Tomasa Cuevas

multi-year plans in several functional areas;

- comply with the Corporate Requirements and Directives; and - monitor the effectiveness of the risk management and internal

control system and regularly discuss the findings with the Managing Board.

On average once every three years, the operational units are audited by Corporate Operational Audit (COA). The director of COA reports to the chairman of the Managing Board and has access to the external auditor and the chairman of the Audit Committee of the Supervisory Board. Furthermore, the director of COA acts as the compliance officer with regard to inside information and is the chairman of the DSM Alert Committee, which is responsible for the DSM whistleblower policy, systems and processes.

In the Fraud Committee, relevant corporate functions participate under the chairmanship of the CFO. The objective of the committee is to ensure structural follow-up of fraud cases with the aim of reducing fraud risks.

Risk management

The Managing Board is responsible for risk management in the company and, supported by the Corporate Risk Office, has designed and implemented a risk management system and a risk management organization. The system and the organization are documented in the DSM risk management policy, the DSM Code of Business Conduct, DSM policies in several functional areas and the DSM Corporate Requirements and Directives. The aim of the system is to ensure that the extent to which the company’s strategic and operational objectives are being achieved is understood, that the company’s reporting is reliable and that the company complies with relevant laws and regulations.

The DSM risk management system is based on the COSO-ERM framework. It has been designed to achieve maximum

integration of the risk management process in the normal business processes. It provides for risk assessment tools, controls for risks that commonly occur in the company and

monitoring and reporting procedures and systems. The internal controls for the goods and money flows have been ‘built into’ business processes, and tools have been developed to support their implementation and to monitor their effectiveness in operation. In this way, a high level of internal control is achieved efficiently.

Upon the publication of this Integrated Annual Report, an updated version of the full description of DSM’s risk

management system and process together with a description of the identified risks will be placed on the company’s website. These descriptions are to be considered an integral part of this Integrated Annual Report.

The functioning of the system in 2013

The important events in risk management in 2013 are reported below. This section is structured according to the elements of the COSO-ERM risk management framework.

Internal environment for risk management

Values and business principles are an important element of the internal environment for risk management. Directly related to its mission to create brighter lives for people today and generations to come, DSM has chosen sustainability as its core value. DSM's business principles, which are defined in the DSM Code of Business Conduct, are based on this core value. The DSM Code of Business Conduct, which is available on the company’s website, describes principles in the areas of People (social and humanitarian standards), Planet (principles with regard to the environment) and Profit (principles regarding fair and ethical business practices). In 2013, the mandatory biennial e-learning course on the Code of Business Conduct was completed by more than 90 percent of all eligible employees, including the personnel of newly acquired units. Classroom training is ongoing for a limited group of employees who do not have access to e- mail. A company-wide inventory was made of bribery and corruption risks. This inventory has been used to complement the general policy against corruption and bribery with business and region specific actions and practices. The Anti-Bribery and Corruption policy and the e-learning tool are ready to be deployed to specific target groups in the various units. Another important factor determining the internal environment for risk management is the risk appetite. This risk appetite cannot be captured in one figure or formula, but varies per category of risks. The Managing Board has reviewed the company’s desired risk appetite. The main characteristics can be described as follows:

- To fulfill its strategic intent, DSM is prepared to accept considerable risks in for example its drive to develop its people and organizational base into a competitive advantage, its innovation programs and its expansion to high growth economies, and in that same context the company also accepts risks in developing sustainability as a business driver. Of course these risks will always be limited by defined hurdle criteria and rigorous implementation programs.

- In risk areas such as intellectual property protection,

acquisitions and joint ventures, production-process reliability, business continuity, reputation and product liability the company is cautious to conservative.

- With regard to safety, health and environment, reporting integrity and internal and external non-compliance the company is risk averse.

This risk appetite gives guidance for the responses to the risks identified in the Corporate Risk Assessment (see below). For specific units, the risk appetite may deviate from the overall company profile.

Objectives and risk identification, assessment and response

In line with the mandatory risk management process, business groups that updated their strategy in 2013 performed a business risk assessment to identify and assess the implementation risks of the chosen strategy and agree on responses. At mid-year and at year-end, all units reviewed and reported their risks and incidents as part of the semi-annual risk reporting process, in which risks are reported in terms of exposure (impact multiplied by probability). Additionally, risk assessments were performed by a number of units and regions, on major projects and as part of the compliance programs of new acquisitions.

In 2013, the Managing Board updated the Corporate Risk Assessment (CRA). Based on the results of the CRA conducted in 2012, input from the directors of corporate staff departments and shared service departments, internal risk and incident reports and risk information from external sources, the Managing Board, supported by the Corporate Risk Office, identified the

risks that are relevant in relation to the achievement of the targets of the strategy DSM in motion: driving focused growth. Board members individually identified and assessed risks, and during a Managing Board session they reached consensus on these risks and related risk appetites. They identified any necessary responses to be made in addition to the mitigating actions already in place in order to bring the risks within the defined risk appetite.

