Internal control

Exel Composites Plc is the parent company for the whole Group. It manages and directs the operations for the whole Group. The main responsibility for the internal control and risk management relating to the financial reporting process lies with the Board of Directors. Exel Composites’ internal control framework and roles and responsibilities for internal control have been defined in the Internal Control Policy approved by the Board of Directors. Internal control is organized within the framework of regular management, reporting and reviews.

Exel Composites’ internal control and risk management related to financial reporting is designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with applicable laws and regulations, generally accepted accounting principles and other requirements for listed companies.

Exel Composites has established a Controller’s manual (accounting and reporting rules), which is regularly updated. Other internal policies and rules related to the financial reporting process include the Code of Conduct, the Anti-corruption Policy, the Decision-making and Signing Policy, the Treasury Policy as well as the Credit Management Policy.

Group accounting maintains a common chart of accounts that is applied in all units. A Group enterprise resource planning system (ERP) and customer relationship management system (CRM) are in use in most units of the Group. Subsidiaries submit their figures to Group reporting system for consolidation purposes. The reported figures are reviewed both in the subsidiaries and in Group accounting.

The consolidated financial statements of Exel Composites have been prepared in compliance with International Financial Reporting Standards (IFRS), applying International Accounting Standards (IAS) and IFRS standards, as well as Standing Interpretations Committee (SIC) and International Financial Reporting Interpretations Committee (IFRIC) interpretations, valid on 31 December 2021. The notes to the consolidated financial statements are also in compliance with the Finnish Accounting and Companies Acts.

The ultimate responsibility for the appropriate arrangement of the control of the Company accounts and finances falls on the Board of Directors. In accordance with the Charter of the Board of Directors, the Board performs the duties of an Audit Committee. These duties include overseeing of the accounting and financial reporting process, the audit of the financial statements, and the review of internal control procedures as well as communication with the Company’s auditors. The President and CEO is responsible for the implementation of internal control and risk management processes and ensuring their operational effectiveness. The President and CEO is also responsible for ensuring that the Company accounting practices comply with the law and that financial matters are handled in a reliable manner. The Group’s management assigns responsibility for the establishment of more specific internal control policies and procedures to personnel responsible for the unit’s functions. Management and employees are assigned with appropriate levels of authority and responsibility to facilitate effective internal control over financial reporting.

Exel Composites’ common controls include variety of activities such as approvals, authorizations, verifications, reconciliations, monthly reviews of operating performance, and segregation of duties.

In financial reporting, the Controller’s manual sets the standards of financial reporting as well as accounting rules and procedures within the Group. The Group controller function assists the business units in maintaining adequate control activities in cooperation with the business controllers. The Group controller function is also responsible for ensuring that external financial reporting is correct, timely and in compliance with applicable regulations.

Ongoing monitoring activities include the follow-up of monthly financial results in relation to budget and targets as well as follow-up of internal and external projects. The scope and frequency of separate evaluations depend primarily on an assessment of the related risks and significance of the potential financial outcome. Internal control deficiencies are identified and communicated in a timely manner to those parties responsible for taking corrective action, and to management and the Board as appropriate. Implementation and control of financial and other business targets are monitored through Group-wide financial reporting, and through regular management meetings in each of the business units.