Internal control, risk management and internal audit

Internal control

Exel Composites' internal control framework is based on the COSO framework. Exel Composites has defined internal control as a process influenced by the Board of Directors, the President and CEO, Group Management and personnel on all levels in the Group, designed to provide reasonable assurance regarding the achievement of objectives.

The aim of Exel Composites' internal control framework is to ensure that Exel Composites' operations are effective, efficient and aligned with strategy, to focus on the most business-relevant risks and issues, to promote ethical values, good corporate governance and risk management, to ensure compliance with laws, regulations and internal policies, as well as to ensure reliable, complete and timely financial reporting.

Exel Composites' internal control framework consists of the internal control, risk management and corporate governance policies and principles set by the Board of Directors, with management overseeing the implementation and application of the policies and principles. The group controller function monitors the efficiency and effectiveness of the operations and reliability of the financial and management reporting. In the risk management process, risks threatening the realization of Exel Composites' objectives are identified, assessed and mitigated. Compliance procedures are designed to ensure that all applicable laws, regulations, internal policies and ethical values are adhered to. Effective control environment at all organizational levels includes control activities tailored for each of the key business processes. Shared ethical values and strong internal control culture among all employees form the foundation for Exel's internal control.

The ultimate responsibility for the appropriate arrangement of the control of the company accounts and finances falls on the Board of Directors. The President and CEO is responsible that the accounts are in compliance with the law and that the financial affairs have been arranged in a reliable manner.

Exel Composites' internal control framework and roles and responsibilities for internal control have been defined in Internal Control Policy approved by the Board of Directors.

Further information on internal control and risk management related to financial reporting can be found in the Corporate Governance Statement.

Risk management

At Exel Composites risk management is a continuous process, which is integrated with the daily decision making and continuous monitoring of operations as well as with preparation of quarterly and annual financial statements.

The Board of Directors governs the risk management of the Company through a risk management policy. In addition, the Board of Directors makes a risk assessment as part of the review and approval process of each set of quarterly and annual financial statements. Risk factors are also considered by the Board in connection with any future guidance disclosed by the Company.

The operative risk management, including risk monitoring, is part of the key duties of the operative management. Whereas risks are considered in conjunction with each business decision, they are also monitored by the managing director and other group management on a monthly basis when the team reviews the business development and any near and long-terms risks upon presentation of the business unit heads and controllers.

Risks and uncertainties related to Exel Composites can be categorized as strategic, operational, finance and hazard risks.

With respect to strategic risks, a significant portion of Exel Composites’ revenues is generated from certain key clients and market segments. Whereas production capacity and cost structure of the Company is planned for growing business volume, negative development of such key clients or market segments could lead to deterioration of Exel Composites’ profitability. This risk is mitigated by a close cooperation with key clients. The development of key markets and consequently business volumes are actively followed and forecasted in order to be able to adjust our business and cost structures to the forecasts. New products and applications are continuously developed in order to limit the dependency of any individual clients or market segments.

Strategic risks also include risks related to acquisitions where the realized level of benefits and synergies may differ from the planned. Continuing low demand in the Australian market may require such further corrective actions that could result in non-recurring items.

The most significant operational risks relate to product development and sales as well as production. Exel Composites’ product range is very broad and often customer customized, which adds complexity to the product development and production. Designing, producing and selling a product that does not meet the requirements agreed with a client could potentially lead to substantial losses and damages. In addition, availability of skilled employees, protection of self-developed proprietary technology, fraud, availability and pricing of key raw materials and health problems due to long-term exposure to chemicals belong to the most significant operational risks. Pre-emptive management of operative risks through careful contracting as well as appropriate business processes and working instructions are in key roles to prevent possible damages.

Financial risks consist of currency, interest rate, liquidity and funding risks, and credit and other counter party risks. Currency and interest rate risks are managed primarily by natural hedging or by using derivative instruments. Credit insurance is in place to cover risks related to trade receivables.

Hazard risks, such as damages caused to property because of fire or chemical spill, as well as losses resulting from related business interruptions, are mainly covered by insurance policies. This type of risks are also regularly audited by third parties that provide recommendations for improvement to reduce risk probability.

Further information on internal control and risk management related to financial reporting can be found in the Corporate Governance Statement.

Internal audit

Based on the effective operation of the group financial control, including the established controller function, the Company does not have a separate internal audit function. The Board of Directors or the President and CEO can assign Exel Composites' controller function or an external service provider to perform internal audit assignments as needed.

Exel Composites Oyj, Vantaa head office, Mäkituvantie 5, FI-01510 Vantaa, Finland