Internal control systems
Corbion applies the three-lines-of-defense model for internal controls. The first line (line management) is responsible for the operational effectiveness of the internal control framework. The second line coordinates, advises, and monitors line management regarding their responsibilities for internal control. The third line is represented by the Internal Audit department, which independently reviews the control framework.
Our internal control framework is not limited to the elements outlined below, as these are a summary of the controls implemented at local and corporate levels. We apply several control elements, of which the effectiveness is self-assessed or monitored by the second and third lines of defense.
Business control framework
Business controls cover a broad range of policies, procedures, systems, and other measures. They provide reasonable assurance on the effectiveness and efficiency of our operational processes and ensure the output is as expected to support the realization of the company strategy and objectives. On an entity level, important elements of the framework are the business planning process and management review.
In addition, the business controls ensure the reliability of non-financial information. Providing non-financial information to our stakeholders is becoming increasingly important, most notably on sustainability. The control framework for non-financial information is still less mature than the financial reporting framework. Limited assurance is given by KPMG on the non-financial information. Corbion is closely monitoring developments in sustainability reporting standards and, in conjunction with these developments, is improving the control framework for sustainability reporting.
Business planning, budgeting, and management review
Based on Corbion’s strategy and plans, targets are set for the annual budget. After determining these budgets, the targets are rolled out to the responsibility areas (business units, operations, etc.) within Corbion.
Quarterly updated estimates are made based on a forecast until the end of the year. Forecasts are specifically discussed between responsibility area leaders and the Executive Committee during quarterly business review meetings. The Executive Committee monitors business performance on a monthly and quarterly basis using a defined set of key performance indicators and reviews of actual results versus budgets, quarterly estimates, and the previous year.
Local entities are visited frequently. Operational management meets at least once a month to discuss business activities and related risks, the actual performance versus budget, and other significant matters in their respective areas.
Legal and regulatory review
Local management is responsible for compliance with laws and regulations. The Legal and Compliance department is consulted by local management on an ongoing basis. Every six months, local management reports the main open legal issues with a potential gross exposure of each exceeding € 100,000 to Corporate Legal and Corporate Finance.
Internal control framework for financial reporting
General
Corbion is committed to maintaining high-quality, reliable financial reporting and a good control environment. All reporting entities assess the operating effectiveness of their financial closing and reporting processes, at mid-year and end-of-year, confirming compliance with the relevant guidelines and IFRS.
During 2023, our main legal entities performed quarterly self-assessments of the design and implementation of their key financial process controls. Special attention was paid to entities that migrated to the new ERP system. For these entities, the control set was redesigned, including a detailed review of proper segregation of duties in the system and a shift from manual controls to automated controls where possible. Self-assessment also includes tax governance and treasury internal controls. Improvement recommendations based on audit and self-assessment findings are followed up by local management, the status of which is monitored regularly by the Executive Committee.
Together with the Letters of Representation, this provides reasonable assurance on the integrity of our financial reporting.
Letters of Representation
Every six months, managing directors and finance directors of each reporting entity or, where applicable, other senior staff, provide a Letter of Representation to the Board of Management. This letter represents compliance with financial reporting and internal controls.
Tax principles
Corbion considers paying taxes an important part of our corporate social responsibility. Based on this and derived from our Corbion Code of Business Conduct as part of our corporate governance structure, we have adopted the following tax principles. These principles deal with all different types of taxes that we are obliged to report and pay in the jurisdictions in which we operate, including taxes on profits, value added taxes, wage taxes, duties, and various other taxes.
Tax strategy
Corbion’s tax strategy follows from and is aligned with the Corbion business strategy and objectives and the Corbion values. The tax strategy is an integral part of the Corbion Tax Policy, which is updated annually and reviewed and approved by the Board of Management. Furthermore, implementation and execution of the tax strategy is monitored by the Audit Committee of the Supervisory Board and discussed during regular meetings with the Audit Committee.
Business rationale and arm’s length principle
We aim to pay the appropriate amount of tax depending on where value is created in each of the jurisdictions we operate in, following the normal course of commercial activity and in accordance with domestic and international rules and standards. All our intercompany transfer pricing and policies are based on the “arm’s length principle.” Corbion abstains from setting up structures in countries on the EU list of non-cooperative tax jurisdictions or in countries that have been designated as uncooperative tax havens by the OECD Committee on Fiscal Affairs.
