Control effectiveness and continuity assumption
The Statements of the Managing Board conform with the Dutch Corporate Governance Code best practice 1.4.3 on ‘Board Statements’.
At DSM, we visualize our control environment as a ‘house’ that includes the internal control process areas with control measures related to strategic, operational, financial, compliance and reputational risks. The elements of COSO (the Committee of Sponsoring Organizations of the Treadway Commission) provide a framework for structuring company activities that are carried out to ensure that the control environment is adequately structured. Finally, to make sure that full use is made of learning opportunities, monitoring activities include the sharing of findings and experiences as well as the application of control measures across the supporting pillars.
Our structure for managing risks is based on a three-lines model (see also Risk management). Line management within the units acts as the first line. Group Risk Management acts as the second line together with other departments such as DSM SHE & Security, assessing the effectiveness of risk management and internal control at both unit and corporate level. Corporate Operational Audit (COA) acts as the third line. The scope and frequency of COA audits is determined by ranking the auditable units according to the scale of their risk exposure, using a set of defined characteristics.
COA assesses the operation of risk management framework of the units by performing risk-based audits. These audits review the key processes and activities for the specific units. By means of these audits, COA closes the risk management cycle and provides additional assurance to the Managing Board as to the effectiveness of the design and operation of the risk management and internal control systems.
COA reports its audit results to the Managing Board and Executive Committee twice a year. COA also shares an overview with the Audit Committee of the Supervisory Board and communicates the executive summary of each audit report to Geraldine Matchett in her capacity as CFO and Co-CEO and to Dimitri de Vreeze in his capacity as Co-CEO.
In 2022, COA carried out 50 audits. Thanks to the improved COVID-19 situation, COA was able to conduct almost half of the audits on site in 2022, which increased the assurance level. In general, audit findings are considered opportunities for improvement as part of a healthy learning culture. In virtually all of the audited areas (e.g., Operations, IT, Finance, Cybersecurity, Safety, Health & Environment (SHE), Quality and Commercial), the expected DSM standard was achieved. In the rare event of insufficient follow-up on a finding, the Director of COA escalated that finding to the Co-CEOs.