Risk management and internal controls over sustainability reporting (GOV-4)

Our Group-wide internal control system (ICS), which partly includes sustainability reporting, is an integral part of our risk management system (RMS). The design of our ICS takes into account the recommended conduct set out by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in its publication “Internal Control – Integrated Framework” in the revised version from 2013. Based on this, our ICS is a continuous process that is based on fundamental Group-wide principles and control mechanisms, such as systemic and manual reconciliations, the separation and clear definition of functions and the monitoring of compliance with and further development of Group-wide guidelines and special work instructions. The regulatory framework for the ICS is supplemented by Group-wide guidelines and company-specific instructions.

This also includes the central specification of control targets based on identified risks and the establishment of controls by all fully consolidated companies of DB Group. The control targets form an overarching framework, compliance with which must be ensured by the individual Group companies of DB Group by means of suitable controls with regard to the company-specific risk situation. With regard to sustainability reporting, this relates, in particular, to environmental indicators and metrics on human rights due diligence in the supply chain. The relevant control targets include requirements for safeguarding the processes for collecting information for the Annual Report, and the processes for ensuring the integrity of relevant associated metrics. The implemented controls are intended to safeguard the Group companies’ collection of these metrics and the processes for company-specific and Group-wide sustainability reporting. The established controls can, therefore, make a significant contribution to safeguarding against environmental risks and fulfilling the requirements of sustainability reporting.

The effectiveness of the internal control system is assessed in an annual self-assessment by all Group companies and monitored centrally.

The auditing activities of the intra-Group auditors, which represent another element of our control mechanisms, are focused on assessing the adequacy and effectiveness of our ICS in selected Group companies, among other things. In addition, the intra-Group auditors perform selected audit procedures, for example in the areas of own workforce, workers in the value chain and business conduct.

In addition to our monitoring mechanisms, the Audit and Compliance Committee and/or the Supervisory Board are concerned with the effectiveness of the ICS.