Accounting-related internal control system
Deutsche Telekom AG’s internal control system (ICS) is based on the internationally recognized COSO (Committee of Sponsoring Organizations of the Treadway Commission) Internal Control – Integrated Framework, COSO I, as amended on May 14, 2013.
The Audit Committee of the Supervisory Board of Deutsche Telekom AG monitors the effectiveness of the ICS as required by § 107 (3) sentence 2 AktG. The Board of Management is responsible for defining the scope and structure of the ICS at its discretion. Internal Audit is responsible for independently reviewing the functionality and effectiveness of the ICS in the Group and at Deutsche Telekom AG, and, to comply with this task, has comprehensive information, audit, and inspection rights. In addition, the external auditors conduct a risk-oriented audit to verify the effectiveness of those parts of the ICS that are relevant to financial reporting.
The accounting-related ICS comprises the principles, methods, and measures used to ensure appropriate accounting. It is continuously being refined and aims to ensure the consolidated financial statements of Deutsche Telekom are prepared in accordance with the International Financial Reporting Standards (IFRS) as adopted by the European Union, as well as with the regulations under commercial law as set forth in § 315a (1) HGB. Another objective of the accounting-related ICS is the preparation of the annual financial statements of Deutsche Telekom AG and the combined management report in accordance with German GAAP.
It is generally true of any ICS that regardless of how it is specifically structured there can be no absolute guarantee that it will achieve its objectives. Therefore, as regards the accounting-related ICS, there can only ever be relative, but no absolute, certainty that material accounting misstatements can be prevented or detected.
Group Accounting manages the processes of Group accounting and management reporting. Laws, accounting standards, and other pronouncements are continuously analyzed as to whether and to what extent they are relevant and how they impact on financial reporting. The relevant requirements are defined in the Group Accounting Manual, for example, communicated to the relevant units and, together with the financial reporting calendar that is binding throughout the Group, form the basis of the financial reporting process. In addition, supplementary process directives such as the Intercompany Policy, standardized reporting formats, IT systems, as well as IT-based reporting and consolidation processes support the process of uniform and compliant Group accounting. Where necessary, we also draw on the services of external service providers, for example, for measuring pension obligations. Group Accounting ensures that these requirements are complied with consistently throughout the Group. The staff involved in the accounting process receive regular training. Deutsche Telekom AG and the Group companies are responsible for ensuring that Group-wide policies and procedures are complied with. The Group companies ensure the compliance and timeliness of their accounting-related processes and systems and, in doing so, are supported and monitored by Group Accounting.
Operational accounting processes at the national and international level are increasingly managed by our shared service centers. Harmonizing the processes enhances their efficiency and quality and in turn, improves the reliability of the internal ICS. The ICS thus safeguards both the quality of internal processes at the shared service centers and the interfaces to the Group companies by means of adequate controls and an internal certification process.
Internal controls are embedded in the accounting process depending on risk levels. The accounting-related ICS comprises both preventive and detective controls, which include:
- IT-based and manual data matching
- The segregation of functions
- The dual checking principle
- Monitoring controls
- General IT checks such as access management in IT systems, and change management
We have implemented a standardized process throughout the Group for monitoring the effectiveness of the accounting-related ICS. This process systematically focuses on risks of possible misstatements in the consolidated financial statements. At the beginning of the year, specific accounts and accounting-related process steps are selected based on risk factors. They are then reviewed for effectiveness in the course of the year. If control weaknesses are found, they are analyzed and assessed, particularly in terms of their impact on the consolidated financial statements and the combined management report. Material control weaknesses, the action plans for eradicating them, and ongoing progress are reported to the Board of Management and additionally to the Audit Committee of the Supervisory Board of Deutsche Telekom AG. In order to ensure a high-quality accounting-related ICS, Internal Audit is closely involved in all stages of the process.