Opportunity and Risks Report

Group-wide Opportunity and Risk Management System

As a global enterprise with a diversified portfolio, the Bayer Group is constantly exposed to a wide range of internal or external developments and events that could significantly impact the achievement of our financial and nonfinancial objectives. Rooted in our strategy and planning processes, opportunity and risk management is an integral part of corporate management at Bayer. We regard opportunities as positive deviations, and risks as negative deviations, from projected or target values for potential future developments. Opportunity and risk management at Covestro has a similar structure to that of Bayer.

Structure of opportunity and risk management

The opportunities and risks the Bayer Group encounters vary in terms of their nature, the organizational level concerned and the time horizon. Different processes, methods and IT systems are therefore employed to identify, evaluate, manage and monitor risks and report on them. The principles underlying the various systems are documented in Group policies. While there are still named owners and coordinators at the management level, overall responsibility for the effectiveness and appropriateness of the systems lies with the Chief Financial Officer.

Corporate governance comprises the long-term management and oversight of the company in accordance with the principles of responsibility and transparency. The German Corporate Governance Code sets out basic principles for the management and oversight of publicly listed companies.

Corporate Governance (chart)

From identification to monitoring

Bayer continuously identifies opportunities and risks by observing macroeconomic, industry-specific, regional and local developments and analyzing trends. The opportunities and risks identified are then evaluated. We attempt to avoid or mitigate risks by taking appropriate countermeasures, or to transfer them to third parties (such as insurers) to the extent possible and economically acceptable. We consciously accept and bear manageable and controllable risks that stand in a reasonable relation to the anticipated opportunities – as an aspect of general entrepreneurial risk.

We have established and documented specific processes to manage financial opportunities and risks. One component is financial planning, which serves as the basis for determining the liquidity risk and the future foreign currency and interest-rate risks and includes all Group companies that are relevant from a cash flow perspective. Financial planning covers a twelve-month planning horizon and is regularly updated.

Opportunity management

We identify opportunities as part of the annual strategic planning cycle, during which the segments analyze internal and external factors that may positively affect the development of our business. These may be factors of a social, economic or environmental nature. The core phase of our strategic planning process normally takes place in the first half of the year and starts with a comprehensive analysis of the markets. The segments build on this by analyzing their respective market environments to identify their opportunities. They base these analyses on different time periods to take into account the fact that trends may affect developments over the short, medium or long term.

Risk management

To enable the Board of Management and the Supervisory Board to monitor material business risks as required by law, the Bayer Group has implemented an internal control system, a compliance management system and a risk early warning system. Covestro’s risk management also comprises these three components. ICS-related matters are regularly reported to the Chief Financial Officer of Covestro AG, who also chairs Covestro’s Compliance Committee and Corporate Risk Committee. The three systems in place at Bayer are described below.

Internal control system for (Group) accounting and financial reporting

(Report pursuant to Sections 289, Paragraph 5 and 315, Paragraph 2, No. 5 of the German Commercial Code)

As part of the comprehensive risk management system, Bayer has an internal control system (ICS) in place for the (Group) accounting and financial reporting process. This process comprises defined structures and workflows implemented throughout the organization. The purpose of our ICS is to ensure proper and effective accounting and financial reporting in accordance with Section 289, Paragraph 5 and Section 315, Paragraph 2, No. 5 of the German Commercial Code. The ICS is designed to guarantee timely, uniform and accurate accounting for all business processes and transactions based on applicable statutory regulations, accounting and financial reporting standards and the internal Group policies that are binding upon all consolidated companies. Risks are identified and evaluated, and steps are taken to counter them. Mandatory ICS standards such as system-based and manual Reconciliation The reconciliation records, on the one hand, those business activities not assigned to any other segment (“All Other Segments”), including particularly the services provided by Business Services, Technology Services and Currenta. It also includes “Corporate Functions and Consolidation,” which largely comprises Bayer holding companies and the Bayer Lifescience Center. processes and functional separation have been derived from these frameworks and promulgated throughout the Group by the Risk Management function on behalf of the Chief Financial Officer of Bayer AG. The management of each Group company holds responsibility for implementing the ICS standards at the local level. Using Bayer’s shared service centers, the Group companies prepare their financial statements locally and transmit them with the aid of a standard Group data model that is based on the Group accounting policy. This ensures the regulatory compliance of the consolidated financial statements. The Board of Management has confirmed the effective functioning of the internal control system for accounting and financial reporting and the relevant criteria for the 2016 fiscal year. However, it should be noted that an internal control system, irrespective of its design, cannot provide absolute assurance that material misstatements in the financial reporting will be avoided or identified.

Compliance management system

Our compliance management system is aimed at ensuring lawful, responsible and sustainable conduct by our employees. It is designed to identify potential violations in advance and systematically prevent their occurrence. The compliance management system thus contributes significantly to the integration of compliance into our operating units and their processes. Bayer has implemented an integrated compliance management system for material risk areas worldwide to strengthen the systematic and preventive identification and evaluation of risks. Risks are identified both from the bottom up via the country organizations and from the top down via the global functions, taking global, local and business-specific aspects into account. Additionally, compliance risks are identified by performing a trend analysis based on compliance cases reported from around the world. The findings are discussed by the local business units, the local compliance functions and representatives of the central functions at a round table and are entered into a Group-wide compliance risk management database.

Risk early warning system

We have established a process known as BayRisk as an early warning system pursuant to Section 91, Paragraph 2 of the German Stock Corporation Act to identify at an early stage any developments that are material and/or could endanger the company’s continued existence. The process owner is the risk management department, which reports directly to the Chief Financial Officer. This establishes a consistent framework and uniform standards for the risk early warning system throughout the Group. The segments, service companies and central functions are included in this system so that corporate risks are captured as fully as possible. The early identification, evaluation, management and reporting of risks is the responsibility of named risk officers.

The BayRisk database maps the Group’s risks – together with the respective countermeasures – that exceed defined, annually updated financial value thresholds as well as risks that are materially relevant for the company but from a financial point of view may not be directly or reliably quantifiable, if at all. The risk portfolio is reviewed three times a year. Significant changes are documented and reported to the Chief Financial Officer. A report on the risk portfolio is submitted to the Supervisory Board once a year.

Process-independent monitoring

The effectiveness of our management systems is audited and evaluated at regular intervals by Internal Audit, which has an independent and objective audit function focused on the compliance with laws and internal policies. Risks in the areas of occupational health and safety, plant safety, environmental protection and product quality are assessed by dedicated HSEQ stands for health, safety, environment, quality. audits.

During the audit of the annual financial statements, the external auditor assesses the fundamental suitability of the early warning system to identify at an early stage any risks that could endanger the company’s continued existence. A report on the internal control and monitoring systems and their effectiveness is presented annually to the Supervisory Board. Any weaknesses identified in the internal control system must be reported to the Board of Management and the Supervisory Board. The audit outcomes are used in the continuous improvement of our management and business processes.