.