Corporate Governance

Risk management and internal control

Biohit’s internal control is responsible for ensuring that the Group carries out its business operations within the framework of current regulations and legislation and in accordance with the instructions of the Board of Directors. Internal control seeks to ensure that the Group operates with maximum efficiency and that efforts are made at various levels of the organisation to achieve the objectives set in the strategy approved by the Board of Directors. Risk management is geared towards supporting the achievement of these objectives by anticipating and managing business-related risks.

Control environment

Biohit’s business operations and administration aim to realise the company’s values, of which the most important is to promote health and wellbeing through innovation. Biohit will continue to focus on its diagnostics business, in which the company conducts global operations in manufacturing, sales and marketing. Biohit’s control environment is defined by the Board of Directors, which, as the highest administrative body, is responsible for organising internal control. The President & CEO is responsible for maintaining the efficiency of the control environment and the functionality of internal control. Biohit’s financial department is responsible for the functionality of financial reporting as well as the interpretation and application of financial statement standards in line with the separately approved instructions.

Risk assessment

In the assessment of risks related to financial reporting, Biohit’s objective is to identify the major risks associated with the Group’s business operations and environment. The cost-effective management and monitoring of these risks will then ensure that the company’s strategic and operational targets can be reached as intended. The Board of Directors carries the main responsibilityfor risk assessment and monitoring the implementation of risk management. The President & CEO works with the parent company’s operative management and subsidiaries’ managers to ensure that the Group’s risk management is duly arranged. The parent company’s operative management is responsible for identifying and managing the risks involved within each business area, while subsidiaries’ Management Teams are responsible for those in their own market areas. Risk management is one of the areas covered by Biohit’s internal control processes, which regularly monitor the risks associated with the company’s business operations, identify any changes and, if necessary, take appropriate action to hedge against them. Risk management focuses on ensuring the continuity of business operations and preventing financial misconduct.

Control measures

Internal control measures are integrated into the Group’s general business management and reporting process. The subsidiaries report on business and earnings trends and the most significant deviations to Group Management on a monthly and quarterly basis. The Group’s Management Team reports to the Board of Directors on the overall development of business; these two bodies, together with the President & CEO, decide on overall corporate strategies and procedures guiding the operations of the Group. The subsidiaries’ Boards follow business developments and ensure that the parent company’s approved instructions and guidelines are followed. As a rule, the Boards of Directors of the subsidiaries meet monthly. Board work in the subsidiaries is based on financial reports and the written monthly and annual reports drawn up by subsidiary management. Biohit’s business control is carried out in accordance with the management system described above. The company provides the reporting systems necessary for business and financial management. The financial department of the parent company provides instructions for drawing up annual and interim financial statements and prepares the consolidated financial statements. The parent company’s financial department retains central control of funding and administrative matters within the framework of the instructions provided by the Board of Directors and the President & CEO, and is also responsible for the management of interest and exchange rate risks. The Managing Directors of the subsidiaries ensure that the subsidiaries’ reporting is carried out in accordance with the instructions given by the Group’s Management Team. The parent company’s administration department controls and provides instructions on Group-level personnel policies and any agreements made within the Group.