Adequacy and effectiveness of the internal control and risk management system

The company's internal control system is commensurate with its size and is a continuous process of expansion and optimisation. We are pleased to inform you that work is currently underway on the further development of a control matrix for Uzin Utz SE, with the aim of fulfilling the changing requirements. This control matrix outlines the key controls for the existing main processes, determines the control rhythm and identifies the responsible person or department.

The task of risk management is to use suitable methods to create transparency about a company's risk situation. Operational risk management involves the systematic and ongoing analysis of business processes to identify potential risks. The overarching goals of risk management and the internal control system are to ensure the effectiveness of business activities and compliance with relevant legal requirements. In order to eliminate identified weaknesses during the financial year and to ensure continuous improvement of processes, both the internal control system and the risk management system are monitored on an ongoing basis. The Management Board of Uzin Utz SE is responsible for the oversight of the company's risk management system. The purpose of Internal Audit is to independently verify the suitability and efficacy of the ICS and risk management. The members of Internal Audit have comprehensive information and inspection rights and are involved in all stages of the ICS process in order to successfully fulfil this task.

As at the date of this summarised management report, there are no indications in all material respects of the company that the internal control and risk management system is ineffective or inadequate.

Internal control and risk management system with regard to the accounting process

The internal control system is a key factor in avoiding risks, particularly in accounting and financial reporting. The following features are included, among others:

• The management and corporate structures within the Uzin Utz Group are clearly defined. Cross-divisional key functions are controlled centrally via Uzin Utz SE, while individual subsidiaries maintain a high degree of independence.
• We are pleased to inform you that there is a system of guidelines that is regularly updated.
• The financial systems in use are protected against unauthorised access as far as possible by appropriate authorisation concepts and access restrictions.
• I can confirm that the financial systems used are essentially based on the SAP standard. SAP Business Intelligence is one of the systems used for visualisation and further analysis.
• The consolidated financial statements are prepared using SAP consolidation software, to which only a limited number of employees have access.
• The dual control principle is to be applied consistently across the Group for all accounting transactions.
• It is vital that accounting data received or forwarded is continuously checked for completeness and accuracy.
• We offer face-to-face training courses and online training programmes in Germany and abroad. These programmes provide participants with the opportunity to learn directly on site or remotely, actively exchange ideas and continue their education.

The risk management and control system with regard to the accounting process is designed to ensure that all business processes and transactions are recorded promptly and correctly in the accounts and that risks in connection with financial reporting are identified, assessed, monitored and managed. Changes to laws, accounting standards and other pronouncements are continuously analysed to ascertain their relevance and impact on the consolidated financial statements. The resulting changes are then immediately adapted in the Group's internal guidelines and systems.

The Group companies prepare their financial statements locally and transmit them using a standardised Group-wide data model. The data is entered directly into the input platform by the individual national companies. The Group companies are responsible for ensuring compliance with the Group-wide accounting guidelines and procedures, as well as for the proper and timely execution of their accounting-related processes and systems. Local companies benefit from dedicated central contacts who provide comprehensive support throughout the entire accounting process. The consolidated financial statements are prepared centrally on the basis of locally recorded data. During this process, manual and system-supported checks are carried out on an ongoing basis to ensure the plausibility of the transmitted and consolidated data.

In addition to safeguarding against accounting and financial reporting risks, the ICS also includes a general basic safeguard against operational risks and compliance. It is adapted to the company's current risk situation in terms of its functional and procedural orientation in coordination with risk management. Internal control processes are used to regularly review the business processes of both subsidiaries and central divisions. This is done in order to ensure compliance, cost-effectiveness, efficiency and security. The results of these assessments are reported directly to the Management Board.

Following a thorough review of the internal control system's reports, the Management Board has concluded that there are no significant suspected cases of irregularities or misconduct to report.