(Report and explanation provided pursuant to Section 315 Subsection 2 Number 5 and Section 289 Subsection 5 of the German Commercial Code (HGB))
The risk management system with regard to material risks and risks threatening the existence of the Group is integrated into the value-based management and planning system of Daimler AG and the Group. It is an integral part of the overall planning, management and reporting process in all relevant legal entities, divisions and corporate functions. It aims to systematically identify, assess, monitor and document material risks and risks threatening Daimler’s existence. Risk assessment principally takes place for a two-year planning period, although in the discussions for the derivation of medium-term and strategic goals, Daimler also identifies and monitors longer-term risks. In the context of the two-year operational planning – with the use of defined risk categories – risks are identified for the divisions and operating units, the major joint ventures and associated companies and the corporate departments, and they are assessed regarding their probability of occurrence and possible extent of damage.
Assessment of the possible extent of damage usually takes place with regard to the risks’ impact on EBIT. In addition, risks for example for the Group’s reputation are assessed according to qualitative criteria. The reporting of relevant risks is based on fixed value limits. The responsible persons also have the task of developing, and initiating as required, measures to avoid, reduce and hedge risks. Material risks and the countermeasures taken are monitored within the framework of a regular process. As well as the regular reporting, there is also an internal reporting obligation within the Group for risks arising unexpectedly. The Group’s central risk management department regularly reports on the identified risks to the Board of Management and the Supervisory Board.
The internal control and risk management system with regard to the accounting process has the goal of ensuring the correctness and effectiveness of accounting and financial reporting. It is continually further developed and is an integral part of the accounting and financial reporting process in all relevant legal entities and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, we regularly check that
- the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly trained and adhered to;
- transactions within the Group are fully accounted for and properly eliminated;
- issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
- processes exist to guarantee the completeness of financial reporting;
- processes exist for the segregation of duties and for the “four-eyes principle” in the context of preparing financial statements, and authorization and access rules exist for relevant IT accounting systems.
We systematically assess the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The first step consists of risk analysis and definition of control. Significant risks are identified relating to the process of corporate accounting and financial reporting in the main legal entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Regular random tests are carried out to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate extent and effectiveness of the controls. The results of this self-assessment are documented and reported in a global IT system. Any weaknesses recognized are eliminated with consideration of their potential effects. At the end of the annual cycle, the selected legal entities and corporate functions confirm the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about the main control weaknesses and about the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material false statements are avoided in accounting.
In order to ensure the complete presentation and assessment not only of material risks and risks threatening the existence of the Group, but also of the control and risk process with regard to the corporate accounting process, Daimler has established the Group Risk Management Committee (GRMC). It is composed of representatives of the areas of Finance & Controlling, Accounting and Integrity & Legal Affairs, and is chaired by the Board of Management Member for Finance (CFO). The Internal Auditing department contributes material statements on the internal control and risk management system. In addition to fundamental issues, the committee has the following tasks:
- The GRMC creates and shapes the framework conditions with regard to the organization, methods, processes and systems we need to ensure a functioning, Group-wide and thorough control and risk management system.
- The GRMC regularly reviews the effectiveness and functionality of the installed control and risk management processes. Minimum requirements can be laid down in terms of the design of the control processes and of risk management and corrective measures can be commissioned as necessary or appropriate to eliminate any system failings or weaknesses exposed. But responsibility for operational risk management for risks threatening the existence of the Group and for the control and risk management processes with regard to the corporate accounting process remains directly with the corporate areas, companies and central functions. The measures taken by GRMC ensure that relevant risks and any existing process weaknesses in the corporate accounting process are identified and eliminated as early as possible.
In the Board of Management and the Audit Committee of the Supervisory Board of Daimler AG, regular reports are given regarding the current risk situation and the effectiveness, functions and appropriateness of the internal control and risk management system. Furthermore, the responsible managers regularly discuss the risks of business operations with the Board of Management.
The Audit Committee of the Supervisory Board is responsible for monitoring the internal control and risk management system. The Internal Auditing department monitors whether the statutory conditions and the Group’s internal guidelines are adhered to in the Group’s entire monitoring and risk management system, and if required develops appropriate measures which are initiated by the management. The external auditors audit the system for the early identification of risks that is integrated in the risk management system for its fundamental suitability to identify risks threatening the existence of the Group; in addition, they report to the Supervisory Board on any significant weaknesses that have been discovered in the internal control and risk management system.