Ad­e­quacy and ef­fec­tive­ness of the in­ter­nal con­trol and risk man­age­ment sys­tem

There is an in­ter­nal con­trol sys­tem that is ap­pro­pri­ate to the size of the com­pany and is con­tin­u­ously being ex­panded and op­ti­mized. In order to fur­ther ex­pand an ef­fec­tive ICS, work is cur­rently un­der­way on the fur­ther de­vel­op­ment of a con­trol ma­trix for Uzin Utz SE. Im­ple­men­ta­tion is at an early stage, as the com­pany's gov­er­nance struc­tures are con­stantly evolv­ing. Through con­tin­u­ous ad­just­ments and im­prove­ments in this con­text, we strive to con­tin­u­ously de­velop the con­trol ma­trix in order to meet the chang­ing re­quire­ments and achieve op­ti­mal re­sults. The key con­trols for the ex­ist­ing main processes are de­fined in this con­trol ma­trix, the con­trol rhythm is de­ter­mined and the per­son or de­part­ment re­spon­si­ble is de­fined.

The task of risk man­age­ment is to use suit­able meth­ods to cre­ate trans­parency about a com­pany's risk sit­u­a­tion. Op­er­a­tional risk man­age­ment in­cludes the process of sys­tem­atic and on­go­ing risk analy­sis of busi­ness processes. Ac­cord­ingly, the in­ten­tion of risk man­age­ment and the in­ter­nal con­trol sys­tem is to en­sure the ef­fec­tive­ness of busi­ness ac­tiv­i­ties and com­pli­ance with the rel­e­vant statu­tory reg­u­la­tions. In order to elim­i­nate iden­ti­fied weak­nesses dur­ing the fi­nan­cial year and to en­sure con­tin­u­ous im­prove­ment of the processes, both the in­ter­nal con­trol sys­tem and the risk man­age­ment sys­tem are mon­i­tored on an on­go­ing basis. The Ex­ec­u­tive Board of Uzin Utz bears over­all re­spon­si­bil­ity and the mon­i­tor­ing func­tion for an ef­fec­tive risk man­age­ment sys­tem. In­ter­nal Audit is re­spon­si­ble for in­de­pen­dently au­dit­ing the ap­pro­pri­ate­ness and ef­fec­tive­ness of the ICS and risk man­age­ment. In order to be able to do this, In­ter­nal Audit has com­pre­hen­sive in­for­ma­tion and in­spec­tion rights and is in­volved in all stages of the ICS process.

At the time of this re­port, there are no in­di­ca­tions in all ma­te­r­ial re­spects of the com­pany that the in­ter­nal con­trol and risk man­age­ment sys­tem is in­ef­fec­tive or in­ad­e­quate.

How­ever, no guar­an­tee can be given that all ac­tual risks and any breaches will be de­tected in ad­vance.

In­ter­nal con­trol and risk man­age­ment sys­tem with re­gard to the ac­count­ing process

The in­ter­nal con­trol sys­tem is a key fac­tor in avoid­ing risks, par­tic­u­larly in ac­count­ing and fi­nan­cial re­port­ing. This in­cludes the fol­low­ing fea­tures, among oth­ers:

• The man­age­ment and cor­po­rate struc­tures within Uzin Utz are clearly de­fined. Cross-​divisional key func­tions are con­trolled cen­trally via Uzin Utz SE, whereby the in­di­vid­ual sub­sidiaries have a high de­gree of in­de­pen­dence at the same time.
• There is a sys­tem of guide­lines which is con­stantly up­dated.
• The fi­nan­cial sys­tems used are pro­tected as far as pos­si­ble against unau­tho­rized ac­cess by ap­pro­pri­ate au­tho­riza­tion con­cepts and ac­cess re­stric­tions.
• The fi­nan­cial sys­tems used are es­sen­tially based on the SAP stan­dard. SAP Busi­ness In­tel­li­gence is used for pre­sen­ta­tion and other eval­u­a­tions.
• The con­sol­i­dated fi­nan­cial state­ments are pre­pared using SAP con­sol­i­da­tion soft­ware to which only a lim­ited num­ber of em­ploy­ees have ac­cess.
• The dual con­trol prin­ci­ple ap­plies through­out the Group for ac­count­ing trans­ac­tions.
• Ac­count­ing data re­ceived or for­warded is con­tin­u­ously checked for com­plete­ness and ac­cu­racy.
• Face-​to-face train­ing and on­line train­ing courses in Ger­many and abroad offer par­tic­i­pants the op­por­tu­nity to learn di­rectly on site or re­motely, ac­tively ex­change ideas and re­ceive fur­ther train­ing.

The con­trol sys­tem and risk man­age­ment sys­tem with re­gard to the ac­count­ing process is de­signed to en­sure that all busi­ness processes and trans­ac­tions are recorded promptly and cor­rectly in the ac­counts and that risks in con­nec­tion with fi­nan­cial re­port­ing are iden­ti­fied, as­sessed, mon­i­tored and man­aged. Changes to laws, ac­count­ing stan­dards and other pro­nounce­ments are con­tin­u­ously an­a­lyzed with re­gard to their rel­e­vance and im­pact on the con­sol­i­dated fi­nan­cial state­ments and the re­sult­ing changes are im­me­di­ately adapted in the Group's in­ter­nal guide­lines and sys­tems. At Uzin Utz SE, the Group Con­trol­ling de­part­ment is re­spon­si­ble for man­ag­ing the Group ac­count­ing process.

The Group com­pa­nies pre­pare their fi­nan­cial state­ments lo­cally and trans­mit them using a uni­formly de­fined Group-​wide data model. The data is main­tained di­rectly in the input plat­form by the in­di­vid­ual na­tional com­pa­nies. The Group com­pa­nies are re­spon­si­ble for com­pli­ance with the Group-​wide ac­count­ing guide­lines and pro­ce­dures as well as the proper and timely ex­e­cu­tion of their accounting-​related processes and sys­tems. The local com­pa­nies are sup­ported by cen­tral con­tacts through­out the en­tire ac­count­ing process. The con­sol­i­dated fi­nan­cial state­ments are pre­pared cen­trally on the basis of the data from the sub­sidiaries in­cluded in the scope of con­sol­i­da­tion. Dur­ing this process, Group Con­trol­ling per­forms on­go­ing man­ual and system-​supported checks to en­sure the plau­si­bil­ity of the trans­mit­ted and con­sol­i­dated data.

In ad­di­tion to safe­guard­ing against ac­count­ing and fi­nan­cial re­port­ing risks, the ICS also in­cludes a gen­eral basic safe­guard against op­er­a­tional risks and com­pli­ance. Its func­tional and pro­ce­dural ori­en­ta­tion is adapted to the com­pany's cur­rent risk sit­u­a­tion in co­or­di­na­tion with risk man­age­ment. In­ter­nal con­trol processes are used to reg­u­larly re­view the busi­ness processes of both the sub­sidiaries and the cen­tral di­vi­sions for com­pli­ance, cost-​effectiveness, ef­fi­ciency and se­cu­rity. The re­sults are re­ported di­rectly to the Ex­ec­u­tive Board.

Based on the re­port­ing of the in­ter­nal con­trol sys­tem, the Ex­ec­u­tive Board was un­able to iden­tify any sig­nif­i­cant sus­pected cases of ir­reg­u­lar­i­ties or mis­con­duct.