12.1 General

It is the Board who has the responsibility to ensure that the Company has sound and appropriate internal control systems and systems for risk management, and that these are proportionate to and reflect the extent and nature of the Company's activities. Having effective internal control systems and systems for risk management in place may prevent the Group from situations that can damage its reputation or financial standing. Furthermore, effective and proper internal control and risk management are important factors when building and maintaining trust, to reach the Company's objectives, and ultimately create value.

Having in place an effective internal control system means that the Company is better suited to manage commercial risk, operational risk, the risk of breaching legislation and regulations as well as other forms of risk that may be material to the Company. As such, there is a correlation between the Company's internal control systems and effective risk management. The internal control system shall also address the organisation and execution of the Company's financial reporting, as well as cover the Company's guidelines etc. for how it integrates considerations related to stakeholders into its creation of value.

DOF shall comply with all laws and regulations that apply to the Group's business activities. The Group's code of conduct describes the main principles for compliance and how the compliance function is organised.

12.2 Policies

The Company shall have a comprehensive set of relevant corporate manuals and procedures, which shall provide detailed descriptions of procedures covering all aspects of managing the Company's operational business. These procedures and manuals shall continually be revised to reflect the best practice derived from experience or adopted through regulations.

12.3 Annual review and risk management in the annual report

The Board shall annually review the Company's most important areas of risk exposure and the internal control arrangement in place for such areas. The review shall pay attention to any material shortcomings or weaknesses in the Company's internal control and how risks are being managed.

In the annual report, the Board shall describe the main features of the Company's internal control and risk management systems as they are connected to the Company's financial reporting. This shall cover the control environment in the Company, risk assessment, control activities and information, communication and follow-up. The Board is obligated to ensure that it is updated on the Company's financial situation, and shall continually evaluate whether the Company's equity and liquidity are adequate in relation to the risk from the Company's activities, and take immediate action if the Company's equity or liquidity at any time is shown to be inadequate. The Company's management shall focus on frequent and relevant reporting of both operational and financial matters to the Board, where the purpose is to ensure that the Board has sufficient information for decision-making and is able to respond quickly to changing conditions. Board meetings shall be held frequently, and management reports shall be provided to the board as a minimum on a monthly basis. Financial performance shall be reported on a quarterly basis.