Legal Background
The German Accounting Law Modernisation Act (BilMoG), which entered into force on 29 May 2009, amended various provisions of German law including Sections 289 and 315 of the German Commercial Code (HGB) and Sections 120 and 175 of the German Stock Corporations Act (AktG). BilMoG required the Management Board to present at the general meeting a written report containing, among other things, newly introduced compulsory disclosures in the company management report under Section 289 (5), HGB or Group management report under Section 315 (2) 5, HGB on the internal control and risk management system in relation to the company or Group financial reporting process.

In a subsequent Shareholder Rights Directive Implementation Act (ARUG), the German legislature brought together the requirements to submit explanatory disclosures in one place in the first sentence of Section 176 (1), AktG while removing the requirements previously contained in the second sentence of Section 120 (3) and the first sentence of Section 175 (2), AktG. The reference to Section 289 (5), HGB added by BilMoG and relating to the management report disclosures on the internal control and risk management system in relation to the financial reporting process was not included in these changes, however. It is not yet certain whether this was a mere editorial omission, in which case an explanatory report on the disclosures under Section 289 (5), HGB (and also under Section 315 (2) 5, HGB) is still required following the enactment of ARUG. If such a reporting duty does exist, it is also not yet clear whether a report must be presented to the first ordinary general meeting following entry into force of BilMoG and ARUG, or if under transitional provisions of the Commercial Code relating to the disclosures under Sections 289 (5) and 315 (2) 5, HGB, the requirement only relates to company and Group management reports for financial years beginning after 31 December 2008. The Management Board of Demag Cranes AG has decided to take the precaution of presenting the disclosures in question for financial year 2008/2009 by providing the relevant disclosures on the internal control and risk management system in relation to the company or Group financial reporting process.

Subject Matter of the Report

According to the explanatory memorandum to BilMoG, the internal control system encompasses the policies, processes and tasks that help ensure effective and efficient financial reporting, the quality of financial reporting and compliance with applicable law. This also includes the internal audit system to the extent that it relates to financial reporting.

The risk management system in relation to the financial reporting process encompasses, as part of and hence in the same way as the internal control system, financial reporting control and monitoring processes in particular with regard to items on the balance sheet associated with the management of risk.

Main Features of the Internal Control System and of the Risk Management System in Relation to the Financial Reporting Process

The main features of the internal control system and risk management system at Demag Cranes AG in relation to the (Group) financial reporting process may be described as follows:

• The Demag Cranes Group has a clear organisational, corporate, control and monitoring structure;

• Coordinated Group-wide planning, reporting, financial control as well as early warning systems and processes ensure integrated analysis and control of earnings-relevant factors and going-concern risks;

• Functional responsibilities (e.g. accounting, financial control and internal audit) are clearly assigned for all parts of the financial reporting process;

• Accounting IT systems are secured against unauthorised access;

• Most finance systems in deployment are standard software;

• A suitable system of internal guidelines (including Group-wide risk management guidelines) is in place and subject to ongoing refinement in line with developing needs;

• Departments involved in the financial reporting process meet quantitative and qualitative requirements;

• The completeness and accuracy of accounting data are regularly verified by sampling and plausibility checks performed both manually and by the software used. A risk controller for each segment supports the risk management process at segment level and checks the data for plausibility;

• Key processes related to financial reporting are subject to regular analysis. The Group-wide risk management system is continuously fine-tuned in line with emerging developments and regularly tested for effectiveness. The system was assessed by Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft, Düsseldorf, in the course of auditing the Financial Statements;

• The dual control system is applied throughout in all processes related to financial reporting;

• Processes related to financial reporting are subject to scrutiny by the internal audit function;

• The Supervisory Board supervises matters including key aspects of financial reporting, risk management, and the audit mandate together with its main points of focus.

Explanatory Notes on the Main Features of the Internal Control System and of the Risk Management System in Relation to the Financial Reporting Process

The internal control and risk management system in relation to the financial reporting process as set out above ensures that matters pertaining to the business are accurately recognised, presented and measured in the accounts and so are included in external financial reporting.

The clear organisational, corporate, control and monitoring structure combined with the deployment of sufficient human and material resources for accounting tasks lay the basis for efficient operation of the functions involved in financial reporting. Clear statutory and company requirements and guidelines ensure proper and uniform financial reporting. Clearly defined verification mechanisms within the functions involved in financial reporting itself together with checks by the internal audit department and the early warning provision in the risk management system ensure that financial reporting is coherent and free of errors.

The internal control and risk management system at Demag Cranes AG makes sure that financial reporting at Demag Cranes AG and all companies included in the Financial Statements is uniform and in compliance with legal and statutory requirements as well as internal guidelines. In particular, the uniform Group risk management system, which fully meets the statutory requirements, has the purpose of detecting risks on a timely basis, assessing them and properly communicating them. Report users are thus provided with accurate, relevant, reliable and timely information.