The preliminary outcomes of the CRA were reported to and discussed with the Audit Committee of the Supervisory Board in the meeting of 9 December 2013. These 'top-down' outcomes were compared with the risks and incidents as reported 'bottom- up' by the operational units in their Letters of Representation and with findings from internal and external audits. The final risk profile was reported to and discussed with the Audit Committee of the Supervisory Board on 24 February 2014. It is the basis for the main risks and responses as reported on the following pages.

The company’s top risks

The CRA identifies the likelihood and impacts of events that could jeopardize the achievement of the targets for 2014, 2015 and 2020 set in the DSM in motion: driving focused growth strategy. In setting these targets, assumptions were made about the macro-economic and global financial developments (basic scenario).

The table on the next page shows the most important risks for DSM achieving its targets under the basic scenario, and the remedial actions to mitigate them.

Following the Corporate Risk Assessment 2013, 'Growth and profitability in the Pharma cluster' no longer qualifies as a 'top risk' or even an 'important risk'. As announced in November 2013, DSM and JLL Partners will create a new company which will be a leading global contract development and manufacturing organization for the pharmaceutical industry. This mitigates this risk.

The top risks and related mitigating actions

Description of risks Mitigating actions

Exposure to merchant market for caprolactam

DSM has considerably reduced its exposure to cyclical and commodity markets. Volatility, cyclicality and supply-demand imbalance in the merchant market for caprolactam may cause the profitability to deviate from the projected levels.

DSM will continue to work on options to reduce its exposure to the volatile merchant caprolactam market.

Competition

Price pressure due to intensified competition may cause the profitability of DSM's activities to deviate from the projected levels.

Cost reductions in all businesses are being continued to increase competitiveness. Further innovation is driving a focus on high-end markets which will also mitigate this risk. Risks related to High Growth Economies

In the current strategy, the relative importance of the High Growth Economies has further increased. There is, however, always a risk that the markets will not grow as expected and/ or that opportunities in these markets will be missed.

DSM has further detailed its country and region specific strategies. More power and freedom will be given to regions to achieve the strategic goals.

People, organization and culture

The implementation of the business strategy is supported by organizational measures to enhance regional and functional effectiveness. However, the organization may lack the resources in terms of quantity and quality to execute all the programs and projects.

DSM has launched the ONE DSM Culture Agenda focusing on: - External Orientation

- Accountability for Performance (and learning) - Collaboration with Speed

- Inclusion & Diversity

Attention will be given to the implementation of stronger regional and functional talent efforts and career development. Focus and priority setting will secure proper project execution and implementation.

Global financial and economic developments (including tax risks and currency effects)

A further economic downturn and a higher impact of currency volatilities could have a significant detrimental effect on the achievement of DSM's targets. Furthermore, changing tax regimes may also impact the realization of DSM's targets.

DSM will proceed with its profit protection plans as well as with the execution of its hedging policy. Regional changes in tax regimes will be closely monitored.

Other important risks

In addition to the top risks, the most recent risk assessment and reports show the following risks as being the most important: - Acquisitions & Partnerships

This risk has been reduced significantly by realizing several key strategic acquisitions. The risk on Acquisitions & Partnerships shifted from finding sufficient additional value adding

acquisitions to getting the recent acquisitions effectively integrated. The company has developed good practices and structured processes to mitigate this, whereas quarterly tracking of the progress of the various integration programs is also securing the targets set.

- Innovation

The Emerging Business Areas are developing well. The focus and concentration of efforts, as well as the reinforcement of the talent base, ensure that DSM capitalizes on talent. The current outlook is that DSM is on track to realize the innovation ambitions as set in its strategy. At the same time DSM further invests in strengthening its innovation skills and competences as well as its innovation portfolio.

- ICT complexity

High ICT complexity (especially against the background of the large number of acquisitions in recent years) may hamper DSM's competitive advantage. Decomplexing and leveraging operations will mitigate this risk.

- Raw material and energy: price and availability risks DSM implements various policies to avoid supply chain disruptions (e.g. multiple supplier strategy) and decrease price volatility (e.g. commodity hedging). Nevertheless, the increasing complexity and interdependence of worldwide supply streams as well as increasing (perceived) pressure on the availability of resources may lead to price fluctuations and availability issues, influencing DSM’s profitability. The Supplier Relationship program, aiming to obtain a number of strategic customer of choice positions, is another way to jointly optimize the value chains DSM is involved in.

- Intellectual property (IP) risks

The policy of accelerated growth through speeding up innovation and expansion in high growth economies holds the risk of increased exposure in the IP area. Measures will continue to be taken to contain these risks, but these may not always be completely effective in mitigating IP risks.

