If you use this site, you agree to our use of cookies. More information I accept cookies

Report on the key features of the Group's internal control and risk management systems with regard to accounting procedures

In accordance with Section 243a (2) of the Austrian Commercial Code (Unternehmensgesetzbuch, UGB), companies whose shares are traded on the regulated markets must describe the key features of their internal control and risk management system with regard to accounting procedures in their management reports.

It is the responsibility of the Management Board to establish a suitable internal control and risk management system for accounting procedures pursuant to Section 82 of the Austrian Stock Corporation Act (Aktiengesetz, AktG). Therefore, the Management Board of voestalpine AG has adopted guidelines that are binding for the entire Group.

In line with the decentralized structure of the voestalpine Group, the local management of each Group company is obligated to establish and refine an internal control and risk management system for accounting procedures that meets the requirements of that individual company and ensures compliance with existing Group-wide guidelines and regulations.

The entire process, from procurement to payment, is subject to strict and unified Group-wide guidelines that are designed to reduce the risks associated with the business processes to a minimum. These Group guidelines set forth measures and rules for avoiding risk, such as the separation of functions, signature authority rules, and particularly signatory powers for authorizing payments that apply only collectively and are limited to only a few persons (four-eyes principle).

In this context, control measures for IT security constitute a cornerstone of the internal control system. Issuing IT authorizations restrictively supports the separation and/or segmentation of sensitive activities. Accounting in the individual Group companies is largely performed using SAP software. The reliability of these SAP systems is being guaranteed by automated business process controls that are built into the system as well as by other methods. Reports about critical authorizations and authorization conflicts are generated automatically.

In preparing the consolidated financial statements, the data for fully consolidated entities is transferred to the unified Group consolidation and reporting system.

The unified Group accounting policies for recording, posting, and recognition of commercial transactions are regulated in the voestalpine consolidated financial statements handbook and are binding for all Group companies.

On the one hand, automatic controls built into the reporting and consolidation system, together with numerous manual reviews on the other are implemented in order to avoid material misstatements to the greatest extent possible. These controls extend from management reviews and discussions of income and expenses for each period to the specific reconciliation of accounts. The summarizing presentation of how the Group reports its accounting processes is provided in the voestalpine AG controlling handbook.

The accounting and controlling departments of the individual Group companies submit monthly reports with key performance indicators (KPIs) to their own managing directors and management boards of the divisions, and, after approval, to the holding division Corporate Accounting & Reporting to be aggregated, consolidated, and reported to the Group Management Board. Quarterly reports are submitted to the supervisory board, management board or advisory board of each Group company and a consolidated report is submitted to the Supervisory Board of voestalpine AG.

Besides operational risks, accounting procedures are also subject to the Group risk management. In this context, possible risks regarding accounting are analyzed on a regular basis, and measures to avoid them are taken. The focus is placed on those risks that are regarded as fundamental to the activities of that company. Compliance with the internal control system, including the required quality standards, is monitored on an ongoing basis in the form of audits at the Group company level. The Internal Audit department works closely with the responsible Management Board members and managing directors. The Internal Audit department reports directly to the CEO and submits reports periodically to the Management Board and, subsequently, to the Audit Committee of the Supervisory Board of voestalpine AG.

The control systems and their Group-wide implementation are also subject to audit procedures by the auditor within the scope of the inspection of the annual financial statements and the consolidated annual financial statements to the extent that these control systems are relevant to the preparation of the Group’s consolidated financial statements and to a true and fair view of the Group’s financial position.

About voestalpine

In its business segments, voestalpine is a globally leading technology and capital goods group with a unique combination of material and processing expertise. With its top-quality products and system solutions using steel and other metals, it is a leading partner to the automotive and consumer goods industries in Europe and to the aerospace, oil and gas industries worldwide. The voestalpine Group is also the world market leader in turnout technology, special rails, tool steel, and special sections.


50 Countries on all 5 continents
500 Group companies and locations
50,000 Employees worldwide

Earnings FY 2016/17

€ 11.3 Billion


€ 1.54 Billion


To the Top