Control effectiveness and continuity assumption
The Statements of the Managing Board conform with the Dutch Corporate Governance Code best practice 1.4.3 on ‘Board Statements’.
At DSM, we visualize our control environment as a ‘house’ that includes the internal control process areas with control measures related to strategic, operational, compliance and reporting risks. The elements of COSO (the Committee of Sponsoring Organizations of the Treadway Commission) provide a framework for identifying company activities that are carried out to ensure that the control environment is adequately structured. Finally, to make sure that full use is made of learning opportunities, monitoring activities include the sharing of findings and experiences as well as the application of control measures across the supporting pillars.
Our structure for managing risks is based on a three-lines model (see also Risk management). Line management within the units acts as the first line. Group Risk management acts as the second line together with other departments such as DSM Operations & Responsible Care, assessing the effectiveness of risk management and internal control at both unit and corporate level. Corporate Operational Audit (COA) acts as the third line. The scope and frequency of COA audits is determined by ranking the auditable units according to the scale of their risk exposure, using a set of defined characteristics.
COA assesses the operation of risk management framework of the units by performing risk-based audits. These audits review the key processes and activities for the specific units. By means of these audits, COA closes the risk management cycle and provides additional assurance to the Managing Board as to the effectiveness of the design and operation of the risk management and internal control systems.
COA reports its audit results to the Managing Board and Executive Committee twice a year. COA also shares an overview with the Audit Committee of the Supervisory Board and communicates the executive summary of each audit report to Geraldine Matchett in her capacity as CFO and Co-CEO and to Dimitri de Vreeze in his capacity as Co-CEO.
In 2020, COA carried out 58 audits. Due to COVID-19 restrictions, most of the 2020 audits were executed remotely via video calls using Microsoft Teams. Trials were initiated for the use of smart glasses to be able to observe local situations in plants, labs and offices. In general, audit findings are considered opportunities for improvement as part of a healthy learning culture. In virtually all of the audited areas (e.g., Operations, IT, Finance, Safety, Health & Environment (SHE), Quality, Commercial) the expected DSM standard was achieved. In the rare event of insufficient follow-up on a finding, the Director of COA escalated that finding to the Co-CEOs.