Characteristics of the accounting-related internal control and risk management system and explanatory report of the Management Board
METRO’s accounting-related internal control and risk management system employs coordinated instruments and measures for the prevention, early detection, assessment and management of risks. The Corporate Accounting department of METRO AG is responsible for the group-wide implementation of these instruments and measures.
Overarching responsibility for all processes related to the preparation of the consolidated and individual financial statements as well as the combined management report of METRO AG rests with the Board department headed by the Chief Financial Officer of METRO AG, Mr Christian Baier. The actual preparation of the financial statements as well as the combined management report, however, is the legal responsibility of the Management Board of METRO AG. The consolidated and individual financial statements as well as the combined management report are audited and approved by the auditor during and after their preparation. They are then discussed and reviewed by the Supervisory Board of METRO AG. The auditor attends this Supervisory Board meeting. He reports the key findings of his audit and is available for additional questions. Provided the Supervisory Board has no objections, it approves the annual financial statements and the combined management report. The annual financial statements of METRO AG are adopted once the Supervisory Board has issued its approval.
Building on the “Internal Control – Integrated Framework” concept of the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the Corporate Accounting department of METRO AG has defined group-wide minimum requirements regarding the design of the accounting-related internal control system of METRO AG, the sales lines and the major service companies. With these requirements, the company particularly wants to ensure adherence to the relevant accounting standards and the respective internal guidelines (for example the IFRS accounting guideline).
Among others, these requirements cover the design and implementation of controls, monitoring the effectiveness of controls and reporting about effectiveness analyses.
- Design of controls: Taking a top-down approach, the company has identified the risk of material errors relating to the financial reporting for significant financial and accounting-related processes. In addition, the Corporate Accounting department has stipulated binding group-wide control objectives which the group companies must meet by employing company-specific control activities.
- Implementation of controls: The group companies must keep records of the implementation of these controls. These provide the basis for an independent review of the controls’ effectiveness by the Group Internal Audit department and the group’s auditor.
- Effectiveness of controls: The major group companies are obligated to evaluate the effectiveness of controls at the end of each financial year (self-evaluation). In the process, they must apply the uniform, group-wide method stipulated by the Corporate Accounting department. In addition, the effectiveness of controls is reviewed as part of the risk-oriented, independent audits conducted by the Group Internal Audit department.
- Reporting: The results of the self-evaluations must be reported to the Corporate Accounting department using a standardised reporting format. The group companies must confirm that their self-evaluations were conducted using the prescribed method. Aside from the control activities, the group companies must also report on the other 4 components of the COSO framework: control environment, risk assessment, information and communication, as well as monitoring. The companies’ individual reports are validated by the Corporate Accounting department and compiled in an overall report on METRO accounting-related internal control system. This is reported to the Governance, Risk, and Compliance Committee (GRCC) as well as the Management Board of METRO AG.
As of financial year 2014/15, these 4 phases of the internal control cycle are mapped by all METRO sales lines, the essential service companies and METRO AG itself using the RSA Archer GRC software. The key requirements (for example, the IFRS accounting guideline), accounting processes, individual controls and independent review by the Group Internal Audit department and the auditor are described in detail below.
IFRS accounting guideline
The interim consolidated financial statements and the consolidated financial statements of METRO AG are prepared in accordance with the International Financial Reporting Standards (IFRS) as applicable in the European Union. A group-wide IFRS accounting guideline that is compulsory for all companies included in the consolidated financial statements ensures the uniform group-wide application of accounting procedures in accordance with IFRS. The guideline explains IFRS regulations to the group companies and makes stipulations regarding accounting measurements. To monitor compliance with the IFRS accounting guideline, the management of each major group company is obligated to confirm compliance by means of a letter of representation. The IFRS accounting guideline covers all IFRS relevant to METRO AG and does not relate only to certain accounting events. The Corporate Accounting department of METRO AG is responsible for ensuring compliance with this guideline. Amendments to IFRS are continually updated in the IFRS accounting guideline and communicated to all companies included in the consolidated financial statements.
Accounting processes of companies included in the consolidated financial statements
The preparation of the individual financial statements of consolidated companies according to IFRS for consolidation purposes is principally carried out in SAP-based accounting systems (SAP FI). The organisational separation of central and subledger accounting, for example, fixed asset, receivables and payables accounting, provides for clear assignments of individual tasks related to the preparation of the financial statements. It also provides for a functional separation that ensures the efficacy of control processes, such as the 4-eyes principle. These systems are used to prepare the individual financial statements of most group companies on the basis of a centrally managed table of accounts using uniform accounting rules.
The consolidation of financial data for the purpose of group reporting is performed by a centralised consolidation system (CCH Targetik). Without exception, all consolidated METRO companies must work within this system. It provides a uniform accounts table to be used by all consolidated companies in accordance with the IFRS accounting guideline. The accounts tables for the individual IFRS financial statements and the consolidated financial statements are interlinked.
