Risk management is part of the Company’s strategic and operational planning, and it is also linked to internal control. Risk means an event or circumstance that may hinder or prevent the achievement of Kempower Corporation’s objectives or due to which business opportunities may not be utilized.

The company proactively and systematically aims to identify, analyze, evaluate and manage the most significant risks, which are divided into the following main groups: strategic, operational, hazard, compliance and financial risks. Non-financial effects are also taken into account when assessing risks.

Through risk management, Kempower Corporation supports the achievement of its strategic and business objectives and ensures the continuity of its operations in changing circumstances. The ability to bear risks and manage them effectively is central to business success and the creation of shareholder value.

The objectives of risk management are achieved by providing the Group with information on the uncertainties, risks and opportunities facing the objectives and operations, as well as uniform and effective 10 Kempower has a written pre-approval policy for non-audit services, in which the Audit Committee has been specified to govern this topic. Internal control and internal audit methods for identifying, assessing and managing risks and their consequences. The willingness to take risks must be proportionate to the risk-bearing capacity and the risk-taking must be in balance with the intended benefits. Risk reporting is available to management as part of other reporting.

Kempower Corporation has a risk management policy approved by the Board of Directors. The purpose of the Company’s risk management is to ensure the comprehensive and appropriate identification, assessment, management and control of risks throughout the Kempower Group. It is an integral part of the Company’s planning and management process, decision-making, day-to-day management and operations, and control and reporting procedures.

The objective of internal control and internal auditing is to ensure that the Company’s operations are efficient and effective, that information is reliable and that regulations and operating principles are complied with. Internal control covers all measures and procedures to ensure that objectives are met. The subjects of internal control are the organization’s internal operating environment, goal setting, risk management, control measures, information flow, communication, and monitoring.

Kempower Corporation’s internal audit evaluates the appropriateness and effectiveness of the Company’s internal control system and risk management to improve the operating methods, processes and controls of risk management, supervision and administration systems and thus promote the achievement of the organization’s objectives.

The Company’s internal audit assesses, among other things, the Company’s internal control and risk management.

The internal audit is responsible for independent assessment and verification activities, the main task of which is to support the management and the Board in their supervisory role. The company has an independent external internal auditor who is responsible for internal audit tasks with the help of, if necessary, external service providers. The internal auditor reports regularly to the Board’s Audit Committee.

The Audit Committee approves the annual internal audit plan.

The purpose of internal control is to protect the value of assets, ensure the appropriateness and efficiency of operations – including the reliability of financial and operational reporting – compliance with regulations and operating principles, and compliance with the objectives of operations.

Kempower’s values, group-level operational guidelines and policies help the management and ultimately the Board to ensure that the goals set by the company are met, Kempower Corporation’s business is managed ethically and in accordance with all applicable laws and regulations as well as internal operating guidelines, and that financial reporting is carried out appropriately.

Every employee of the Company has the right and obligation to make a report, if necessary, anonymously, through a “whistleblower system” for activities contrary to laws or internal guidelines.