Internal control systems

The Executive Board is responsible for the company’s internal risk control and auditing system, and assessing its effectiveness. The system is designed to control risks related to business activities and the realisation of company objectives. It also monitors the efficiency and effectiveness of business processes and the consistency of the administrative processes.

The risk control framework is implemented throughout the Group. The responsibility for the control system is primarily allocated to the business units. Risk assessments are an integral part of the company’s annual planning and control cycle, which is discussed with the Shareholder on an annual basis.

The risk control and auditing system for financial reporting is based on Strukton Code of Conduct. Clear accounting rules are set out in the Strukton Reporting Manual and in a standard
reporting structure. The external auditor annually completes auditing activities designed to issue an auditor’s statement with the annual financial statements. The external auditor is appointed by the Shareholders.

In consultation with the Chairman of the Group Executive Board, the Shareholder annually determines the activities to be added to the work required pursuant to the auditor’s statement. This may concern specific risks, business processes or sites where the Chairman of the Group Executive Board or the Shareholder require more in-depth auditing. Recommendations from external auditing activities at any level are reported to and followed up by the Chairman of the Group Executive Board.