Due and proper accounting assured by internal control system in accordance with section 289 (4) section 315 (4) of the German Commercial Code

The internal control system for the accounting process comprises all principles, methods and measures within the Koenig & Bauer Group for ensuring effective, economical and proper accounting in accordance with all applicable legal requirements. Policies and work instructions supplement the organisational and control structures.

The internal control system forms part of Koenig & Bauer’s internal governance, risk management and compliance (GRC) system and comprises a series of process-integrated control activities. The ICS is based on the “three lines of defence” model and clearly defines the responsibilities of the three lines: the operational level at the first line, the central ICS department as a coordinating and advisory link at the second line and internal audit at the third line, followed by the external auditor.

The internal control system for the financially relevant core processes has the task of ensuring the correctness, reliability and accuracy of accounting and external reporting activities.

In formalising the elements of the internal control system, national legislation as well as internationally recognised frameworks (such as COSO) have been duly observed. The focus is on the controls integrated in the core processes and IT systems.

Continuous improvement and further development to enhance robustness and functionality is ensured by the formalised control mechanism.

In addition to the preventive controls, the balanced standard set of process-integrated controls also includes downstream controls, which are both fully automated and partially automated, as well as the few necessary manual controls in accordance with the dual sign-office principle or in the form of self-controls.

The ICS roles are clearly defined in the ICS role pyramid, under which responsibility for the design of the controls lies with the control owners and responsibility for monitoring these controls with management staff.

The central ICS department updates the Management Board and the Audit Committee at least annually on the internal control system. Any significant changes to the internal control system are immediately reported to the Management Board.

In addition to accounting for the holding company and a number of associated companies, Koenig & Bauer AG holds responsibility for Group accounting and controlling as well as Group compliance/internal auditing, corporate finance/treasury, taxes and human resources/training. The controlling, human resources, compliance and, in some cases, accounting functions are located at the individual Group companies. The responsibilities are clearly assigned with an unambiguous separation of functions in the units involved in the accounting process. All departments involved in the accounting process have the appropriate resources. The allocation of appropriate rights ensures that the IT systems used for financial and payroll accounting are protected from unauthorised access.

The ERP environment, which has previously been characterised by proprietary developments, is gradually being migrated to the SAP system widely used in the mechanical and plant engineering sector. Following comprehensive planning of the enterprise-wide SAP project and an intensive period of fine-tuning, the staggered roll-out is currently underway. The roll-out is being executed in stages at other Group companies following the migration at the holding company Koenig & Bauer AG and Koenig & Bauer Industrial GmbH including Koenig & Bauer Giesserei GmbH, as well as Koenig & Bauer Banknote Solutions (DE) GmbH, Koenig & Bauer Banknote Solutions SA, Koenig & Bauer (AT) GmbH and Koenig & Bauer Digital and Webfed AG & Co.KG.

Group accounting is performed on a monthly basis using a consolidation program. Meticulous checks are performed on a quarterly basis. Accounting and measurement guidelines ensure that the principles defined by the International Accounting Standards Board (IASB) as endorsed by the European Union are uniformly applied. The risk management manual defines the process for identifying risks and the procedure for disclosing reportable risks. This ensures early detection of any risks at Koenig & Bauer AG and its subsidiaries and notification of the Management Board. The guidelines are regularly updated and expanded.

Random samples as well as manual or physical checks are performed to prevent any errors or omissions in accounting data. This includes annual inventory counts and work on the annual financial statements as well as asset counts in certain intervals. In addition, specially programmed plausibility checks are performed. The double sign-off principle is applied to all material transactions. Regular training and independent monitoring ensure that the consolidated financial statements comply with all applicable rules. Significant accounting-related processes and areas undergo analytical reviews particularly by internal auditing and controlling. The efficacy of the controls is verified by means of automated input, output and processing checks. External experts are also consulted where necessary, e.g. in the measurement of pension obligations.

Units granting approval are also separated from the units executing the transaction in question. In addition, write and read rights are assigned. There is a strict segregation of duties in the entry of transactions. Detailed powers and access restrictions are applied to employees with respect to the IT applications. Individual employees in the functional areas do not have any access rights to the full accounting process level (incoming goods, inventories, invoice checking, payment approval, remittance). The defined principles, methods and measures ensure that financial reporting complies with the statutory requirements.