Exel Composites > English > Investor > en > Corporate Governance > Internal control, risk managemt and internal audit

Internal control, risk management and internal audit

Internal control

Exel Composites' internal control framework is based on the COSO framework. Exel Composites has defined internal control as a process influenced by the Board of Directors, the President and CEO, Group Management and personnel on all levels in the Group, designed to provide reasonable assurance regarding the achievement of objectives.

The aim of Exel’s internal control framework is to ensure that Exel’s operations are effective, efficient and aligned with strategy, to focus on the most business-relevant risks and issues, to promote ethical values, good corporate governance and risk management, to ensure compliance with laws, regulations and internal policies, as well as to ensure reliable, complete and timely financial reporting.

Exel's internal control framework consists of the internal control, risk management and corporate governance policies and principles set by the Board of Directors, with management overseeing the implementation and application of the policies and principles. The group controller function monitors the efficiency and effectiveness of the operations and reliability of the financial and management reporting. In the risk management process, risks threatening the realization of Exel's objectives are identified, assessed and mitigated. Compliance procedures are designed to ensure that all applicable laws, regulations, internal policies and ethical values are adhered to. Effective control environment at all organizational levels includes control activities tailored for each of the key business processes. Shared ethical values and strong internal control culture among all employees form the foundation for Exel's internal control.

The ultimate responsibility for the appropriate arrangement of the control of the company accounts and finances falls on the Board of Directors. The President and CEO is responsible that the accounts are in compliance with the law and that the financial affairs have been arranged in a reliable manner.

Exel Composites' internal control framework and roles and responsibilities for internal control have been defined in Internal Control Policy approved by the Board of Directors.

Further information on internal control and risk management related to financial reporting can be found in the Corporate Governance Statement.

Risk management

The central short-term goal of Exel Composites is to distinctly improve the profitability and competitiveness and to secure the financial position of business demands. The primary task of Exel's enterprise risk management concept is to support the realisation of these goals. As a part of corporate governance, risk management is a systematic tool for the Board of Directors and the operative management to monitor and assess the realisation of the goals, threats and opportunities affecting the company operations.

The task of Exel Composites' risk management is also to support in adapting to the changes in business and risk environment.

The Management Group of the Company has adopted the risk management guidelines based on the principles approved by the Board. The risk management policy is reviewed annually to ensure that it corresponds to the current conditions and changes that have occurred in the business environment. The business units are responsible for implementing risk management and identification of risks. The Management Group monitors the development of risks and risk concentrations.

Risks relative to assets, interruption and liability risks arising from business operations have been provided for with appropriate insurances.

Principles of risk management

Risks are factors that threaten the Company in reaching its set goals. They are measured by their impact and the likelihood of them occurring. The business units and the corporate functions identify and assess their risks.

Risk management is a continuous process, which is integrated in the corporate strategic process, operative planning, daily decision making and monitoring operations. Risk management is also part of the internal control system.

Exel Composites only considers taking risks after careful assessment of the risk in relation to its gain. The aim of risk management is to systematically identify and evaluate risks and to manage them in a cost-effective way by:

- Ensuring that all identified risks affecting personnel, customers, products, reputation, property, intellectual property and operation are always managed as required by law and otherwise in accordance to best knowledge and justifiable taking into consideration the prevailing financial situation
- Fulfilling the expectations of stakeholders (owners, customers, personnel, suppliers and the community)
- Securing the management of the total risk exposure and minimizing the total risk
- Securing continuous operation without interruptions
- Promoting the effective utilization of possibilities and profit potentials.

The risks affecting our business activities can be categorized as: strategic, operational, finance and hazard risks; they can result from factors both external and internal to the organization. Some specific risks can have both external and internal drivers. Strategic and operational business risks are reviewed on unit, division and group level.

Major risks and uncertainties

Strategic risks

Regarding strategic risks Exel Composites is exposed to the market situation in different industrial customer segments. The key raw materials, especially carbon fiber, are supplied by only a few suppliers and the balance between supply and demand may cause long periods of scarcity. There are also risks related to the acquisitions where the realized level of benefits and synergies may differ from the planned.

Operational risks

In the operations the risks are identified in raw material price fluctuation in absolute terms as well as in relation to competing materials. The poor availability of skilled employees may locally impact in the quality and productivity of the business. The protection of self-developed own technology is important and the risk of IPR violations is exceeding when the business is enlarging globally. Also the importance and risks related to the suppliers and sub-contractors have grown.

Financial risks

Financial risks consist of currency, interest rate, liquidity and funding risk, and credit and other counter party risk. Currency and interest rate risks are managed by hedging using different derivatives. Credit insurance is in place to cover risks related to trade receivables.

Currency risk

Most invoicing and purchases are carried out in euros. Possible changes in the exchange rates of the USD, GBP, AUD and SEK may affect the Company’s result. The Company seeks to hedge itself against exchange rate risks by means of currency clauses in purchase and sales agreements, as well as hedging instruments.

Interest rate risk

Exel Composites’ financing policy involves using a small number of banks as partners to secure its long-term needs for borrowed capital. Exel Composites’ liquidity is based on long-term financial arrangements and on short-term financial products, such as lines of credit and credit accounts. To balance interest rate, risk the Company strives to use both changing and fixed interest loans. Additionally, the Company uses interest swap agreements.

Credit risk

Exel Composites is exposed to credit risk mainly through accounts receivable. The Company has a global customer base, and there are no significant risk concentrations. Exel Composites normally uses credit insurance.

Hazard risks

Hazard risks include occupational health and safety-related risks, personnel security risks, environmental risks, fire and other disasters, natural events and security risks. Exel Composites has taken measures against these risks by using safety guidelines, certification principles, rescue planning and security instructions. The materialization of risks has been taken into account in the insurance policies.

Insurance risk

Insurance risk denotes the risk of Exel' Composites' profits being affected by insufficient insurance protection in the event of unforeseen events or accidents. To minimize insurance risks, the Company shall acquire insurance policies covering property and liability risks, the responsibility for the President and CEO and the Board of Directors and risk exposure during business travels. Other insurance risks are to be evaluated case over case.

Further information on internal control and risk management related to financial reporting can be found in the Corporate Governance Statement.

Internal audit

Based on the effective operation of the group financial control, including the established controller function, the Company does not have a separate internal audit function. The Board of Directors or the President and CEO can assign Exel Composites' controller function or an external service provider to perform internal audit assignments as needed.