Internal auditing & control

The Board’s responsibility for internal control is governed by the Swedish Companies Act and the Swedish Annual Accounts Act, which require that information on the key elements of Starbreeze’s systems for internal control and risk management in connection with financial reporting be included in the Corporate Governance Report each year. The Board’s responsibility for internal control is also governed by the Code. The Board of Director’s duties include ensuring that Starbreeze has good internal control and formalized procedures that ensure compliance with established principles for financial reporting and internal control, and that there are appropriate systems for monitoring and controlling the company’s operations and the risks associated with the company and its operations. The overall objective of internal control is to provide reasonable assurance that the company’s operational strategies and objectives are followed up and that the shareholders’ investment is protected. In addition, internal control ensures that external financial reporting is reliable with reasonable assurance and prepared in accordance with generally accepted accounting principles, that disclosed requirements are met in accordance with internal policies, and that appli- cable laws and regulations and requirements for listed companies are complied with.

Control environment

Internal control at Starbreeze is based on a control environment that includes organization, decision paths, powers and responsibilities. The Board has written rules of procedure that clarify its responsibilities and regulate the division of labor. The rules of procedure also specify the issues to be submitted to the Board for decision. The divi- sion of roles between the Board and the CEO is communicated in the Board’s rules of procedure and in its instructions to the CEO. In addition, the CEO manages the business based on the Swedish Companies Act, other laws and regulations, regu- lations for stock market companies, the Swedish Code of Corporate Governance, etc. The Board monitors compliance with established financial reporting and internal control principles and maintains appropriate relations with the company’s auditors. The management team is responsible for the system of internal controls necessary to manage material risks in day-to-day operations. In addition, the Audit Committee prepares matters for the Board to consider in order to ensure effective control.

Risk assessment and control activities

A clear organizational and decision-making structure aims to create a good risk awareness among employees and a balanced approach to risk-taking. Embedded control points aim to minimize the risk of accounting errors. There are also documented procedures for the management of the company’s financial and consolidation systems. Monitoring is carried out on an ongoing basis in order to maintain good internal control and thus prevent and detect risks.

Risk management

The material risks affecting internal control over financial reporting and operational controls are identified and managed at Group, business area and subsidiary level. Within the Board, the Audit Committee is responsible for identifying material financial risks and risks of misstatement in the financial reporting, and preparing for decisions on possible actions by the Board to ensure accurate financial reporting. A particular priority is to identify processes where the risk of material misstatement is relatively high due to the complexity of the process, or in contexts where large amounts are involved.

The Board instructs the management team to analyze the business and identify and quantify the risks to which the Group is exposed. Once the risks have been identified, they are ranked according to their probability and impact. From this process, the company has developed a large number of controls in the areas of Finance, Management, IT, HR, and Game Development, as well as in Market- ing, PR, and IR. Scheduled self-assessment procedures are carried out according to a defined plan and the results are reported to the Audit Committee and the Board, which ensures that the controls have been carried out. The results, analysis and actions of this process are reported directly to the Audit Committee and the Board.

Follow-up

The Board continuously evaluates the information presented by the management team and the Audit Committee. The Board’s work also includes ensuring that action is taken on any deficiencies or measures recommended in connection with the external audit and the internal monitoring of internal control implemented by the company. After the Board has received the internal control analysis, the Audit Committee prepares proposals for adoption by the Board to remedy the deficiencies and weaknesses identified.

At the end of the year, the Audit Committee receives a final report on the outcome and status of the internal control. Based on this, the Audit Committee prepares proposals for improvement actions to be submitted to the Board. This is a continuous process according to the annual audit and control cycle.

The Board also receives regular reports on the Group’s financial position and performance. After the end of each quarter, the Group’s financial position is reviewed and the management team analyzes the monthly performance in detail. A summarized report is then provided to the Board on a monthly basis. The Audit Committee monitors the financial statements at its meetings and the Audit Committee together with the Board receives a specific report from the auditors on their observations once per financial year.