Relationship with tax authorities
We seek to develop mutually respectful relationships with the various national tax authorities based on trust and transparency. To accomplish this, we aim for an open and constructive dialogue with the various tax authorities on the basis of disclosure of all relevant facts and circumstances. Within this context, Corbion may apply for advance tax rulings or advance pricing agreements on the tax treatment of specific transactions in order to obtain advance certainty on the relevant tax consequences. In the Netherlands, we concluded a so-called tax covenant (“horizontal monitoring”) with the Dutch tax authorities. Such covenant entails that the tax authorities can rely on Corbion to provide upfront disclosure of all relevant information, while it allows Corbion to get upfront confirmation of applicable tax treatment.
Tax governance
Within the governance framework, the conduct of the group’s tax affairs and the management of tax risks are delegated to the group’s tax department with support and assistance from the group and local finance departments. The group’s tax affairs are carried out in line with the Corbion values, the Corbion Code of Business Conduct, and the Corbion Tax Policy. This also applies to potential ethical issues related to tax, which are covered by the Code of Business Conduct and the related annual training programs and can be addressed under the Corbion Speak Up Policy. The Audit Committee supervises the activities of the Board of Management with respect to the tax governance framework.
Compliance
We aim to act at all times in accordance with the letter and the spirit of all applicable tax laws, in which we are guided by the relevant local and international standards. Compliance is monitored within a global tax control framework. Corbion complies with its statutory obligations and aims to file all required tax-relevant information with the appropriate tax authorities in a timely, transparent, and complete manner. Tax-related disclosures are made in accordance with the relevant domestic regulations, as well as applicable reporting requirements under IFRS.
Insurance
Insurance is an integral part of our risk management approach, as it is an instrument to manage the financial consequences of risks. The choice to obtain external insurance cover depends on the cost efficiency of the instrument. The coverage of insurances is monitored and benchmarked regularly.
IT general control framework
An information technology general control (ITGC) framework is in place to ensure the proper management of IT governance in general, projects and programs, computer operations, and access management.
From an IT security perspective, the Information Security Board (composed of representatives from the Executive Committee and senior management) sets the IT security roadmap. Risk-reducing initiatives in the past years included, among others, a company-wide security awareness program, phishing tests, multi-factor authentication, penetration tests, yearly disaster recovery plan testing for selected systems, and implementation of a security policy and a Security Operating Center. In addition, Corbion continued to strengthen our network segmentation, identify and remove vulnerabilities, and minimize external exposure. In case of data security incidents, the Data Breach Security Committee is notified to ensure proper action and communication with authorities.
Non-financial information
In 2023, Corbion started the development of an internal control framework for the upcoming Corporate Sustainability Reporting Directive (CSRD) reporting requirements. This framework will give additional assurance on the integrity of the reporting, in addition to the external review described below.
Audit
Internal Audit
Internal Audit supports Corbion in accomplishing our objectives by providing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of our internal control and governance processes. Internal Audit operates according to the professional standards of the Institute of Internal Auditors. Compliance to the standards is assessed externally every five years. In 2023, Corbion Internal Audit successfully completed the external assessment. The Internal Audit Charter is approved by the Executive Committee and the Audit Committee. Internal Audit evaluates risks and assesses that the controls in place are adequate to mitigate the risks. Internal Audit supports continuous improvements by identifying best practices and recommending improvement opportunities to management. The audit plan is prepared, discussed, and agreed with relevant stakeholders including the Executive Committee and the Audit Committee. The audit plan is approved annually by the Board of Management and Supervisory Board. The plan has a rolling character so changes in priorities may be applied. Changes are discussed with the Audit Committee. A summary of all audit reports and the follow-up of open internal audit items are reported to and discussed with the Executive Committee and Audit Committee on a regular basis.
External audit and assurance
Our external financial audit engagement assesses whether our Financial Statements give a true and fair view of our financial position as at year-end and of our result and cash flows for the year then ended. In 2023, the external auditor reviewed the sustainability indicators marked with “√.” Contrary to the audit of our Financial Statements, this sustainability review is only aimed at obtaining a limited level of assurance.