Special control and transparency requirements in the U.S.
As Fresenius Medical Care is listed on the New York Stock Exchange, it is required to adhere to the specifications of the U.S. Sarbanes-Oxley Act. Section 404 of this federal law stipulates that the management boards of companies listed in the U.S. must take responsibility for implementing and adhering to an appropriate internal control system to guarantee reliable financial reporting. Based on this requirement, the legality and efficiency of our business transactions as well as the effectiveness of our internal control system for financial reporting are reviewed in regular internal and external audits.
To assess the effectiveness of our internal control system for financial reporting, we apply the criteria of the COSO model see chart 2.8.2. The model is based on the “Internal Control – Integrated Framework” standard of the Committee of Sponsoring Organizations of the Treadway Commission. This standard is recognized by the Securities and Exchange Commission (SEC). In accordance with the COSO model, the internal control system for financial reporting is divided into five levels and evaluated accordingly. In addition to the control environment, the areas of risk assessment, control activities, information and communication paths as well as the monitoring of the internal control system are documented, tested and assessed. All internal controls at Fresenius Medical Care are based on entity level controls.
Our review of the internal control system for financial reporting complies with the guidelines published by the SEC for the evaluation of the internal control system for financial reporting by management. The definitions and requirements of this guideline are implemented in a special software, which we use to comply with the Sarbanes-Oxley Act 404. This software supports a risk-based approach, enhances the efficiency of the management of internal controls, improves the quality of the data, and supports management in monitoring and assessing the internal control system.
Regional project teams coordinate the evaluation of the internal control system. The Management Board assesses its effectiveness for the current fiscal year. External advisers are consulted as needed. A steering committee meets on a regular basis to discuss changes and new requirements of the Sarbanes-Oxley Act, as well as to discuss possible control deficiencies and to derive further measures. In addition, the Audit and Corporate Governance Committee of the Supervisory Board regularly reviews the results of management’s assessment in its meetings.
The Management Board assessed the effectiveness of Fresenius Medical Care’s internal control system for the Group’s financial reporting as at December 31, 2010. Based on this evaluation, the Management Board determined that Fresenius Medical Care’s internal control system for financial reporting was effective as of December 31, 2010.
The internal control system for financial reporting is subject to inherent limitations, no matter how well it is designed. As a result, there is no absolute assurance that financial reporting objectives can be met, or that misstatements will be prevented or detected. Even if the internal control system for financial reporting is deemed effective, only reasonable assurance can be given with respect to the preparation and presentation of the financial statements. Similarly, any projections that aim to evaluate the effectiveness in future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that policies or procedures could be complied with to a lesser extent.