Combined Management Report and subsequently by our Managing Board and Audit Committee. The audit procedures for these topics will be – where reasonable – executed by joint teams including members of our and Siemens Healthineers’ internal audit functions, thus respecting the interests of both Siemens AG and Siemens Healthineers. At the end of each fiscal year, our Managing Board performs an evaluation of the adequacy and effectiveness of the ICS and ERM. This evaluation is based primarily on the Siemens “In Control”-Statement and quarterly Managing Board meetings. The purpose of the "In Control"-Statement is to provide an overview of the key elements of the ICS and ERM of Siemens AG and its affiliated companies at the end of the fiscal year, to summarize the activities undertaken to review its adequacy and effectiveness and highlight any critical control weaknesses identified as part of these activities. The information contained in this statement is provided to the Audit Committee of the Supervisory Board of Siemens AG to report on the effectiveness of the ICS and ERM. The Siemens “In Control”-Statement is supported by certifications at various corporate levels and by all affiliated companies. In the quarterly Managing Board meetings, the company-wide risk and opportunity situation is evaluated, the results of the internal control process are explained and once a year an overall conclusion is made about the adequacy and effectiveness of our ICS or ERM. Based on this, the Managing Board has no indication that our ICS or ERM in their respective wholes have not been adequate or effective as of September 30, 2023. Nevertheless, there are inherent limitations on the effectiveness of any risk management and control system. For example, no system – even if deemed to be adequate and effective – can guarantee that all risks that will actually occur will be identified in advance or that any process violations will be ruled out under all circumstances. The Audit Committee is systematically integrated into our ICS and ERM. In particular, it oversees the accounting and the accounting process as well as the adequacy and effectiveness of the ICS, ERM and the internal audit system. Siemens Healthineers is largely subject to the Group-wide principles for our ICS and ERM and is responsible for adhering to those principles. The integration of Varian into our ICS, which began in fiscal 2021 after the acquisition by Siemens Healthineers, continued in fiscal 2023 and was completed to a very large extent with regard to all Varian entities. The integration measures are planned to be completely finalized in fiscal 2024. 8.5.2 Compliance Management System (CMS) Our ICS and ERM also comprise a CMS aligned to the Company's risk situation which is based on the three pillars – prevent, detect and react. It includes the legal risk areas of corruption, antitrust law, data protection, money laundering, export controls as well as human rights and is based on an extensive internal set of rules: The Siemens Business Conduct Guidelines (BCG) define the basic principles and standards of behavior that must be observed by all employees in the company units and in relation to customers, external partners and the public. In addition, there are extensive internal compliance regulations, including associated controls, which oblige all Siemens employees to ensure the implementation of the CMS. They contain topic-specific implementation regulations for the individual risk areas with regard to compliance processes and tools as well as additional guidelines and information. The compliance operating model contains binding specifications for the employees of the compliance organization and describes responsibilities and how the CMS works. Compliance risk management and compliance reviews as part of the CMS aim to identify compliance risks at an early stage and thus enable to take appropriate and effective measures to avoid or minimize risks. The risk assessment is also integrated into individual business processes and tools. The results of CMS that are relevant to the Group are taken into account as part of the Company-wide ERM. The Compliance Control Program aims to ensure compliance with and implementation of the CMS and processes used worldwide. It is part of the ICS and is continuously further developed and adapted to the current Siemens guidelines. In addition, current compliance issues are discussed at the management level on a regular basis. The entire CMS is continuously adapted to business-specific risks and various local legal requirements. The findings from compliance risk management as well as compliance controls and audits are used to derive measures for its further development. 8.5.3 Significant characteristics of the accounting-related ICS and ERM The overarching objective of our accounting-related ICS and ERM – as part of the overarching ICS and ERM – is to ensure that financial reporting is conducted in a proper manner, such that the Consolidated Financial Statements and the Combined Management Report of the Siemens Group and the Annual Financial Statements of Siemens AG as the parent company are prepared in accordance with all relevant regulations. Our ICS and ERM are based on the globally recognized COSO framework, for further information see 8.5.1. At the end of each fiscal year, our management performs an evaluation of the effectiveness of the accounting-related ICS. We have a standardized procedure under which necessary controls are defined, documented in accordance with uniform standards, and tested regularly for their effectiveness. Nevertheless, there are inherent limitations on the effectiveness of any control system, and no system, including one determined to be effective, may prevent or detect all misstatements. Our Consolidated Financial Statements according to IFRS are prepared on the basis of a centrally issued conceptual framework which primarily consists of uniform Financial Reporting Guidelines and a chart of accounts. For Siemens AG and other companies within the Siemens Group required to prepare financial statements in accordance with German Commercial Code, this conceptual framework is complemented by mandatory regulations specific to the German Commercial Code. The need for adjustments in the conceptual framework due to regulatory changes is analyzed on an ongoing basis. Accounting departments are informed quarterly about current topics and deadlines from an accounting and closing process perspective. The base data used in preparing our financial statements consists of the closing data reported by the operations of Siemens AG and its subsidiaries. The preparation of the closing data of most of our entities is supported by an internal shared services organization. Furthermore, other accounting activities, such as governance and monitoring activities, are usually bundled on a regional level. In particular cases, such as valuations relating to post-employment benefits, we use external experts. The reported closing data is used to prepare the financial statements in the consolidation system. The steps necessary to prepare the financial statements are subject to both manual and automated controls. 31