Internal control and risk management
According to the Swedish Companies Act and the Swedish Code of Corporate Governance, the Board is responsible for internal control. This description is primarily limited to internal control over financial reporting, but for Ortivus as a medical technology company, product quality and the clinical and medical aspects are important focus areas.
Ortivus’ Board of Directors, management and employees, governance, management and control must always be balanced with regard to the size of the company, for example, the company has no department for internal audit. Ortivus has a series of processes and control systems where control needs have been balanced with risk assessment and where the company size and complexity have been taken into account.
Ortivus AB’s Board annually establishes rules of procedure for its work, as well as the CEO’s instructions and policies for important areas of finance, quality, risk management and information.
Ortivus’ CEO and management have full operational responsibility for internal control. Based on the Board’s guidelines, laws and regulations regarding financial reporting, the management has determined the distribution of roles and responsibilities for employees who work with the financial reporting within the Group.
Ortivus policies, guidelines, manuals and other governing documents are available to the personnel primarily through the company’s management system. The management is responsible for ensuring that the staff is aware of current policies and guidelines. Information meetings with the employees are held on a regular basis, at least once a month. Ortivus is a small company and the handling of these issues therefore primarily takes place as part of the day-to-day management work and managerial responsibility.
The objective of Ortivus’ risk assessment is to capture, analyze and manage current and future risks, thereby securing the Group’s growth, financial result and position. Ortivus management and board work continuously and actively with risk assessment and risk management to ensure that the risks are handled appropriately within the framework established.
The management regularly reviews and quantifies the risks, which are reported to the Board. Ortivus also cooperates closely with the company’s auditors to identify risks in financial reporting at an early stage.
Ortivus has deliberately, given the size of the company, chosen not to set up a separate function for internal control, but this work is managed by delegates as part of the day-to-day management work. Regular external audits are carried out for the quality systems according to the current regulations.
Information about Ortivus’ governing documents such as Group policies, manuals and guidelines is accessible at the company’s management system. Ortivus continuously provides the market with information about the Group’s financial position and development via, for example, interim reports, press releases and website. The Board of Directors has, given the size and situation of the company, only issue financial reporting in Swedish.