Internal control system for financial and operational processes
METRO’s ICS defines group-wide minimum requirements for the design of the internal control system for financial processes (for example accounting and tax processes) or operational processes (such as purchasing processes and processes in the markets) for METRO AG and its subsidiaries. Among others, these requirements cover the control design, control execution, monitoring the effectiveness of controls and reporting on effectiveness analyses. The METRO control framework, the local control design of the companies, the control execution and documentation as well as the effectiveness analyses of the subsidiaries are documented in the central IT tool myGRC.
IFRS accounting guideline
A group-wide IFRS accounting guideline that is compulsory for all companies included in the consolidated financial statements ensures the uniform METRO group-wide application of accounting procedures. The guidelines are periodically updated by the Corporate Accounting & Controlling department. The management of each major group company is obligated to confirm compliance with the guidelines in a formal declaration on each reporting date.
Accounting processes of companies included in the consolidated financial statements
The separate financial statements of the companies to be included in the consolidated financial statements are generally prepared using SAP-based accounting systems (SAP FI). Clearly assigned competencies and roles ensure clearly defined responsibilities for the individual financial statement preparation activities. This unambiguous functional separation also prevents potential conflicts of interest. Many group companies prepare their separate financial statements on the basis of a centrally managed table of accounts using uniform accounting rules.
To avoid risks relating to non-compliance with accounting rules, deadlines or dates and to document the work steps to be performed as part of the preparation of individual and consolidated financial statements in accordance with IFRS, planning tools are available to assist in monitoring the content and timing of work processes. The scheduling and monitoring of the milestones and activities as well as the design of individual company internal controls necessary for the preparation of separate financial statements are part of the responsibilities of the respective company’s management.
Accounting processes for consolidation purposes
The consolidation of accounting-related data for the purpose of group reporting is performed by a centralised consolidation system (CCH Tagetik). Without exception, all consolidated METRO companies must work within this system. It provides a uniform accounts table to be used by all consolidated companies in accordance with the IFRS accounting guideline. Once they have been transmitted from the separate financial statements to the consolidation system, they are subjected to an automated plausibility review in relation to accounting-specific contexts and dependencies. Any errors or warning messages generated by the system during this validation process must be addressed by the person responsible for the separate financial statements before the data are transmitted to the consolidation facility.
The processes and controls used in the preparation of the consolidated financial statements include the completeness check of the consolidation group, verification of punctual, complete and correct data submission, avoidance of undesirable data changes and a complete and error-free execution of typical consolidation steps. The latter are subjected to system-based and manual controls. The automated plausibility reviews (validations) apply to the consolidation measures similarly as they are intended for the separate financial statement data.
To warrant the security of the group’s information technology systems (IT), access to the accounting-related IT systems is regulated. Access authorisations are centrally managed and are subject to customary approval mechanisms. Each company included in the consolidated financial statements is subject to the regulations concerning IT security. These regulations are summarised in an IT security guideline, with group-wide compliance being monitored by the Internal Audit unit.
Reporting on RMS and ICS
All insights gained in the context of RMS, ICS and CMS reporting are added to the GRC reporting. It provides an overall view of the opportunity and risk situation of our company and an assessment of the effectiveness of the measures taken. The GRC report includes:
- the assessment of the management of METRO AG regarding the effectiveness of the governance management subsystems,
- the opportunity and risk profile of METRO, and
- the recommendations on risk steering measures and the optimisation of the governance approach
The Management Board regularly informs the Supervisory Board and the Audit Committee about issues relating to the management of opportunities and risks. Twice a year, the Supervisory Board is provided with a written report on the organisation and focus of the RMS and ICS as well as the current opportunity and risk situation.
In the event of sudden, serious risks to the net assets, financial position or earnings position, an ad hoc reporting system is used to ensure that the Management Board of METRO AG receives all necessary information directly and without delay.
Monitoring and improvement of the RMS and ICS
The Supervisory Board of METRO AG is responsible for monitoring the governance management systems in accordance with § 107 Section 3 of the German Stock Corporation Act (AktG). GRC reporting in particular enables the Supervisory Board to fulfil its duties. In accordance with the requirements of the German Corporate Sector Supervision and Transparency Act (KonTraG), the external auditor periodically assesses the company’s early-warning system. The results of this audit are presented to the Management Board and the Supervisory Board.
Key elements of internal monitoring include effectiveness checks performed by Internal Audit based on risk-oriented annual audit planning as well as self-assessments of the management systems by the local management.
The Group Governance department has implemented monitoring controls for RMS and ICS, which are performed by Group Governance and documented in the central IT tool myGRC. One of these controls involves the annual systematic evaluation of all findings gathered throughout the year, such as those arising from audit results, findings of external auditors and feedback from users. In this way, the management systems are continuously improved.