Review & Revision
Internal Control review
The testing of the effectiveness of the key controls as included in our Internal Control Framework (ICF) is performed by the Internal Control department within GRM. This is one of the pillars of our House of Control supporting the Statements of the Managing Board.
COA audits
COA, as the third line, conducts independent operational audits based on the mandatory guidance of ‘The Institute of Internal Auditors’ to provide additional assurance to the Managing Board that significant risks are being managed and controlled effectively, efficiently and sustainably. Some of these audits are unannounced. The scope and frequency of COA audits is set according to the ranking of the auditable units in terms of the magnitude of risk, based on a number of defined characteristics. This program is agreed by the Executive Committee and the Audit Committee of the Supervisory Board.
Enhancement of the risk management system
During 2022, the following main improvements were made to our risk management framework:
- Group Risk Management was extended with the expertise areas Information Security Risk Management and Sustainability Risk Management
- Several sections of our Corporate Requirements were updated:
- An overarching privacy policy was added to the existing requirements regarding privacy and personal data processing
- New security requirements for ‘clear desk’ were added for remote working, working in open offices, and working on multi-user sites
- Risk management requirements were issued to strengthen the Internal Control Framework, among other considerations
- Legal requirements on trade controls were adjusted
- Procurement requirements were adjusted to reflect the repositioning of the DSM Procurement organization
- The Research, Technology & Development and Innovation Requirements were replaced by Science & Innovation Requirements to reflect the repositioning of the Corporate Science Office organization
- The roles, responsibilities and processes to manage Segregation of Duties (SoD) conflicts were strengthened, supported by new tooling
- The automation level of internal controls was increased, improving the efficiency and effectiveness of the execution and testing of controls