Management of Deutsche Bank and its consolidated subsidiaries is responsible for establishing and maintaining adequate internal control over financial reporting (“ICOFR”). Our internal control over financial reporting is a process designed under the supervision of our Chairman of the Management Board and our Chief Financial Officer to provide reasonable assurance regarding the reliability of financial reporting and the preparation of the firm’s consolidated financial statements for external reporting purposes in accordance with International Financial Reporting Standards (IFRS). ICOFR includes our disclosure controls and procedures to prevent misstatements.
Risks in financial reporting
The main risks in financial reporting are that either financial statements are not fairly presented due to inadvertent or intentional errors (fraud) or the publication of financial statements is delayed. These risks may reduce investor confidence or cause reputational damage and may have legal consequences including banking regulatory intervention. A lack of fair presentation arises when one or more financial statement amounts or disclosures contain misstatements (or omissions) that are material. Misstatements could be deemed material if they could individually or collectively, influence economic decisions that users make on the basis of the financial statements.
To address those risks of financial reporting, management of the Group has established ICOFR to provide reasonable but not absolute assurance against misstatements. The design of the ICOFR is based on the internal control framework established in Internal control – Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). COSO recommends the establishment of specific objectives to facilitate the design and evaluate adequacy of a control system. As a result in establishing ICOFR, management has adopted the following financial statement objectives:
- Existence – assets and liabilities exist and transactions have occurred.
- Completeness – all transactions are recorded, account balances are included in the financial statements.
- Valuation – assets, liabilities and transactions are recorded in the financial reports at the appropriate amounts.
- Rights and Obligations and ownership – rights and obligations are appropriately recorded as assets and liabilities.
- Presentation and disclosures – classification, disclosure and presentation of financial reporting is appropriate.
- Safeguarding of assets – unauthorized acquisitions, use or disposition of assets is prevented or detected in a timely manner.
However, any internal control system, including ICOFR, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of that control system are met. As such, disclosure controls and procedures or systems for ICOFR may not prevent all error and all fraud. Further, the design of a control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs.
Organization of Internal Control System
Functions involved in the system of internal control over financial reporting
As the books and records form the basis of the financial statements, controls within the system of ICOFR are performed by all business functions and the respective infrastructure functions with an involvement in assuring the reliability of those books and records. As a result, the operation of ICOFR involves a large number of staff based mainly in the following functions: Finance, Group Technology and Operations, Legal, Risk & Capital and Tax.
Finance is responsible for the periodic preparation of the financial statements and operates independently from the businesses. Within Finance, different departments have control responsibilities which contribute to the overall preparation process:
- Finance specialists for businesses or entities – responsible for assuring the quality of financial data by performing validation and control. They are in close contact with business, infrastructure and legal entity management and employ their specific knowledge to address financial reporting issues arising on products and transactions, as well as validating reserving and other judgmental adjustments. They also provide oversight of the performance of controls over individual transactions and balances. Entity and business related specialists add the perspective of legal entities to the business view and sign-off on the financial reporting of their entities.
- Finance-Group – responsible for Group-wide activities which include the preparation of group financial and management information, forecasting and planning, risk reporting. Finance-Group set the reporting timetables, perform the consolidation and aggregation processes, effect the elimination entries for inter and intra group activities, control the access and adjustment processes, compile the Group financial statements, consider and incorporate comments as to content and presentation made by senior management, SOx and Disclosure Steering Committee members and external advisors.
- Accounting Policy and Advisory Group (“APAG”) – responsible for developing the Group’s interpretation of international accounting standards and their consistent application within the Group. APAG provides accounting advice and consulting services to Finance and the wider business, and ensures the timely resolution of corporate and transaction-specific accounting issues.
- Global Valuation Oversight Group (“GVO”) and business aligned valuation specialists – responsible for developing policies and minimum standards for valuation, and provides related implementation guidance when undertaking valuation control work. This is in addition to challenging and validating valuation control results, and acting as the single point of contact for valuation topics with external third parties (such as regulators and auditors).
The operation of ICOFR is also importantly supported by Group Technology and Operations, Legal, Risk & Capital and Group Tax. Although these functions are not directly involved in the financial preparation process, they significantly contribute to the overall control of financial information:
- Group Technology and Operations (“GTO”) – responsible for confirming transactions with counterparties, performing reconciliations both internally and externally of financial information between systems, depots and exchanges. GTO also undertake all transaction settlement activity on behalf of the Group and perform reconciliations of nostro account balances.
- Legal, Risk & Capital (“LRC”) – through their responsibility for developing policies and standards for managing credit, market and operational risks. LRC identifies and assesses the adequacy of credit and operational provisions. The Legal department manages legal risks and identifies and assesses legal risk provisions.
- Group Tax – responsible to produce complete and correct income tax related financial data together with Finance, covering the assessment and planning of current and deferred income taxes and the collection of tax related information. Group Tax monitors the income tax position and controls the provisioning for tax risks.
