AS STATED IN THE SWEDISH COMPANIES ACT AND THE CODE, the Board of Directors is responsible for ensuring that the company has satisfactory internal controls, for staying informed about the company’s internal control system and for assessing the effectiveness of this system. Episurf Medical’s internal control work can be divided between the control environment, risk assessment, control activities, information and communication, and monitoring. Episurf Medical’s internal audit is handled by the Board of Directors, the CEO and the CFO, but in view of the company’s size this is deemed to meet the requirements placed on the company. On a yearly basis, the Board evaluates the need to set up an internal audit function.