The Lenzing Group’s internal control system is designed to safeguard the reliability of financial reporting, ensure compliance with legal regulations and corporate guidelines, and present the risks not reported on the consolidated statement of financial position or in the consolidated income statement. The Managing Board is responsible for establishing and implementing the Lenzing Group’s internal control system.
The Lenzing Group’s organizational structure and processes form the main basis for the control environment and the internal control system. In the area of organizational structure, competencies and responsibilities are clearly assigned at the Group’s various management and hierarchical levels. In addition to the Austrian sites, this includes all international subsidiaries. Key Group functions are centralized in corporate centers which reflect Lenzing’s global market presence as well as its decentralized business and site structure. The respective management teams are responsible for coordinating and monitoring business operations at national level.
The company’s process organization is characterized by a highly developed and extensive set of rules. This creates an adequate basis for a strong control environment and control system. Important Group-wide approval processes and responsibilities are defined in the Lenzing Group Mandates. The management of each business area or department is responsible for monitoring compliance with the respective regulations and controls.
Financial reporting
The Corporate Accounting & Tax Department has central responsibility for financial reporting, the accounting-related internal control system, and tax issues within the Lenzing Group.
The goal of the accounting-related control system is to ensure the uniform application of legal standards, generally accepted accounting principles, and the accounting regulations specified in the Austrian Commercial Code. This system also covers the consolidated accounting process and thereby ensures compliance with the rules defined by International Financial Reporting Standards (IFRS) and internal accounting guidelines, in particular the Group accounting manual and schedules. The accounting-related internal control system is designed to safeguard the timely, uniform and accurate recording of all business processes and transactions. It thereby supports the preparation of reliable data and reports on the Lenzing Group’s financial position and financial performance. The subsidiaries included in the consolidated financial statements prepare financial statements in accordance with both local laws and IFRS standards at the company level on a timely basis. They are supported and monitored in these activities by the Corporate Accounting & Tax function. The Supervisory Board’s Audit Committee is integrated in the accounting-related control system. In addition, the annual financial statements are audited by external certified public accountants and the half-year financial statements are reviewed on a voluntary basis.
The Global Treasury Department, and above all the payments unit, is classified as a highly sensitive area due to its direct access to the company’s assets. The accompanying increased need for security is reflected in comprehensive regulations and instructions for all relevant processes. The entire process, from procurement through to payment, is subject to stringent corporate guidelines. These guidelines are largely supported by a Group-wide IT system which requires stringent functional separation, a clear authorization concept to prevent authorization conflicts as well as a stringent dual control principle for transaction settlement, in particular for payments, as well as regular reporting, among other measures.
The Internal Audit Department is responsible for monitoring the application of, and compliance with, controls in business operations.
Compliance with legal regulations and internal guidelines
The Lenzing Group’s Legal, Intellectual Property & Compliance Department is responsible for legal management. This centralized function handles certain legal matters within the Lenzing Group and is also responsible for the Compliance Management System (CMS). Together with the Managing Board, it oversees Group-wide compliance with certain legal regulations and internal guidelines as well as the prevention of related violations. The Legal, Intellectual Property & Compliance Department reports directly to the Lenzing Group CEO. The CMS evaluates compliance-relevant risks in the narrower sense, analyzes deviations from standards and, if necessary, takes measures to reduce them (“prevent, detect, respond”). In addition, the Compliance Department draws up guidelines relevant to compliance (such as anti-bribery and anti-corruption directives as well as antitrust directives) and organizes worldwide training for employees on these matters. The department also supports specialist departments responsible for compliance with other legal and internal company regulations. The Managing Board and the Supervisory Board (or the Audit Committee) receive regular reports on compliance measures.
The Lenzing Group complies with the rules defined by the Austrian Corporate Governance Code (ACGC) and prepares a Corporate Governance Report which is published as part of the Annual Report. The Corporate Governance Report requires the participation of the Supervisory Board, which delegates the responsibility for monitoring compliance with the related obligations to the Audit Committee.
The Corporate Audit Department is independent of all other organizational units and business processes and reports directly to the CFO. It evaluates whether the Group’s resources are deployed legally, economically, efficiently and correctly in the interests of sustainable development. The Corporate Audit Department’s activities are based on the international standards published by the Institute of Internal Auditors (IIA). The individual audits are conducted on the basis of the audit plan approved by the Lenzing Managing Board. The audit reports also include, among other items, recommendations and actions that are followed up by the Audit Department. Regular reporting to the Managing Board and the Audit Committee ensure the proper functioning of the internal control system.
Reporting of risks outside the statement of financial position and income statement
The Risk Management Department is responsible for the reporting of risks that are not reported on the statement of financial position or in the income statement. A semi-annual risk report is prepared. The major risks are also discussed in the Annual Report. The risk report is based on the international COSO® standards (Committee of Sponsoring Organizations of the Treadway Commission).
Enterprise Risk Management adopts a holistic approach in this context. In addition to corporate and project risks included in medium-term planning, the focus in the further development of Lenzing’s risk management is increasingly on the long-term consideration and evaluation of ESG criteria and the associated opportunities and risks for the sustainable development of the Lenzing Group’s performance and profitability.