Monitor and test of control activities is performed periodically to ensure that risks are properly mitigated.
The effectiveness of control activities is monitored continuously at four levels: Group, business area, reporting unit, and process. Monitoring involves both formal and informal procedures applied by management, process owners and control operators, including reviews of results in comparison with budgets and plans, analytical procedures, and key-performance indicators.
Within the ECS, management is responsible for testing key controls. Management testers who are independent of the control operator perform these activities. The Group’s Internal Audit function maintains test plans and performs independent testing of selected controls. Controls that have failed must be remediated, which means establishing and implementing actions to correct weaknesses.
The test results from the larger reporting units are presented to the external auditors who assess the results of the testing performed by management and the Internal Audit function and determine to what extent they can rely upon the work within the ECS for Group audit and statutory audit purposes.
The Audit Committee reviews reports regarding internal control and processes for financial reporting. The Group’s Internal Audit function proactively proposes improvements to the control environment. The head of the Internal Audit function has dual reporting lines: To the President and the Audit Committee for assurance activities, and to the CFO for other activities.