Internal control system

Structure of the internal control system (ICS)

Our internal control system (ICS) was designed to follow the internationally recognized COSO framework for internal control systems (COSO: Committee of Sponsoring Organizations of the Treadway Commission) and is continuously updated and improved.

A Group-wide guideline sets out the main principles and objectives of the ICS and specifies the structure of the ICS and the underlying role concept for the self-assessment.

The scope of the control objectives to be covered by the ICS is derived from a detailed risk analysis. Based on the risks identified and control objectives, minimum requirements are defined that must be covered through the implementation of suitable controls in the control frameworks of the divisions.

Our ICS generally comprises all companies. The scope of the activities to be carried out by each entity differs and depends on, among other things, the materiality of the entity for the consolidated financial statements and the specific risks that are associated with the entity. All companies are analyzed on the basis of quantitative and qualitative aspects and categorized into companies material to the ICS in consideration of relevant financial figures and functional KPIs.

 Internal control system in the functions

  Disclosures unrelated to the management report (unaudited), preliminary remarks.

The ICS of DHL Group takes the Finance, Human Resources (HR), Compliance, IT and Operations into account as part of the functional design of the Group-wide risk landscape.

The Group-wide risk landscape is supplemented for the respective function as part of an extended risk analysis and regularly reviewed, also including the consideration of sustainability-related targets within the ESG Roadmap. Risks and controls in this regard are identified and assigned to the respective functions and covered by the control frameworks of the divisions. Self-assessments are carried out in all functions, documented and prepared in a central reporting tool.

The goal of taking all functions of the Group into account is to ensure compliance with applicable standards and internal Group regulations as well as divisional and local provisions in all business transactions and the core processes.

The compliance management system (CMS) is a major component of the monitoring system of DHL Group. The CMS was established with the goal of creating rules, standards and processes for conduct compliant with laws and guidelines as well as measurable self-commitments. Therefore, it serves to protect DHL Group from financial risks and damage to its reputation, to minimize personal liability risks of governing bodies, managers and other employees, and to avoid competitive disadvantages.

The CMS is organized according to divisions. The Compliance Committee acts as a joint decision-making body chaired by the Chief Compliance Officer. The Compliance Committee facilitates the exchange of information on developments in compliance management in the individual divisions, coordinates fundamental strategic questions related to the CMS and ensures consistent implementation in the divisions.

Compliance management at DHL Group is based on a values-oriented Code of Conduct that sets out a uniform Group-wide commitment to ethical, responsible and legally compliant conduct in business. Our managers act as role models and should set a good example to promote compliance. DHL Group uses targeted communication and regular training sessions to help its employees and business partners understand and adhere to the compliance guidelines and regulations.

At DHL Group, compliance risks are identified and assessed on a regular basis and systematically across all divisions. The identified risks are assessed and analyzed according to qualitative criteria and, if necessary, supplemented by further risk minimization measures.

Our compliance program comprises the preventive elements of guidelines, training sessions and business partner reviews. In addition, detective elements such as violation reporting and case processing management contribute to ensuring the business integrity of DHL Group. 

Accounting-related internal control system

The accounting-related ICS is an integral part of the accounting and financial reporting process of the companies included in the Group. The accounting-related ICS aims to ensure the compliance of (Group) accounting and financial reporting with generally accepted principles. Specifically, it is intended to ensure that all transactions are recorded promptly, accurately and in a uniform manner on the basis of the applicable norms, accounting standards and internal Group regulations. Accounting errors are to be avoided in principle, and material misrepresentations and errors detected promptly.

Within the framework of the ICS, we take organizational and process-related measures that involve all companies in the Group. Centrally standardized accounting guidelines govern the reconciliation of the single-entity financial statements and support uniform accounting pursuant to EU IFRSs throughout the Group. In addition, German generally accepted accounting principles (GAAP) have been established for Deutsche Post AG and the other Group companies subject to HGB reporting requirements. A standard chart of accounts is required to be applied by all Group companies. We immediately assess new developments in international accounting for relevance and announce their implementation in a timely manner, for example in newsletters. Often, accounting processes are pooled in a shared service center in order to centralize and standardize them. The IFRS financial statements of the individual Group companies are recorded in a standard, SAP-based system and then processed at a central location where one-step consolidation is performed. Other quality assurance components include automatic plausibility reviews and system validations of the accounting data. In addition, regular, manual checks are carried out centrally at the Corporate Center by Corporate Accounting & Controlling, Taxes and Corporate Finance. If necessary, we call in outside professionals with the requisite expertise. Finally, the Group’s standardized process of preparing financial statements by using a centrally administered financial statements calendar supports a structured and efficient accounting process.

The companies have implemented preventive and detective control mechanisms to address risks of material misrepresentation in reporting and covered division-specific as well as local requirements. To maintain the system’s effectiveness and implement continuous improvements, the ICS is subjected to regular reviews. To this end, self-assessments are carried out using the dual-control principle and documented in a central IT application. If a self-assessment results in the finding of inadequate control implementation, an action plan must be created, and the successful execution thereof must be confirmed by the person responsible for the process.

The results of the self-assessments are documented in a central reporting tool. The Supervisory Board, Board of Management and the functional bodies are regularly informed of the findings. In addition, this information is analyzed with regard to potential improvements.

Regular monitoring by Corporate Internal Audit

Over and above the ICS and risk management, Corporate Internal Audit is an essential component of the Group’s control and monitoring system. Using risk-based auditing procedures, Corporate Internal Audit regularly examines the processes related to financial reporting and reports its results to the Board of Management.

 Statement on the appropriateness and effectiveness of the RMS and ICS

Disclosures unrelated to the management report (unaudited), preliminary remarks.

Based on the regular reporting on the RMS and ICS, the analysis of the underlying results of the self-assessments and the appraisal of the reports from the internal audit department, the Board of Management is not aware of any circumstances that would cause it to believe that the design of the risk management system and the internal control system in its entirety is not appropriate and effective for the risk situation of DHL Group.

It should, however, always be taken into consideration that no ICS, regardless of how well designed, can offer absolute certainty that all material accounting misstatements will be avoided or detected.