Risk management system and internal control system
A prerequisite for the long-term success of our company is to identify opportunities and risks at an early stage and to exploit or manage them.
The Management Board of METRO AG bears overall responsibility for an effective risk management system (RMS) and an effective internal control system (ICS). Both management systems and the opportunities and risks that are considered significant for METRO and the corresponding measures are presented in this chapter of the annual report.
The RMS and the ICS of METRO are implemented by the Group Governance department based on the recommendations of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the requirements of the audit standards 981 and 982 of the Institut der Wirtschaftsprüfer in Deutschland e. V. (IDW, Institute of Public Auditors in Germany). Accordingly, the management systems consist of the following elements:
Risk management system and internal control system
Objectives of the RMS and ICS
The overarching objectives of the RMS and ICS are to protect assets and support sustainable growth for METRO. The RMS supports these objectives through systematic reporting on opportunities and risks. It facilitates informed decisions and creates transparency. The ICS supports the aforementioned objectives by creating reliable operational and financial processes in order to ensure accuracy, completeness and timeliness of financial reporting in particular and compliance with laws and guidelines.
Organisation of the RMS and ICS
Group-wide RMS and ICS tasks and responsibilities are clearly defined and reflect our corporate structure. We combine centralised business management by the management holding company METRO AG with the decentralised responsibility of the sales companies for the operational business and the service companies that support the operational business.
It is the responsibility and a legal obligation of the Management Board of METRO AG to organise a governance management system for METRO. We regard the risk management system, the internal control system, the compliance management system (CMS) as well as Internal Audit to be components of the governance, risk and compliance system (GRC system). This organisational structure is based on the governance elements identified in § 107 Section 3 of the German Stock Corporation Act (AktG) as well as the German Corporate Governance Code. The fundamental principles of the GRC system are defined and documented in our governance, risk and compliance guideline. On this basis, we continuously work on increasing the efficiency and effectiveness of the GRC system.
The group’s Governance, Risk and Compliance Committee (GRCC) is chaired by the Chief Financial Officer of METRO AG and regularly discusses methods and further developments of the GRC subsystems. The structural and procedural organisation of the RMS and the ICS are clearly defined in the relevant guidelines and implemented throughout the group.