Governance systems

Governance systems consist of the foundations’ organisation, roles and responsibility and reporting lines.

Internal control systems

Internal control systems should include the foundations’ administration, reports and frames for internal controls, including outsourcing.

Internal governance and control

Consist of processes through which foundations acquire reasonable security to reach the foundations’ goals in following areas:

• An appropriate and efficient organization and management of the business
• A reliable financial reporting
• Compliance with applicable laws, regulations and other rules

The internal audit function is to evaluate the suitability and effectiveness of the internal control system, and other aspects of the corporate governance system, including outsourced operations and report significant results and recommendations to the board.

Risk management systems

Consists of processes and routines on how risks are to be identified, analyzed, managed, followed up and reported.
Risk management involves identifying events that may affect the foundation’s opportunities to achieve its goals, analyzing them, deciding how they should be managed and implementing measures to manage risks. Risk management also means following uprising and risk management measures, as well as compiling and reporting these.

The risk management systems shall:

• Evaluate the risk management system
• Manage and report significant risks including investment risks, operational risks and risks covered by assignment agreements
• Report to the board, about the risks that the foundation is or may be exposed to as well as inter dependencies between risks.