Internal Audit represents the third line of defense of the Schaeffler Group’s governance structure. Internal Audit provides independent and objective audit and consulting services focused on adding value and improving business processes. The internal audit function contributes to meeting the corporate objectives the Schaeffler Group has communicated by assessing and helping to improve the effectiveness of the compliance management system, risk management, controls, and management and supervisory processes using a systematic and goal-oriented approach. Responsibility for establishing the internal audit function and for its effectiveness rests with the Board of Managing Directors and cannot be delegated. Hence, Internal Audit reports to the entire Board of Managing Directors. The head of Internal Audit reports directly to the Chief Executive Officer of Schaeffler AG and also reports to the chairman of the audit committee on a regular basis.
The Schaeffler Group has made the following arrangements to ensure the independence and objectivity of Internal Audit:
- direct organizational link to the Chief Executive Officer to ensure there are no gaps in audit coverage
- neither the head of Internal Audit nor audit staff have any operational responsibilities
- reports annually on potential impairment of independence to the Chief Executive Officer/Board of Managing Directors/audit committee
- The Board of Managing Directors has to approve and appropriately document the the audit planning and significant changes therein.
Internal Audit consists of the functions “Methods, Reporting and Quality Assurance”, “Corporate Audits” and “IT and Special Audits”. It also has locations in each of the Schaeffler Group’s four regions.
The responsibilities of Internal Audit specifically include, but are not limited to, the following activities:
- audit and assessment of the appropriateness, efficiency, and effectiveness of the internal control system
- audit and assessment of the appropriateness, efficiency, and effectiveness of the management and supervisory processes
- audit and assessment of the finance and accounting systems, the information system, and the reporting system
- audit and assessment of the effectiveness of risk and compliance management
- audit and assessment of the effectiveness of arrangements for preventing and detecting fraud
- audit of arrangements for safeguarding assets
- audit and assessment of the implementation of and compliance with legal requirements and the company’s internal rules (“orderliness“)
- performance of special investigations with respect to fraud, conflicts of interest and other irregularities
In a risk analysis done in preparation for audit assignments, Internal Audit exchanges information with other departments (e.g. Compliance and Corporate Security, Controlling, Legal, Quality, Risk Management).
In order to obtain sufficient reliable, relevant, and constructive information to achieve its audit objectives, Internal Audit regularly performs its audit assignments on location.
In its audit reports, Internal Audit communicates its findings, identifies the individuals responsible for implementation, and agrees remediation measures including a timeframe for their implementation. In a monitoring and follow-up process, Internal Audit monitors implementation of the remediation measures addressing identified deficiencies.
In accordance with the International Standards for the Professional Practice of Internal Auditing 2016 of the Institute of Internal Auditors (IIA), the head of Internal Audit has established a quality assurance and improvement program covering all of Internal Audit’s responsibilities.