QPR Software Oyj — Governance Information 2024

Mar 22, 2024

QPR Software's

Corporate Governance Statement 2023

QPR SOFTWARE'S CORPORATE GOVERNANCE STATEMENT 2023

The Finnish Corporate Governance Code

Compliance with the Corporate Governance Code

QPR Software Plc has complied with the Corporate Governance Code 2020 issued by the Finnish Securities Market Association since the financial year that started on January 1, 2020.

Deviations from Recommendations

QPR Software Plc complies with the Finnish Corporate Governance Code with the following exceptions: The Board of Directors has not established any committees. The Board has deemed that considering the size of the Group, the scope of its operations, and existing control systems, separate committees are not necessary. The Board as such is responsible for the duties of the audit committee as well as other committees.

The Board of Directors does not have representatives of both genders. The Board consists of only four persons, each of whom represents a well-defined competence profile. When the current Board was elected, the best suited candidate for each target profile was male. The composition of the Board is evaluated annually, and the aim is to have representatives from both genders elected to the Board at the latest in 2024.

Availability of the Corporate Governance Code on the Internet

The Finnish Corporate Governance Code is publicly available, for example, on the website of the Finnish Securities Market Association, at www.cgfinland.fi.

BOARD OF DIRECTORS

Composition of the Board of Directors

The Board of Directors consists of the following members elected in the Annual General Meeting March 25, 2021: Pertti Ervi, Matti Heikkonen, Antti Koskela and Jukka Tapaninen. In the Annual General Meeting held on April 6th, 2022 and May 3, 2023, Pertti Ervi, Matti Heikkonen, Antti Koskela, and Jukka Tapaninen were re-elected to the Board of Directors.

Pertti Ervi Chairman of the Board b. 1957 Engineer

About

• Chairman of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• Independent management consultant and professional board member.
• Computer 2000 AG, Co-CEO 1995 2000. Computer 2000 Finland Oy, Founding Member and Managing Director 1983 – 1995.
• Extensive board experience from several Finnish publicly listed technology companies and growth companies.

Key positions of trust

• Member and Chairman of the Board, Chairman of the Audit Committee, F-Secure Oyj, 2003 – present
• Member of the Board, WithSecure Oyj, 2003 2023
• Member and Chairman of the Board, Efecte Oy, 2008 present
• Chairman of the Board, Mintly Oy, 2017 present
• Member of the Board, Pointsharp Holding AB, 2021 present
• Member and Chairman of the Board, Teleste Oyj, 2009 2020
• Chairman of the Board, Comptel Oyj, 2011 2017

Pertti Ervi held 73,112 shares of QPR Software Plc on December 31, 2023.

BOARD OF DIRECTORS Tiedot

Matti Heikkonen

Member of the Board b. 1976 Master of Science in Technology

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience:

• Enreach Group, Chief Commercial Officer 2023- present
• Enreach for Enterprises, CEO, 2021 present
• Benemen Oy, CEO, 2018 2021
• Questback AS, EVP Global Operations, 2010 2018
• Digium Oy, CEO, 2007 2010
• Nokia, various managerial positions, 2004 2007
• Various CEO and managerial positions in the software industry, 1998 2004

Key positions of trust:

• Member of the Board, QT-Group 2023-
• Member of the Board, Identia Oy 2023-
• Chairman of the Board, Benemen Oy, 2017 2018
• Member of the Board and Audit Committee, F-Secure Oyj, 2013 2019
• Member and Chairman of the Board, Mobile Wellness Solutions MWS Oy, 2015 2019
• Member and Chairman of the Board,
• The Finnish Software and E-business Association, 2004 2017
• Member of the Board, Ixonos Oyj, 2011 2015

Matti Heikkonen held 24,487 shares of QPR Software Plc on December 31, 2023. Double Trade Oy, which is under Mr. Heikkonen's control, owned 40 922 QPR Software Plc:n shares as of December 31, 2022.

BOARD OF DIRECTORS

Antti Koskela Member of the Board b. 1971 Master of Science in Technology

About

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• WithSecure Oyj, Executive Vice President and Chief Product Officer, 2021 present
• Elisa Oyj, Vice President, Business Development, 2020 2021
• Nokia Software, CDO and Vice President, 2018 2020
• Comptel, CTO and Executive Vice President, 2011 2017
• Nokia Siemens Networks, various managerial positions, 2007 2011
• Nokia Networks, various managerial positions, 1999 2007

Antti Koskela held 42, 945 shares of QPR Software Plc on December 31, 2023.

Jukka Tapaninen

Member of the Board

b. 1963 Master of Science in Economics

About

• Member of the Board since March 2021.
• Independent of the Company and its significant shareholders.

