In the context of constantly evolving external and internal requirements for the management of non-financial risks, work continued on the development of a procedural and organizational concept in fiscal 2025. The non-financial internal control system is aligned with the sustainability strategy and oriented toward the requirements of the Corporate Sustainability Reporting Directive (CSRD). The objective is to continuously improve compliance with CSRD requirements by implementing organization-wide actions and controls. Our internal control system is based on the COSO framework (Committee of Sponsoring Organizations of the Treadway Commission), a globally recognized standard that is divided into five components: control environment, risk assessment, control activities, information and communication, and monitoring. Compared with the previous year, we have further formalized the internal controls for the sustainability reporting and further advanced their integration into the overall internal control system.
Our risk assessment follows predefined approaches for quantitative and qualitative assessments. Based on the impact and probability, a subsequent prioritization is possible. Remedial actions for all relevant identified risks are key for their appropriate management and thus contribute to reducing their impact or likelihood. Moreover, to reduce relevant risks, the following actions can also be implemented: setting up provisions to reduce gross impacts or adjusting insurance coverage.
Based on the remaining risk, the risk owners and, if applicable, the Executive Board decide whether the implemented actions are sufficient or whether the remaining risk requires further remedial actions. Furthermore, each remedial action is validated twice per year to confirm its effectiveness and to determine whether additional actions are required. Group Risk Management monitors the aggregated remedial actions and is regularly informed whenever deviations in the implemented remedial actions are determined.
Responsibility for the effectiveness of the internal control system and the further development of the non-financial metrics lies with the responsible managers or the risk and process owners. In fiscal 2025, we once again took non-financial aspects into consideration when confirming the overall effectiveness of the internal control system, with the responsible Group functions, the respective local Managing Director and/or the respective local Chief Financial Officer signing relevant confirmations.