Internal control framework

Senior management is accountable for the effectiveness of the internal control environment within their area of responsibility. They are required to perform self-assessments on the design and operating effectiveness of our internal control environment. This is regularly measured and monitored by the RMIC, and the results are discussed in the Internal Control Committee (ICC) meetings.

The ICC is composed of the CFO, the director Audit & Security, the director Group Finance, and the director Accounting & Reporting. The external auditor also attends the ICC meetings. The ICC met five times in 2024. Risk management and internal control reports are discussed with the Board of Management and the Audit Committee of the Supervisory Board. As part of this process, management is required to follow up on risks deemed to be inadequately mitigated by internal controls. In some cases, this may require additional actions, including performing and evaluating compensating controls and activities, to reduce the risks of a misstatement in the reporting.

During the year, we continued to invest in improving the design and effectiveness of our internal controls related to reporting, aiming for a good balance between preventive and detective controls.

In 2024, our primary focus was on the implementation of the CSRD. The RMIC function played a pivotal role in supporting the business by documenting the design and existence of operational processes tied to the data points required for disclosure on material topics, as identified through the DMA.

We also took active steps to establish and revise internal controls, ensuring the robustness and reliability of these processes. Looking ahead to 2025, our efforts will be directed towards further optimising the existing controls related to the identified material topics and other mandatory disclosures under the European Sustainability Reporting Standards (ESRS).

The implementation of SAP4Hana, our new ERP system, has impacted several IT automated controls within our internal control framework. This transition required the revision and replacement of many IT automated controls previously associated with SAPbyDesign. While significant progress has been made, efforts are ongoing to ensure that the updated control framework fully aligns with the functionalities and requirements of SAP4Hana.

Looking ahead, we will continue to work closely with the business to evaluate the need for additional controls and assess the implications of these changes on the design and effectiveness of the newly established automated controls. This ongoing collaboration ensures that our control environment remains robust and aligned with evolving business needs.