The corporate risk manager is responsible for maintaining and continuously improving this framework. The business units and the holding company go through a systematic process of identifying and evaluating risks and controls and, where necessary, improving the way in which risks are managed.
In the above described reports and consultative structures, business units and staff functions report on their activities, including on the effectiveness of their risk management activities. Each year, business unit management signs a letter of representation that contains financial reporting statements and also statements regarding risk management, corporate social responsibility, integrity and compliance with the code of conduct, the accounting manual, statutory provisions and compliance with other rules and regulations.
The outcomes of the internal risk and control evaluation process and the letter of representation process are discussed in the Management Board and reported to the Audit Committee. The aforementioned processes make the risks and the areas requiring improvement in the internal control systems transparent. It is always possible, however, for circumstances to arise in which unidentified risks become apparent or in which the impact of identified risks is greater than originally estimated.