Boskalis Annual Report 2020

report of the board of management ANNUAL REPORT 2020 – BOSKALIS INTERNAL AUDIT FUNCTION In addition to the internal audits performed under the auspices of the SHE-Q department, Boskalis has an internal audit function that mainly focusses on the company’s management and financial reporting processes. It is guided by the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics as published by The Institute of Internal Auditors. The internal audit manager is accountable to the Board of Management, represented by the Chief Executive Officer for day to day operations and to the Audit Committee as part of its oversight role. Appointment and dismissal of the internal audit manager will be submitted to the Supervisory Board for approval, along with a recommendation by the Audit Committee. On an annual basis the internal audit manager submits to the Board of Management and the Audit Committee a report on the activities performed in the year past, including the main findings, as well as a risk based internal audit plan for the next year for their review and approval. Based on the internal audit plan, the internal audit manager agrees with the Board of Management the specific audit subjects, the 68 Boskalis holds several investments in joint ventures and associated companies and these holdings are intensively monitored. Shareholder and/or board meetings are held regularly, with Boskalis being represented in line with the size of its interest. Clear shareholder agreements have been concluded with the co-shareholders in such joint ventures regarding topics such as board and management representation, filling of management positions, strategy and policy, budget, financial reporting, the appointment of auditors, investments and financing. The policy is that such joint ventures are in principle financed without guarantees from the shareholders. The Board of Management discusses the quarterly reports with the relevant business unit managers in formal quarterly meetings. These meetings are minuted. The consolidated group reports are discussed with the Supervisory Board on a quarterly basis. The most important aspects of our financial reporting systems are set out in manuals, guidelines and procedures, all of which are available electronically. Staff are trained in how to apply accounting standards, guidelines and procedures. Internal audits to monitor and improve quality and discipline are conducted based on an annual audit plan and ad hoc examinations. Moreover, the quality of the financial control systems is evaluated regularly in the context of the activities of the external auditor. Findings concerning the quality of the financial control systems identified during the audit of the financial statements are reported by the external auditor in the Management Letter. We apply a Financial Control Framework (FCF) that stipulates and documents the control requirements to help mitigate financial (reporting) risks. The updated COSO internal control framework serves as the main standard of reference for our FCF. The set-up of the electronic communication platform containing the FCF- documentation matches that of our WoW-system with the aim of optimizing its user-friendliness for our staff.

detailed scope of work and the allocation of resources. The internal audit function’s performance relative to its plan are regularly communicated and discussed between the Internal Audit Manager and the Board of Management, represented by the Chief Financial Officer. The internal audit function also periodically interacts with the company’s external financial auditor to share information on audit planning and progress as well as key findings and observations. The internal audit function’s final reports are made available to the external auditor and management letters of the external auditor will be shared with the internal audit manager. As in previous years, the Board of Management has initiated a so-called Corporate Risk Assessment to systematically evaluate the risks inherent to the Group’s strategic business objectives as well as the related risk management and control activities. For this purpose, a comprehensive risk classification system is used that contains pertinent information for each of the risk categories identified. This includes examples of – and contributing factors to – possible risk manifestations as well as current risk management and control activities to help mitigate these risks. The risk categories identified were evaluated for their significance, defined as the degree to which risks within the respective risk category could adversely impact our ability to achieve our strategic objectives, as well as for the potential for improving their related risk management and control activities. Notwithstanding the immediate effects of the COVID-19 pandemic, this evaluation did not identify significant structural shifts in the Company’s overall risk profile and its main results have been included in the preceding overview of the main risks we face in pursuing our strategic business objectives. EVALUATION OF INTERNAL RISK MANAGEMENT AND CONTROL SYSTEMS No matter how much care is taken in setting up internal risk management and control systems, they are unable to provide absolute certainty with regard to realizing the company’s objectives, nor can they preclude material mistakes, losses, fraud, or infringements of legislation and regulations. STATEMENTS REGARDING INTERNAL RISK MANAGEMENT AND CONTROL SYSTEMS With due consideration of the aforementioned inherent limitations and scope for improvement, the Board of Management is of the opinion that: ‚ the report provides sufficient insights into any failings in the effectiveness of the internal risk management and control systems; ‚ the aforementioned systems provide reasonable assurance that the financial reporting does not contain any material inaccuracies; ‚ based on the current state of affairs, it is justified that the financial reporting is prepared on a going concern basis; ‚ the report states those material risks and uncertainties that are relevant to the expectation of the company’s continuity for the period of twelve months after the preparation of the report. The structure and functioning of our internal risk management and control systems are discussed annually with the Supervisory Board.