246 BMW Group Report 2024 To Our Stakeholders Combined Management Report Group Financial Statements Responsibility Statement and Auditor’s Report Remuneration Report Other Information Internal Control System I N T E R N A L C O N T R O L S Y S T E M , R I S K S A N D O P P O R T U N I T I E S , C O M P L I A N C E 246 Appropriateness and Effectiveness of the Internal Control System and Risk Management System 247 Internal Control System 248 Risks and Opportunities 257 Compliance APPROPRIATENESS AND EFFECTIVENESS OF THE INTERNAL CONTROL SYSTEM AND RISK MANAGEMENT SYSTEM * The BMW Group complies with recommendation A.5 of the Ger- man Corporate Governance Code and accordingly provided its statement in accordance with § 161 of the Stock Corporation Act ↗ www.bmwgroup.com/ in December 2024 on the following basis: The BMW Group has set up an Internal control system and a risk management system in accordance with the German Corporate Governance Code. The Internal control system includes all the principles, instruc- tions and measures introduced by the Board of Management to ensure: — the effectiveness and efficiency of business operations — the propriety of accounting and financial reporting — compliance with the statutory regulations relevant to the BMW Group The BMW Group’s Internal control system comprises the follow- ing: the Internal control system for accounting and financial re- porting, the Internal control system for reporting non-financial key figures ↗ Internal Control System (ICS in the narrower sense), the Compliance Management System ↗ Compliance Management System (CMS) and the Corporate Audit Function (IAF). The Risk Management System (RMS) comprises the entire set of organisational rules and measures in place to identify, assess, manage and communicate risks, including system monitoring ↗ Risk and Opportunity Management. The ICS (in the narrower sense), the RMS and the CMS are au- dited independently on a risk-oriented basis by Corporate Audit as part of the “Three Lines” model, with all systems intercon- nected by overarching structural elements. Internal Audit’s find- ings are reported to the Board of Management and the Supervi- sory Board on a regular basis. The design and implementation of the Internal control system and the Risk management system take into account the size, structure and complexity of the BMW Group in particular. These systems are intended to detect, manage and mitigate material risks. However, despite the comprehensive analysis of risks in general, any Control and Risk management system has inherent limitations. For this reason, the occurrence of risks cannot be ruled out in all circumstances. Taking this into account, the Board of Management is not aware of any circumstances that give rise to doubts regarding the ap- propriateness and effectiveness of the systems. In particular, no material cases of non-compliance or systemic weakness were identified that preclude such appropriateness and effectiveness. * The information provided in this section is extraneous to management reports which are not cov- ered by PwC’s audit. INTERNAL CONTROL SYSTEM, RISKS AND OPPORTUNITIES, COMPLIANCE