Adequacy and effectiveness of the internal control and risk management system

There is an internal control system that is appropriate to the size of the company and is continuously being expanded and optimized. In order to further expand an effective ICS, work is currently underway on the further development of a control matrix for Uzin Utz SE. Implementation is at an early stage, as the company's governance structures are constantly evolving. Through continuous adjustments and improvements in this context, we strive to continuously develop the control matrix in order to meet the changing requirements and achieve optimal results. The key controls for the existing main processes are defined in this control matrix, the control rhythm is determined and the person or department responsible is defined.

The task of risk management is to use suitable methods to create transparency about a company's risk situation. Operational risk management includes the process of systematic and ongoing risk analysis of business processes. Accordingly, the intention of risk management and the internal control system is to ensure the effectiveness of business activities and compliance with the relevant statutory regulations. In order to eliminate identified weaknesses during the financial year and to ensure continuous improvement of the processes, both the internal control system and the risk management system are monitored on an ongoing basis. The Executive Board of Uzin Utz bears overall responsibility and the monitoring function for an effective risk management system. Internal Audit is responsible for independently auditing the appropriateness and effectiveness of the ICS and risk management. In order to be able to do this, Internal Audit has comprehensive information and inspection rights and is involved in all stages of the ICS process.

At the time of this report, there are no indications in all material respects of the company that the internal control and risk management system is ineffective or inadequate.

However, no guarantee can be given that all actual risks and any breaches will be detected in advance.

Internal control and risk management system with regard to the accounting process

The internal control system is a key factor in avoiding risks, particularly in accounting and financial reporting. This includes the following features, among others:

• The management and corporate structures within Uzin Utz are clearly defined. Cross-divisional key functions are controlled centrally via Uzin Utz SE, whereby the individual subsidiaries have a high degree of independence at the same time.
• There is a system of guidelines which is constantly updated.
• The financial systems used are protected as far as possible against unauthorized access by appropriate authorization concepts and access restrictions.
• The financial systems used are essentially based on the SAP standard. SAP Business Intelligence is used for presentation and other evaluations.
• The consolidated financial statements are prepared using SAP consolidation software to which only a limited number of employees have access.
• The dual control principle applies throughout the Group for accounting transactions.
• Accounting data received or forwarded is continuously checked for completeness and accuracy.
• Face-to-face training and online training courses in Germany and abroad offer participants the opportunity to learn directly on site or remotely, actively exchange ideas and receive further training.

The control system and risk management system with regard to the accounting process is designed to ensure that all business processes and transactions are recorded promptly and correctly in the accounts and that risks in connection with financial reporting are identified, assessed, monitored and managed. Changes to laws, accounting standards and other pronouncements are continuously analyzed with regard to their relevance and impact on the consolidated financial statements and the resulting changes are immediately adapted in the Group's internal guidelines and systems. At Uzin Utz SE, the Group Controlling department is responsible for managing the Group accounting process.

The Group companies prepare their financial statements locally and transmit them using a uniformly defined Group-wide data model. The data is maintained directly in the input platform by the individual national companies. The Group companies are responsible for compliance with the Group-wide accounting guidelines and procedures as well as the proper and timely execution of their accounting-related processes and systems. The local companies are supported by central contacts throughout the entire accounting process. The consolidated financial statements are prepared centrally on the basis of the data from the subsidiaries included in the scope of consolidation. During this process, Group Controlling performs ongoing manual and system-supported checks to ensure the plausibility of the transmitted and consolidated data.

In addition to safeguarding against accounting and financial reporting risks, the ICS also includes a general basic safeguard against operational risks and compliance. Its functional and procedural orientation is adapted to the company's current risk situation in coordination with risk management. Internal control processes are used to regularly review the business processes of both the subsidiaries and the central divisions for compliance, cost-effectiveness, efficiency and security. The results are reported directly to the Executive Board.

Based on the reporting of the internal control system, the Executive Board was unable to identify any significant suspected cases of irregularities or misconduct.