Adequacy and effectiveness of the internal control and risk management system

There is an internal control system that is appropriate to the size of the company and is continuously being expanded and optimized. In order to further expand an effective ICS, work is currently underway to set up a control matrix for Uzin Utz SE. In this control matrix, the essential key controls for the existing main processes are defined, the rhythm of the controls is determined and the person and/or department responsible is defined. The aim is to roll out the controls, which must be carried out on a decentralized basis, to the German subsidiaries as a first step and to the foreign Group companies in the medium to long term.

The intention of risk management and the internal control system is to ensure the effectiveness of business activities and compliance with the relevant legal requirements.

Both the internal control system and the risk management system are monitored on an ongoing basis in order to rectify any weaknesses identified during the financial year and to ensure continuous improvement of processes.

At the time of this report, there are no indications in all material respects of the company that the internal control and risk management system is ineffective or inadequate.

However, no guarantee can be given that all actual risks and any violations will be detected in advance.

Internal control and risk management system with regard to the accounting process

The internal control system is a key factor in avoiding risks, particularly in accounting and financial reporting. This includes the following features, among others:

• Within Uzin Utz, the management and corporate structures are clearly defined. Cross-divisional key functions are controlled centrally via Uzin Utz SE, whereby the individual subsidiaries also have a high degree of independence.
• There is a set of guidelines that is updated on an ongoing basis.
• The financial systems used are protected as far as possible against unauthorized access by appropriate authorization concepts and access restrictions.
• The financial systems used are essentially based on the SAP standard. SAP Business Intelligence is used for presentation and other evaluations.
• The consolidated financial statements are prepared using SAP consolidation software.
• Accounting data received or passed on is continuously checked for completeness and accuracy.

The control system and risk management system with regard to the accounting process is designed to ensure that all business processes and transactions are recorded promptly and correctly in the accounts and that risks in connection with financial reporting are identified, evaluated, monitored and managed. Changes to laws, accounting standards and other pronouncements are continuously analyzed with regard to their relevance and impact on the consolidated financial statements and the resulting changes are immediately adapted in the Group's internal guidelines and systems. The Group accounting process at Uzin Utz SE is managed by the central Group Controlling department.

The Group companies prepare their financial statements locally and transmit them via a uniformly defined Group-wide data model. The data is maintained by the individual national companies directly in the input platform. The Group companies are responsible for compliance with the Group-wide accounting guidelines and procedures as well as the proper and timely execution of their accounting-related processes and systems. The local companies are supported by central contacts throughout the entire accounting process. The consolidated financial statements are prepared centrally on the basis of the data from the subsidiaries included in the scope of consolidation. During this process, Group Controlling performs ongoing manual and system-supported checks to ensure the plausibility of the transmitted and consolidated data.

Internal control processes are used to regularly check the business processes of both the subsidiaries and the central divisions for correctness, cost-effectiveness, efficiency and security. The results are reported directly to the Executive Board.