Key experience

• Aiforia Technologies, CEO, 2020 present
• Pegasystems, VP and Managing Director EMEA, APAC and Japan, 2016 2020
• SAP, Vice President Global/EMEA, 2005 2016
• Basware, SVP and General Manager, 2002 2005
• Stonesoft Inc, CEO Americas, 2000 2002
• HP, Regional and Global managerial roles, Sales and Business Development, 1995 2000

Key positions of trust

• Vice Chairman of the Board, Aiforia Oy, 2015 2020
• Member of the Board, WeVision Oy, 2014 present
• Member of the Board, Meshworks Wireless Oy, 2011 present
• Chairman of the Board, Addoro Ab, 2014 2017 (acquisition)
• Member of the Board, Findity Ab, 2013 2016
• Member of the Board, VeliQ B.V., 2015

Jukka Tapaninen held 32,976 shares of QPR Software Plc on December 31, 2023.

Charter of the Board (Summary)

Board meetings:

• The Board convenes regularly, at least 8 times a year, according to a pre-agreed schedule.
• At least one meeting focuses on strategy and one on the budget.
• When necessary, the Chairman of the Board or CEO may call for an additional Board meeting.
• The agenda and material shall be delivered to Board members no less than three working days before the meeting, if not otherwise agreed with the Chairman.

Information:

• Board members shall receive a monthly report containing the Group's actual results, budget comparison, and commentary on the results including reasons for any significant budgetary deviations. The report also includes a summary of other significant matters within Group.
• All significant matters shall be informed to the Board immediately.
• The Board will be presented in minimum once a year risk management report as part of the management reporting.

Matters to be handled at Board meetings include.:

• Matters specified in the Finnish Companies Act.
• Approves strategy and the annual budget, and monitors their execution.
• Appoints and discharges the CEO and decides on the terms of their employment.
• Approves the hiring of personnel reporting directly to the CEO, and their terms of employment.
• Determines the principles of compensation for senior management.
• Approves incentive pay schemes for the CEO and personnel.
• Prepares a proposal on employee stock option plans for the board meeting and decides on its allocation to employees.
• Reviews and approves financial statements, including interim reports and financial statements bulletins.
• Approves acquisitions and significant unbudgeted investments and otherwise significant decisions.
• Approves the dividend distribution policy and prepares a proposal to the board meeting on their distribution.
• Approves the investment policy.
• Approves related party transactions.
• Monitors the implementation of internal controls, internal audits, and risk management.

• Handles matters that have been agreed upon by the Chairman of the Board and the CEO to be handled by the Board of Directors or that otherwise fall within the Board's decision-making authority pursuant to the Finnish Companies Act, the Articles of Association, or other applicable laws and provisions.

Operations in the financial year 2023

In the financial year 2023, QPR Software Plc's Board of Directors convened 17 times. The average attendance rate of the Board members was 99%. The Board of Directors make a self-assessment of its activities. The Board did not establish any committees.

Diversity of the Board

The Board of Directors of QPR Software Plc are elected based on business needs and the merits of the candidates, bearing in mind the advantages of diversity. The selection criteria consist of professional competence, experience, and personal qualities. In assessing professional competence and experience, special attention is paid to experience in international software business and business development, as well as experience in financing, economics, and entrepreneurship.

The Company aims to have both genders represented on the Board. In 2023, four board members were elected at the Annual General Meeting. At the moment, there are no female board members.

The Board of Directors of QPR Software Plc has set these diversity principles. They are presented and reported in the Company´s Corporate Governance Statement.

Committees

The Board has deemed that considering the size of the Group, the scope of its operations, and existing control systems, separate committees are not necessary. The Board as such is responsible for the duties of the audit committee as well as other committees.

Supervisory Board

QPR Software Plc does not have a Supervisory Board.

CHIEF EXECUTIVE OFFICER

Chief Executive Officer of QPR Software Plc

Heikki Veijola (born 1970), a Master of Science in Economics (M.Sc. Econ.) graduate from the Turku School of Economics, assumed the position of CEO of QPR Software Plc on March 1, 2023. Prior to joining QPR, Veijola served as the Director of International Partner Business and a member of the executive team at Enreach Oy, overseeing business operations within the Microsoft and Salesforce ecosystems and

collaborating with system integrators, consultants, and other strategic partners, particularly in Northern Europe. Before his role at Enreach Oy, Veijola held the position of Sales Director within the same company.

Veijola possesses extensive experience in sales, international expansion, partner ecosystems, and the development and transformation of cloud and SaaS (Software as a Service) businesses. Throughout his career, he spent 11 years at Salomaa Group, Finland's largest marketing conglomerate, where he served as the CEO of KASKI Agency and advertising agency Adsek Oy, leading both companies through two transformational periods.

