A curved road in the mountainsSlide thumbnail

Want to join us?

A curved road in the mountainsSlide thumbnail

Want to join us?

Internal control

Cary Group has established an internal control system aimed at achieving an efficient organisation that achieves the targets set by the board of directors. This system includes work to ensure that Cary Group’s operations are conducted correctly and efficiently, that laws and regulations are complied with and that financial reporting is accurate and reliable and in accordance with applicable laws and regulations.

Control environment

Cary Group’s control environment is based on the distribution of work among the board of directors, the board committees, the CEO and the CFO and the corporate values on which the board of directors and the Group Management communicate and base their work. In order to maintain and develop a well-functioning control environment, to comply with applicable laws and regulations, and to ensure compliance within the entire Group with Cary Group’s desired business practices, the board of directors, as the ultimately responsible body, has established a number of basic governing documents relevant to risk management and the internal control which consists of operational control documents, policies, procedures and instructions. Among these documents are the rules of procedure for the board of directors, the instructions for the committees of the board of directors, the instructions for the CEO, the instructions for financial reporting, the code of ethics and the communication and insider policy.

Risk assessment

Cary Group has established a risk assessment procedure, meaning Cary Group conducts annual risk analysis and risk assessment. Based on this procedure, risks are identified and categorised according to the following four areas:

  • Strategic risks,
  • Operational risks,
  • Compliance risks, and
  • Financial risks.

Cary Group’s objective with the risk analysis is to identify the most significant risks that may prevent Cary Group from achieving its targets or realising its strategy. The objective is further to evaluate these risks based on the probability that they will arise in the future and to what extent the risks may affect Cary Group’s targets if they were to occur.

Individual risks are assigned a so-called risk owner. The risk owner has a mandate and responsibility to ensure actions and controls are established and implemented. The risk owner is also responsible for monitoring, follow-up and reporting of changes in Cary Group’s risk exposure to identified risks.

Identified risks are reported annually by the CFO to the audit committee and the board of directors. The board of directors evaluates Cary Group’s risk management system, including risk assessments, and shall annually submit a description in which the most important elements of Cary Group’s internal control and risk management are examined in detail. The purpose of this procedure is to ensure that significant risks are managed and that controls that counteract identified risks are implemented.

Control activities

Cary Group has established a risk management process that includes a number of key controls of matters that must be in place and function in the risk management processes. The control requirement is an important tool that enables the board of directors to lead and to evaluate information from the senior executives and to take responsibility for identified risks. Cary Group focuses on documenting and evaluating the major risks related to financial reporting to ensure that Cary Group’s reporting is accurate and reliable.

Information and communication

The board of directors of Cary Group has adopted a communication and insider policy governing Cary Group’s management and communication of inside information and other information. The policy is intended to reduce the risks of insider dealing and other unlawful behaviour and to facilitate Cary Group’s compliance with applicable rules regarding the handling of inside information. In addition, Cary Group has established procedures for the handling of information and restriction of the dissemination of information. The communication policy describes Cary Group’s overall focus on communication matters. Cary Group’s communication shall be characterised by long-term perspective and trust, reliability as well as being proactive, correct, open and holistic. The communication shall also be accurate, relevant and comprehensive in accordance with Nasdaq Stockholm’s rule book for issuers.

Investor relations committee

The purpose of Cary Group’s investor relations committee is to build a long-term knowledge of and trust in Cary Group’s operations and value creation, whilst ensuring that Cary Group complies with applicable regulations. Cary Group’s investor relations committee handles regular contacts with shareholders, analysts, investors, financial journalists, Nasdaq Stockholm, the SFSA and other capital market participants and coordinates general meetings, analyst meetings and capital market presentations. The Head of IR is responsible for this committee, which also consist of the CEO and the CFO.

Monitoring and follow-up

A self-assessment of the effectiveness of the internal controls shall annually be performed by defined persons throughout the organisation. The CFO is responsible for presenting the result to the audit committee and the board of directors.