Principles of the accounting-related internal control and risk management system
The Lufthansa Group’s internal control system covers all the principles, procedures and steps intended to ensure effective, economical and accurate accounting and compliance with the relevant legal regulations. It is based on the COSO model (Committee of the Sponsoring Organizations of the Treadway Commission). There have been no significant changes since the reporting date.
Overall responsibility for the internal control system required to manage risk lies with the Executive Board of Deutsche Lufthansa AG, which defines the scope and the format of the systems in place based on the specific requirements of the Lufthansa Group.
The internal monitoring system at the Lufthansa Group consists of monitoring procedures both integrated into and independent of business processes. In addition to manual process controls – such as the need for dual signatures – automatic IT process controls form a vital part of the integrated monitoring procedures.
The Supervisory Board, particularly the Audit Committee of Deutsche Lufthansa AG, the Corporate Audit department of Deutsche Lufthansa AG and the decentralised internal audit departments at Group companies are embedded in the internal monitoring system for the Lufthansa Group and act independently of business processes.
The Audit Committee of Deutsche Lufthansa AG monitors the effectiveness of the internal control and risk management system on the basis of Section 107 Paragraph 3 German Stock Corporation Act (AktG).
The auditors of the consolidated financial statements and other instances, such as tax audits, exercise a wider control function, independently of business processes, for the Lufthansa Group. In particular, the audit of the consolidated financial statements and the review of the accounts presented by the Group companies constitute the main independent monitoring steps in relation to consolidated accounting procedures.
Risk management at the Lufthansa Group is defined as a logical system of rules covering all business activities and based on a defined risk strategy, which consists of a systematic, permanent process with the following elements: risk identification (identification, analysis, evaluation), risk management and risk communications (documentation and internal communications) and monitoring these activities.
The risk management system is a component of the internal control system and in terms of financial reporting is directed at the risk of misstatements in the consolidated accounting and in external reporting. The objective of the internal control system for accounting processes is by making checks to provide a reasonable degree of certainty that the consolidated financial statements conform to regulations, despite the risks identified.
Principle structures, processes and controls
The Lufthansa accounting guidelines govern uniform accounting standards for the domestic and foreign companies included in the Lufthansa consolidated financial statements in accordance with International Financial Reporting Standards (IFRS). In addition to general accounting principles and methods this relates above all to rules for the balance sheet, income statement, notes, cash flow statement and segment reporting in accordance with the legal situation in the EU. For the domestic German companies in the Group a guideline defines rules for drawing up individual financial statements in line with the German Commercial Code (HGB).
The elements of the internal control system are aimed at ensuring the accuracy and reliability of consolidated financial reporting and guarantee that business transactions are recognised in full and at the proper time in accordance with statutory regulations and Lufthansa’s Articles of Association. Furthermore, they ensure that inventories are carried out correctly and that assets and liabilities are accurately recognised, measured and disclosed in the consolidated financial statements. The regulations also ensure that the accounting documents provide reliable, comprehensible information.
The controlling activities to ensure the accuracy and reliability of the accounting include analytical reviews using specific performance indicators as well as the execution and control of important and complex transactions by different people. The separation of administrative, executive, accounting and authorisation functions and their performance by different individuals (dual signatures) reduce the risk of fraud.
Internal guidelines also govern specific formal requirements made of the consolidated financial statements. Establishing the group of consolidated companies is defined in detail, as are the components of the reports to be drawn up by the Group companies and their transmission to the central consolidation system. The formal requirements relate to the mandatory use of a standardised and complete set of reporting forms and a uniform account framework for the Group. The internal guidelines also include concrete instructions on presenting and carrying out netting procedures within the Group and confirming the resulting account balances. Confirmation of account balances for the entire Group takes place via an internet-based platform.
At Group level the specific control activities to ensure the accuracy and reliability of consolidated financial reporting include the analysis and if necessary restatement of separate financial statements prepared by Group companies, taking into account the auditors’ reports and meetings held to discuss them. The accuracy and completeness of the reporting packages presented by the individual companies in the Group are confirmed by the respective auditors in their report. Individual financial statements that contain errors are selected and restated as necessary at Group level on the basis of control mechanisms already defined in the consolidation software SAP SEM-BCS system and/or by systematic plausibility checks. The consolidation system dictates the different deadlines for various elements of the reporting packages and verifies centrally that they are adhered to during the preparation process. Changes to sections of the accounts that have already been closed can then only be made following authorisation in the system by the department responsible for the consolidated financial statements. The centralised controlling of impairment tests for the specific cash-generating units from the Group perspective ensures that uniform, standardised measurement criteria are applied.
The scope of regulations at Group level extends to the centralised definition of the parameters to be used for measuring pension provisions. Expert opinions for determining the amount of pension provisions are prepared by external consultants. Furthermore, the data used to prepare external information in the Notes to the financial statements and the management report are prepared and aggregated centrally. The accounting-based internal control system also aims to ensure that the financial statements for Deutsche Lufthansa AG are prepared in accordance with the provisions of commercial law laid down in the German Commercial Code (HGB).
The accounting-related processes are examined independently and regularly by the Corporate Audit department and by the internal auditing departments of the Group companies.
Use of IT systems
Book-keeping for the individual financial statements of subsidiaries of Deutsche Lufthansa AG generally takes place in local book-keeping systems from SAP, either locally or using the Group’s own shared service centres. To prepare the consolidated financial statements for Deutsche Lufthansa AG the individual financial statements of the Group companies are supplemented by additional information to form standardised reporting packages, which are then entered into the consolidation software SAP SEM-BCS by the companies, either automatically via transfer interfaces or by means of a data capture module. The Group auditors put SAP SEM-BCS through a specific system test when it was introduced. Any adjustments made to the system are subject to regular reviews by the auditors.
The SAP SEM-BCS system generates and documents all the steps taken to prepare the consolidated financial statements for Deutsche Lufthansa AG, such as capital consolidation, consolidation of liabilities, the elimination of intra-Group expenses and profits, and the equity valuation. Consolidation takes place simultaneously.
The IT systems used for accounting are protected against unauthorised access by special security precautions.
By means of the organisational, control and monitoring structures defined for the Lufthansa Group, the internal control and risk management system enables all matters affecting the Company to be captured, processed and evaluated and to be presented adequately in the Group’s financial reporting.
The effectiveness and reliability of the control and risk management systems deployed can be restricted by the use of individual discretion, faulty checks, criminal acts by related persons and other factors, so that even the application of these systems throughout the Group cannot guarantee complete certainty regarding the accuracy, completeness and timeliness with which matters are recognised in consolidated financial reporting.
These statements only relate to Deutsche Lufthansa AG and the significant subsidiaries included in the consolidated financial statements of Deutsche Lufthansa AG that are under the legal or effective control of Deutsche Lufthansa AG.