Heikki Veijola did not hold shares of QPR Software Plc on December 31, 2023.

Duties of the Chief Executive Officer

QPR's Board of Directors appoints the CEO and decides on the terms of their service. The CEO's terms of service have been agreed on in writing. The CEO is not appointed for a fixed term but is appointed indefinitely.

The CEO manages the Company's operations in accordance with the Finnish Companies Act and the Board of Directors' instructions and rules and informs the Board of Directors about the development of the Company's business and financial situation. The CEO is also in charge for the Company's day-to-day management and for ensuring that the Company's financial administration is arranged in a reliable manner. The CEO is the primarily presenter in board meetings and responsible for preparing proposals for board decisions.

Internal Control and Risk Management

Internal Control

QPR Software's internal controls and risk management aim to ensure that the Group operates efficiently and effectively, distributes reliable information, complies with regulations and operational principles, reaches its strategic goals, reacts to changes in the market and operating environment, and ensures continuity of its business.

It is the duty of the Board of Directors to monitor the appropriateness, effectiveness, and efficiency of risk management and internal controls within the Group. The Board is presented with a risk management report addressing the risks described in the Risk Management section at least once a year.

The Board assesses the risks based on the threat they pose to shareholders. The Board also oversees that the Company has defined operating principles for internal control and that the Company monitors the effectiveness of controls.

Internal Control and Risk Management Systems Associated with Financial Reporting

The ultimate responsibility for accounting and financial management lies with QPR Software Plc's Board of Directors. The Board is responsible for internal control, and the CEO is responsible for organizing internal controls and for monitoring the effectiveness of controls.

Business operations are controlled and monitored through a Group-wide reporting and forecasting system. The CEO and the CFO use monthly

reports to provide a review of the Group's situation and development for the Board and Executive Management Team.

Risk Management

The Group's CFO is responsible for coordinating and reporting on the Group's internal controls and risk management. The Group's risk management is driven by the requirements arising from legislation, shareholder expectations regarding business objectives, as well as the expectations from customers, personnel, and other important stakeholders.

QPR's risk management aims to systematically and comprehensively identify the risks related to its operations and to ensure that risks are managed and considered in decision making. Risk management responsibilities are integrated throughout the organization. Risk management is developed by continuously improving the Company's operational processes.

The principle of materiality is used as the basis for identifying risks: the realization of monitored risks must have a material effect on the Company's business operations.

QPR Software has identified the following three groups of risks related to its operations:

• risks related to business operations,
• risks related to information and products, and
• risks related to financing.

Property, operational and liability risks are covered by insurance.

QPR Software Plc's Management System was awarded the ISO 9001:2015 quality certificate covering all of the Company's activities, which are audited annually by an external evaluator.

RISKS RELATED TO BUSINESS OPERATIONS

The following risks are related to QPR Software's business operations:

• • Country risk. Risk is measured by assessing the potential loss of country-specific revenue. Risk is managed by continuously gathering market information and diversifying business across geographical markets and industries.
• • Customer risk. Risk is measured in terms of software maintenance customer churn and the share of overdue accounts receivable in total receivables (%). Risk is managed by taking good care of every customer and reseller, as well as by actively following up on accounts receivable.
• • Personnel risk. Risk is measured in terms of personnel churn. Risk is managed through skilled recruitment, professional management practices, and by providing opportunities for job rotation as well as learning and growth.
• • Legal risk. Risk is measured by comparing the cumulative euro-value of all open legal disputes with annual net sales (%). Risk is managed with good knowledge of contract law and standard terms, and by conducting activities that are both ethical and in line with Company values.

QPR's country and customer risks are mitigated by conducting business in more than 50 countries, in both public and private sectors, as well as in several different industries.

Reasonable credit risk concerning individual business partners is characteristic to any international business. QPR seeks to limit this risk by continuously monitoring standard payment terms, receivables, and credit limits.

RISKS RELATED TO INFORMATION AND PRODUCTS

QPR Software has identified the following three risks related to information and products:

• • Risk related to products. Risk is managed by ensuring that the Company's product range remains competitive by differentiating itself from competitors through the strengths of its content and products. The Company seeks to ensure the security of its products using automatic malware prevention.
• • Intellectual Property Rights. The Company's Intellectual Property Rights (IPR) are protected by the confidentiality of the source code, its secure storage, and selected patent applications. In its new process mining business, the Company has adopted a more active IPR strategy. As a result, QPR filed patent

Applications for five separate inventions in Finland and the USA in 2012. The inventions relate to automated business process discovery based on processing event data. In April 2015, QPR announced that the U.S. Patent and Trademark Office has granted a patent as a result of the applications. In May 2016, QPR informed that the U.S. Patent and Trademark Office granted an additional patent to its process mining technology. In addition, the Company uses contract management and internal training to ensure that third-party IPRs are not used without permission in QPR products. The Company has a legal expenses insurance.

