Report on the key features of the Group’s internal control and risk management system with regard to accounting procedures

Pursuant to Section 243a (2) Austrian Commercial Code (Unternehmensgesetzbuch – UGB), Austrian companies whose shares are traded on a regulated market must describe the key features of their internal control and risk management system with regard to accounting procedures in their management reports.

Section 82 Austrian Stock Corporation Act (Aktiengesetz – AktG) requires the Management Board to establish a suitable internal control and risk management system for accounting procedures. The Management Board of voestalpine AG has adopted relevant guidelines that are binding on the entire Group. In line with the voestalpine Group’s decentralized structure, the local management of each Group company is obliged to establish and shape an internal control and risk management system for accounting procedures that meets the requirements of that individual company and ensures compliance with the relevant, existing Group-wide guidelines and regulations.

The entire process, from procurement to payment, is subject to strict and unified Group-wide guidelines that are designed to reduce the risks associated with the business processes to a minimum. These Group guidelines set forth measures and rules for avoiding risk, such as the strict separation of functions, signature authority rules and, particularly, signing powers for authorizing payments that apply only collectively and are limited to only a few persons (four-eyes principle).

In this context, control measures related to IT security are a cornerstone of the internal control system (ICS). Issuing IT authorizations restrictively supports the separation and/or segmentation of sensitive activities. The accounting in the individual Group companies is largely carried out using SAP software. The reliability of these SAP systems is guaranteed by automated business process controls that are built directly into the system as well as by other methods. Reports on critical authorizations and authorization conflicts are generated in an automated process.

To prepare the consolidated financial statements, the data pertaining to fully consolidated entities is transferred to the unified Group consolidation and reporting system. Group-wide accounting and valuation policies applicable to the recording, posting, and recognition of business transactions are governed by the voestalpine Consolidated Financial Statements Manual and are binding on all Group companies.

Automatic controls that are built into the consolidation and reporting system, for one, and numerous manual reviews, for another, have been put in place to avoid material misstatements to the greatest extent possible. These controls range from management reviews and discussions of income and expenses for each period to the specific reconciliation of accounts. voestalpine AG’s Controlling Manual contains a summarizing presentation of how the accounting system is organized.

The accounting and controlling departments of the individual Group companies submit monthly reports containing key performance indicators (KPIs) to their own managing directors and to the management boards of the respective divisions and, after approval, to the holding company’s Corporate Accounting & Reporting department to be aggregated, consolidated, and reported to the Group Management Board. Additional information, such as detailed target/performance comparisons, is prepared in a similar process as part of quarterly reporting. Quarterly reports are submitted to the supervisory board, board, or advisory board of the given Group company, and a consolidated report is submitted to the Supervisory Board of voestalpine AG.

Besides operational risks, the accounting system is also subject to Group risk management. In this context, possible accounting risks are analyzed on a regular basis, and measures to avoid them are taken. The focus is on those risks that are regarded as fundamental to the given company’s activities. Compliance with the ICS, including the required quality standards, is monitored on an ongoing basis through internal audits at the Group company level. Internal Audit works closely with the appropriate Management Board members and managing directors. It reports directly to the Chairman of the Management Board and submits reports periodically to the Management Board and, subsequently, to the Audit Committee of the Supervisory Board of voestalpine AG.

About voestalpine

In its business segments, voestalpine is a globally leading steel and technology group with a unique combination of materials and processing expertise. voestalpine, which operates globally, has around 500 Group companies and locations in more than 50 countries on all five continents. It has been listed on the Vienna Stock Exchange since 1995. With its top-quality products and system solutions, it is a leading partner to the automotive and consumer goods industries as well as the aerospace and oil & gas industries, and is also the world market leader in railway systems, tool steel, and special sections. voestalpine is fully committed to the global climate goals and is working intensively to develop technologies which will allow it to decarbonize and reduce its CO2 emissions over the long term. In the business year 2019/20, the Group generated revenue of EUR 12.7 billion, with an operating result (EBITDA) of EUR 1.2 billion; it had about 49,000 employees worldwide.


50 Countries on all 5 continents
500 Group companies and locations
49,000 Employees worldwide

Earnings FY 2019/20

€ 12.7 Billion


€ 1.2 Billion


To the Top