- Security (including information security)

Especially in the area of the security of and access to data in ICT systems, a continued focus on monitoring and

implementation of key security behaviors is required, given the increasing tension between the growing professionalism of cybercrime and widespread use of (mobile) IT and social media.

- Business continuity risks

Major disruptions, especially in the supply chain, in manufacturing and in the ICT environment, remain a low likelihood but possibly high impact risk. DSM recognizes these risks and has implemented contingency measures to prepare for the most important scenarios.

- Safety, Health and Environmental (SHE) risks

After a number of fatalities in prior years, DSM has enhanced its already strict safety policies even further, among other things by strengthening the implementation of the Life Saving Rules. Nevertheless, SHE risks cannot be excluded altogether and any accidents may have a deep impact in terms of human suffering and (reputation) damage to the company.

- Product liability risks

To reduce product liability risks, product risk evaluations have been carried out, contractual and quality procedures have been updated and insurance policies have been reviewed. Unexpected effects of or undetected flaws in DSM's products or services may, however, still cause considerable product liability exposures.

For the management of all these categories of risks, strategies, controls and/or mitigating measures have been put in place as part of DSM’s risk management practices. These nevertheless involve uncertainties that may lead to the actual results differing from those projected. There may also be risks that the company has not yet fully assessed and that are currently classified as ‘minor’ but that could have a material impact on the company's performance at a later stage. The company's risk management and internal control system has been designed to identify and respond to these developments on time, but 100 percent assurance can never be achieved.

Control activities

Each business group and each major operational service unit has an Audit Committee which, under the direction of the director of the group or unit, sets up annual risk management plans, monitors their implementation and reviews risk management issues on a regular basis. During the year under review, major risk management events, such as business risk assessments, audits and the occurrence of control failures or weaknesses, were discussed with the responsible Managing Board member.

Commonly occurring risks are mitigated through the implementation of the Corporate Requirements and process controls in the business processes. The operational units regularly test compliance with these requirements and the effectiveness of the controls. Deviations from Corporate Requirements are only allowed temporarily, if sufficient alternative controls are in place and after approval by the

responsible Board member. A limited number of waivers have been granted.

Information and communication

A continuous effort is being made to inform employees about the DSM risk management system and train them in its use. In India and Russia specific regional risk assessments were performed in 2013. To increase general awareness of risk management, internal webinars were held and dilemma discussions were started.

Monitoring and reporting

Information on the functioning of the system was collected on a continuous basis. Business groups tracked compliance with Corporate Requirements and the follow-up of actions arising from risk assessments. They conducted assessments on the effectiveness of their internal controls and reported and investigated incidents. Independent audits on the effectiveness of risk management implementation were executed by the Corporate Operational Audit department according to a program agreed with the Audit Committee of the Supervisory Board. Information coming in via the DSM Alert whistleblowing channel was also used as a source for reviewing the effectiveness of the risk management system. Any critical findings were addressed immediately.

By signing an affidavit, the business group controllers confirmed, among other things, that the quarterly financial statements had been produced according to the internal accounting rules and reporting procedures. The implementation of a financial shared services center in line with DSM's strategy to leverage operations has created a need for more explicit continuous control monitoring (CCM) to support the units' statements. CCM for this scope has been successfully implemented.

Based on developments within and external to the company, as well as findings from the various risk assessments, audits and monitoring and reporting efforts, the Corporate Risk Office drew up a consolidated risk report, including recommendations for further improvement of the risk management system. These recommendations were integrated into an update of the Corporate Risk Management Plan 2011-2015.

At the end of the second quarter, the operational units were asked to provide an update of their material risks and incidents over the first half of 2013 and the status of the mitigation of the risks reported over 2012, and to specify any material risks or uncertainties for the rest of the year. The consolidated overview of these risks, incidents and mitigation measures was the basis for the risk section and the statements of the Managing Board as provided with the first-half figures in accordance with the requirements of the Dutch Financial Markets Supervision Act.

Enhancements to the risk management system

During 2013, the enhanced focus on risk controls in the safety area (Life Saving Rules) was continued. New and enhanced controls were introduced in the field of security through the launch of key security behaviors. The Corporate Requirements in the field of Research, Technology and Development were separated from those in the field of Innovation. For joint ventures the governance and risk management approach was reviewed and updated in line with DSM's interest in those partnerships. Strategic developments within DSM were supported by risk management actions as follows:

- High Growth Economies: Enhancement of regional risk management capabilities with a focus in 2013 on India and Russia.

- Sustainability: Further implementation of the control framework for ECO+ solutions, implementation of actions defined in the sustainability risk assessment and start of the implementation of a framework for People+.

- Innovation: Improved risk assessment practices, including Monte Carlo business simulations and value engineering. - Acquisitions & Partnerships: Creation of best practices for

(risk) management in the integration and operation of acquisitions and joint ventures. Enhancement of regional risk management capabilities in high growth economies and in North America, where many newly acquired businesses are being integrated.