10. Risk management and internal control
The Group has established a risk management process for identifying, evaluating and monitoring/mitigating risks related to NextGenTel’s business.
Risks are identified and evaluated with respect to probability of occurrence and the impact of the risk. Actions are then defined in order to monitor or mitigate the risk. This process involves all departments and executive management before the outcome is reported to and reviewed by the board at least annually. In addition, risk management and internal control is performed through various processes within the Group, both on a board level and in daily management of the company.
The board performs risk management and internal control through board meetings. Each month the board receives a board report from management outlining the financial and operational performance of the company. An annual planning and budgeting process which ends with a budget approved by the board sets the framework for the coming year. In this process, the board carries out a review of the company’s most important areas of exposure to risk.
Risk management and internal control on a management level is carried out through monthly reviews of financial performance. Financial risk management and internal control procedures are carried out both on a group level and in each subsidiary.
The board presents a review of the Group’s financial status in the annual directors’ report including a description of the Group’s risk management and internal control. There are currently no internal control routines in place for following up the Group’s corporate values and ethical guidelines.