• Information and security risks. QPR Software regularly monitors and mitigates information security risks in its operations and reports to the Board of Directors. We use both governance and technological means to improve the security of our systems. To mitigate information security risks, we have adopted data and vendor governance models, conducted annual audits of our partners, and organized relevant in-house training to improve security awareness.

QPR has had no significant information security events or problems related to product management, and no significant changes in the risks of these have been observed during 2023. In June 2023, there was extensive sewage water damage at the company's headquarters in Helsinki, which did not, however, cause any information security risks.

RISKS RELATED TO FINANCING

QPR Software has identified the following two financing risks:

• • Currencies. Foreign currency risk is measured by calculating the share of all non-euro receivables in total receivables, or the share of an individual non-euro currency in all receivables (%). The risk is managed by using the euro as the primary invoicing currency and by currency hedging in accordance with the Company's hedging policy. The Company constantly monitors the development of open positions of the most important invoicing currencies. At the end of the financial year, the Company had not hedged its foreign currency (non-euro) trade receivables.
• • Short-term cash flow. The risk is measured based on the forecasted cash flow. The risk is managed by actively monitoring the forecast and by effectively

collecting overdue receivables. The risks related to the Company's financial position are mitigated by recurring revenue representing a relatively large share of net sales. The company's financial position on December 31, 2023, was moderate due to the previous loss-making performance, the impact of which the company will reduce with the cost savings brought about by the concluded change negotiations during 2024.

In addition, on January 24, 2023, the company converted a short-term financing limit of 1.5 million euros into a long-term one, the conditions of which are covenants tied to EBITDA and equity ratio. The EBITDA of the covenants is tested every six months, and the equity ratio is tested annually according to the situation on the last day of the year.

In the testing carried out on 31 December 2023, EBITDA fell below the agreed covenant limit. In December 2023, the bank pledged not to exercise its receivables maturity right under the financing agreement in the event of a potential breach of the group's EBITDA covenant as per the 2023 financial statements. The financing limit will be repaid in installments of 500 thousand euros on 31 January 2024, 31 January 2025, and 31 January 2026.

To manage the liquidity risk, the company also has an agreement for a credit limit of 500 thousand euros, which was not in use on December 31, 2023.

OTHER INFORMATION TO BE PROVIDED IN THE CORPORATE GOVERNANCE STATEMENT

Main Procedures Relating to Insider Administration

QPR's Insider Guidelines include Nasdaq Helsinki Ltd's Guidelines for Insiders of Listed Companies (updated January 1, 2021) and the Market Abuse Regulation (MAR). Both documents are included in QPR's guidelines as such. QPR's Insider Guidelines set trade restrictions prohibiting Persons Discharging Managerial Responsibilities (PDMRs), permanent insiders and event-based insiders from making transactions with QPR's securities during a closed period of 30 days ("closed window") prior to the publication of financial statements. The closed window ends the day after the publication of the financial statements. According to QPR's Insider Guidelines, permanent insiders must notify the CEO and the Chairman of the Board about the intention to trade QPR's securities prior to executing a transaction.

The CEO, members of the Board of Directors and the Executive Management Team are considered PDMRs – this is because they are regularly exposed to inside information and have the right to make decisions regarding the future of QPR. QPR's permanent insiders include employees or other outsourced persons that due to their position or the nature of their responsibilities have access to inside information.

In case QPR prepares an event that could significantly impact the Company's value (e.g., a corporate acquisition), an event-based insider list must be created for the project. Event-based insiders are persons that contractually work for QPR either directly or indirectly and have access to inside information; as well as any organization that is provided inside information about the project.

QPR's CFO manages insider issues and supervises compliance with QPR's Insider Guidelines. The CFO also maintains QPR's insider register.

Due to the MAR regulation, the information in the insider register system, NetSire, is based on the status of July 2, 2016, and is no longer updated.

QPR Software Plc's managers and their closely associated persons, as referred to in the MAR regulation, have been requested to notify of their transactions as of July 3, 2016.

Audit

The Board elects the auditors at the Annual General Meeting. Only auditors approved by the Finnish Central Chamber of Commerce are considered. In 2023, the elected auditors were the Authorized Public Accountant Firm KPMG Oy Ab, which declared Petri Kettunen, Authorized Public Accountant, as the principal auditor. The auditor's term expires at the close of the next Annual General Meeting following the election.

In 2023, the auditors were paid EUR 69,572 for audit services and EUR 2, 000 for non-audit services. EUR 35,564 of the fees were related to year's 2022 audit and EUR 32,200 was related to the 2023 audit.