Internal control system (ICS) and risk management

The risks associated with the Group’s commercial activities are systematically identified, analysed, monitored and managed through an institutionalized risk management function. These risks are amalgamated into groups according to their nature, namely general external risks, business risks, financial risks, risks arising in connection with corporate governance, and IT risks. The Executive Committee is responsible for the operational side of risk management, whereby specially appointed process owners are assigned responsibility for the management of key individual risks. These individuals take specific measures and monitor their implementation. Every year, the Executive Committee informs the Audit Committee of the risks that have been identified and the measures taken as part of risk management activities.