Risk Management

Spinnova’s risk management aims to ensure that the Company’s financial reports provide materially correct information about the Company’s finances. The objective of risk management is to ensure the continuity of the business and the operational capability of the Company in all identifiable risk scenarios.

The central principle of risk management is undertaking continuous, systematic and pre-emptive actions to identify risks, define the acceptable level of risk for the Company, evaluate and manage risks and, in the event of risk realisation, see to their effective management and control so that Spinnova will meet its strategic and financial goals.

Spinnova’s Board of Directors approves the risk management principles, strategic goals and focus areas. The Board also directs and monitors the design and implementation of risk management. The CEO is responsible for the Company’s risk management and its organisation, allocating resources for the work and reviewing the risk management principles. The Audit Committee evaluates risk management in connection with their internal control review. The Company’s management team is responsible for the actualisation of risk management, monitoring of operative risks, and risk related actions.

Risk assessment

The Company’s strategic and operative goals are used as a basis for identifying risks. Risk analysis and evaluations are conducted as self-assessments. In assessing the impact of a risk, the probability of the risk and its impact on Spinnova’s net sales and results of operations are taken into account.

Internal and external events that have a material effect on the Company’s objectives are identified and divided into risks and opportunities. The probability and impact of the risks in the event of risk realisation is assessed, and an action plan regarding risks that are identified as material is prepared. Possible actions are avoiding, accepting, limiting and dividing risks.

The senior management determines necessary actions for setting the risk levels on a level corresponding the Company’s risk appetite. Risk assessment is done regularly and detected material changes are reported to the Board of Directors.

Key risks specific to Spinnova

Internal control

The purpose of internal control is to protect Spinnova’s and its business units’ resources from misuse, ensure the appropriate authorisation of business transactions, support management of IT systems, and ensure the reliability of financial reporting.

The Board of Directors has ultimate responsibility for the administration and proper organization of the Company. The Board of Directors also ensures that the Company operates in accordance with its values, approves the internal control, risk management and corporate governance policies, and can assign internal audit assignments to the external auditor or other service providers as needed.

The CEO establishes the basis for internal control by leading and guiding the senior management and monitoring the way they oversee the businesses they are in charge of, and by ensuring that the accounting practices of the Company comply with applicable regulation and that the financial administration is managed in a reliable manner.

The management team is responsible for establishing detailed internal control policies and practices for the different organisational units. The Company’s financial administration supports the business units in creating appropriate control practices. In addition, it controls the Company’s risk management processes and reports on their implementation to the senior management, and monitors the adequacy and functionality of control measures at a practical level.

The Company’s control measures are intended for responding to the risks identified at different levels of the Company’s operations and they may be preventive, identifying, manual, automatic or managerial in nature.

Internal audit

The Company does not have a separate internal audit function, and internal audit responsibilities have been divided inside the Company among different bodies and functions. The Board of Directors may use external experts to conduct separate evaluations of the control environment or control functions. The audit plan of the Company’s external auditor must take into account the fact that the Company does not have an internal audit function.