Aside from failure to comply with accounting rules, risks can also arise from failure to observe formal deadlines. An online planning tool was introduced to help avoid these risks and document the obligatory processes required as part of the preparation of individual and consolidated financial statements under IFRS, their chronological order and the responsible persons. This tool is used to monitor content and timing of the processes related to the preparation of the individual and consolidated financial statements under IFRS. It provides for the necessary tracking and tracing systems to ensure that risks incurred by superordinate group units can be detected and eliminated early on.
The planning tool divides the process of preparing the individual financial statements into key milestones, which in turn are divided into individual activities. In terms of content, these milestones and activities are geared towards METRO’s IFRS accounting guideline and thus reflect its implemented state. Compliance with additional deadlines and milestones that are centrally provided by the planning tool for the purpose of structuring and coordinating the preparation of the consolidated financial statements is monitored by METRO AG’s Corporate Accounting department. The scheduling and monitoring of the milestones and activities required to achieve these group milestones in the preparation of individual financial statements are part of the responsibilities of the respective company’s management.
Once they have been transmitted from the individual financial statements under IFRS to the consolidation system, the financial data are subjected to an automated plausibility review in relation to accounting-specific contexts and dependencies. Any errors or warning messages generated by the system during this validation process must be addressed by the person responsible for the individual financial statements before the data are transmitted to the consolidation facility.
An additional control instrument is the report comparing the most significant balance sheet and income statement positions against the previous period’s figures. This report must be submitted to METRO AG by all major group companies at the time of preparing their individual financial statements and must also provide comments on any considerable deviations.
To warrant the security of the group’s information technology systems (IT), access to the accounting-related IT systems (SAP FI) is regulated. Each company included in the consolidated financial statements is subject to the regulations concerning IT security. These regulations are summarised in an IT security guideline, with group-wide compliance being monitored by the Group Internal Audit department of METRO AG. This ensures that users only have access to the information and systems needed to fulfil their specific tasks.
Accounting processes for consolidation purposes
The planning tool used to evaluate the accounting processes of the consolidated companies also structures the process of preparing the consolidated financial statements by defining key milestones, activities and deadlines. The typical tasks entailed in the preparation of the consolidated financial statements are defined as specific milestones to be completed. These milestones include, for example, the task of evaluating the completeness of the consolidation group, the evaluation of timely, complete and accurate submission of data, the completion of typical consolidation measures (including revenue elimination as well as the consolidation of expenses, income, debts and capital) and ultimately the completion of the annual report. The respective responsibilities and stand-in arrangements for the aforementioned milestones are documented.
The group also relies on external service providers to handle support activities related to the preparation of the consolidated financial statements. These services essentially relate to the valuation of real estate assets, pension obligations and share-based remuneration.
The consolidation measures required to prepare the consolidated financial statements are subject to various systematic and manual controls. The automated plausibility reviews (validations) used in individual financial statements data also apply to the consolidation measures. Additional monitoring mechanisms at group level include target-performance comparisons as well as analyses dealing with the composition and movements of individual items in the balance sheet and the income statement. Compliance with internal controls covering the preparation and accounting process in the context of the compilation of the consolidated financial statements is regularly monitored by the Group Internal Audit department of METRO AG.
Access regulations for the consolidation system are implemented to ensure adherence to IT security regulations (write/read authorisations). Authorisations to use the consolidation system are managed centrally by METRO AG. The approval is granted only by the Corporate Accounting and Corporate Controlling & Finance departments. This ensures that users only have access to the specific data they require to fulfil their specific tasks.
Group Internal Audit (Group Internal Audit department)
The Group Internal Audit department of METRO AG provides independent and objective audit and consulting services within METRO and supports the Management Board of METRO AG and the management of the group companies in reaching their goals by subjecting the key management and business processes to a potential-oriented evaluation. In consultation with the Management Board and the group companies, the Group Internal Audit department develops a risk-oriented annual audit and project plan.
Based on the described principles, the Group Internal Audit department carries out independent audits of the controls monitoring the process of preparing the consolidated financial statements, the implementation of the IFRS accounting guideline and group accounting processes within METRO. For this purpose, focal topics are defined as part of risk-oriented planning for the annual audit.
The IFRS accounting guideline is reviewed by the auditor and made available to the auditors of the companies included in the consolidated financial statements. These, in turn, confirm the consistent application of the IFRS accounting guideline by the companies included in the consolidated financial statements.
The respective auditors further evaluate and assess the individual IFRS financial statements prepared by the main group companies for consolidation purposes, as well as the consolidated financial statements and combined management report of METRO AG for compliance with the applicable accounting standards, additional rules and regulations. The auditors review the half-year financial report and conduct an audit of the consolidated financial statements at the end of each year. The auditor’s final opinion on the consolidated financial statements is then represented in an audit certificate, which is published as part of the of the annual report.