ÖBB Annual Report 2023

103 Group Management Report Österreichische Bundesbahnen-Holding Aktiengesellschaft Consolidated Financial Statements | Group Management Report 58 Risk assessment and control activities The process documentation forms the basis for periodically identifying and recording the main risks. Suitable control activities are determined in order to reduce the risk to an appropriate level. The effectiveness of the controls is reviewed and documented through periodic self-evaluation. A set of generic key risks organised by category has been formulated for risk identification. Should a key risk be present, this must be addressed directly and mandatorily by the respective Group companies through adequate controls. The ÖBB Group has set up its own internal audit office owing to the size of the company. The Internal Audit function verifies the existence of an efficient ICS in the Group companies. It audits certain ICS elements on the basis of an approved annual audit plan. The findings are reported to the audit committee of the respective Supervisory Board in the form of an activity report. A compliance personnel office has also been established. It is not subject to directives in its ad hoc monitoring activities and is supported by compliance officers from all subgroups. Putting preventive measures in place is a further essential aspect of compliance. GRI 2-26 Information and communication Regardless of the group-wide harmonisation, in accordance with the Group’s decentralised structure, each subgroup has an appropriate, effective ICP. The installation and maintenance are therefore performed on their own authority. A Group-wide minimum standard for the implementation of the ICS has been published. It is regularly evaluated and adjusted if necessary. Furthermore, the organisational units of the Group are obliged to provide software-supported, standardised documentation. The risk areas identified within the process are recorded with the planned mitigating key controls and the associated test steps. This non-editable, annotated and comprehensible data also forms the basis for reporting to management and the audit committees of the respective Group companies. Monitoring The specified control steps are tested on an ongoing basis and selective checks are conducted by Group Internal Audit. In addition, the audit of the ICS in the accounting process is a fixed component of the audit of the financial statements by the auditors. The Audit Committee of the Supervisory Board monitors the effectiveness of the ICS on the basis of regular reporting by the Management Board. Accounting The ICS for the accounting process is also part of the auditors’ audit programme as part of the audit of the annual financial statements. As far as the pre-accounting processes are concerned, broad standardisation was achieved. For this purpose, the relevant processes have been transferred since 2005 to a Group-wide unit for accounting services within ÖBB-Business Competence Center GmbH. ÖBB-Business Competence Center GmbH provides operational support to ÖBB-Holding AG in its harmonisation activities through appropriately coordinated auditing, evaluation and commenting tasks. SAP software is used to account for all business transactions within ÖBB Group. Some foreign subsidiaries also use other software solutions. Data transfer is largely automated in the SAP S / 4HANA Group system. The data is also delivered to ÖBB-Holding AG for centralised processing in the SAP SEM-BCS consolidation system. Corporate accounting is based on an IFRS Group manual, published and regularly updated by the Accounting Department of ÖBB-Holding AG. As a result, significant IFRS-based accounting requirements are specified and communicated throughout the Group. The Accounting team is regularly trained on new developments in accounting to avoid any risk of accidental misstatement. MR58 |