Evaluation of risk management and control systems

During 2017, the Board of Management has initiated a so-called Corporate Risk Assessment to systematically evaluate the risks inherent to the Group’s strategic business objectives as well as the related risk management and control activities. For this purpose, a comprehensive risk classification system was created that contains pertinent information for each of the risk categories identified. This includes examples of - and contributing factors to - possible risk manifestations as well as current risk management and control activities to help mitigate these risks.

The risk categories identified were evaluated based on the likelihood of their occurrence; their potential impact on strategic objectives as well as the potential for improving their related risk management and control activities. Compared to recent years, this evaluation did not identify significant shifts in the Company’s overall risk profile and its main results have been included in the preceding overview of the main risks we face in pursuing our business objectives.

The structure and functioning of our risk management and internal control systems are discussed annually with the Supervisory Board.

No matter how much care is taken in setting up risk management and internal control systems, they are unable to provide absolute certainty with regard to realizing the company’s objectives, nor can they preclude material mistakes, losses, fraud, or infringements of legislation and regulations.

Statements regarding internal risk management and control systems

With due consideration of the aforementioned inherent limitations and scope for improvement, the Board of Management is of the opinion that:

• the report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems;
• the aforementioned systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies;
• based on the current state of affairs, it is justified that the financial reporting is prepared on a going concern basis; and
• the report states those material risks and uncertainties that are relevant to the expectation of the company’s continuity for the period of twelve months after the preparation of the report.