(5) Internal Audit
The system and control environment, business processes and the internal control system (ICS) are audited on a regular basis by Vonovia’s Group Audit department. In organizational terms, Group Audit reports to the Chief Executive Officer (CEO). The annual audit plan is based on a risk-oriented evaluation of all relevant audit areas of the Group (audit universe) and is approved by the Management Board and the Supervisory Board’s Audit, Risk and Compliance Committee.
The audits conducted throughout the year focus on assessing the effectiveness of the control and risk management systems, identifying process improvements in order to minimize risks and ensuring the sustainability of Vonovia’s business activities. Corresponding special ad hoc audits are also performed in consultation with the Management Board.
The internal reports are presented to the Management Board, the individuals responsible for the area reviewed and, in cases involving significant and serious findings, the risk manager and, where relevant, the compliance officer on a regular basis. The Audit, Risk and Compliance Committee receives a quarterly summary of the audit results and measures. The implementation status of the agreed measures is monitored on an ongoing basis after the relevant due dates and is reported to the Management Board and the Audit, Risk and Compliance Committee on a quarterly basis. A follow-up audit is conducted to ensure that any serious findings have been remedied.