Controls to minimize the risk of financial statement misstatement
The system of ICOFR consists of a large number of internal controls and procedures to minimize the risk of misstatement of the financial statements. Such controls will include those which:
- are ongoing or permanent in nature such as supervision within written policies and procedures or segregation of duties,
- operate on a periodic basis such as those which are performed as part of the annual financial statement compilation process.
- are preventative or detective in nature.
- have a direct or indirect impact on the financial statements themselves. Controls which have an indirect effect on the financial statements include IT general controls such as system access and deployment controls whereas a control with a direct impact could be, for example, a reconciliation which directly supports a balance sheet line item.
- feature automated and/or manual components. Automated controls are control functions embedded within system processes such as application enforced segregation of duty controls and interface checks over the completeness and accuracy of inputs. Manual internal controls are those operated by an individual or group of individuals such as authorization of transactions.
The resulting combination of individual controls encompasses all of the following aspects of ICOFR:
- Accounting policy – design and implementation. To ensure the globally consistent recording and reporting of the Group’s business activities in accordance with authorized accounting policies.
- Reference data. Controls over reference data in relation to the general ledger, on and off-balance sheet and product reference data.
- Transaction approval, capture and confirmation. Controls to ensure the completeness and accuracy of recorded transactions and that they are appropriately authorized. Controls include transaction confirmations which are sent to and received from counterparties to ensure that trade details are corroborated.
- Reconciliation controls, both externally and internally. Inter-system reconciliations are performed between relevant systems for all trades, transactions, positions or relevant parameters. External reconciliations include nostro account, depot and exchange reconciliations.
- Valuation including Independent Price Verification process (“IPV”). Finance performs valuation controls (“VC”) at least monthly, in order to gain comfort as to the reasonableness of the front office valuation. The results of the VC processes are independently reviewed by the Global Valuation Oversight Group. The results of the VC process are assessed on a monthly basis by the Valuation Control Oversight Committee. Business aligned valuation specialists focus on valuation approaches and methodologies for various asset classes and perform IPV for complex derivatives and structured products.
- Taxation. Controls to ensure tax calculations are performed properly and that tax balances are appropriately recorded in the financial statements.
- Reserving and judgmental adjustment. Controls include processes to ensure reserving and judgmental adjustments are authorized and are reported in accordance with the approved accounting policies.
- Balance Sheet Substantiation. The substantiation of balance sheet accounts involves determining the integrity of the general ledger account balances based on supporting evidence.
- Consolidation and other period end reporting controls. At period end, all businesses and regions submit their financial data to the Group for consolidation. Controls over consolidation include the validation of accounting entries required to eliminate the effect of inter and intra company activities. Period end reporting controls include general ledger month end close processes and the review of late adjustments.
- Financial Statement disclosure and presentation. The preparation and certification of disclosure checklists. Final review and sign-off of the Financial Statements by Senior Finance Management. The Financial Statements and the Management Report are – after approval of the Management Board – subject to review of the Supervisory Board and its Audit Committee.
Measuring effectiveness of internal control
Each year, management of the Group undertakes a formal evaluation of the adequacy and effectiveness of ICOFR. This assessment as of December 31, 2010 excludes internal controls relating to Deutsche Postbank AG, which was initially consolidated on December 3, 2010. This evaluation incorporates an assessment of the effectiveness of the control environment as well as the detailed controls taking into account:
- The financial misstatement risk of the relevant financial statement item, considering such factors as materiality and the susceptibility of the particular financial statement item to misstatement.
- The susceptibility of the control to failure, considering such factors as the degree of automation, complexity, risk of management override, competence of personnel and the level of judgment required.
These factors, in aggregate, determine the nature and extent of evidence that management requires in order to be able to assess whether or not the operation of the system of ICOFR is effective. The evidence itself is generated from procedures integrated with the daily responsibilities of staff or from procedures implemented specifically for purposes of the ICOFR evaluation. Information from other sources also form an important component of management’s evaluation since such evidence may either bring additional control issues to the attention of management or may corroborate findings. Such information sources include:
- Group Audit reports
- Reports on audits carried out by or on behalf of regulatory authorities
- External Auditor reports
- Reports commissioned to evaluate the effectiveness of outsourced processes to third parties
The result of management testing subject to the exclusion noted and the information from other sources lead to the conclusion of management that ICOFR is appropriately designed and operating effectively for 2010.
In addition, Group Audit provides assurance over the design and operating effectiveness of ICOFR by performing periodic and ad-hoc risk-based audits. Reports are produced summarizing the results from each audit performed which are distributed to the responsible managers for the activities concerned. These reports, together with the evidence generated by specific further procedures that Group Audit performs for the purpose provide evidence to support the annual evaluation by management of the overall operating effectiveness of the ICOFR.