Successful management of existing and emerging risks is critical to the long-term success of our business and to the achievement of our strategic objectives. In order to seize market opportunities and leverage the potential for success, risk must be accepted to a reasonable degree. Risk management is therefore an integral component of the Group’s Corporate Governance. 

The current financial year has seen the risk management framework which evolved last year after the merger become further embedded in the organisation and within the business planning cycle. The major enhancement in the current financial year was the upgrade of the risk and control software and unification of the two previous legacy systems into a single application, which has made reporting processes more efficient as a result. Our risk governance framework is set out below. 

Risk governance framework

Strategic direction and risk appetite

The Executive Board, with oversight by the Supervisory Board, determines the strategic direction of the TUI Group and agrees the nature and extent of the risks it is willing to take to achieve its strategic objectives. 

To ensure that the strategic direction chosen by the business represents the best of the strategic options open to it, the Executive Board is supported by the Group Strategy function. This function exists to facilitate and inform the Executive Board’s assessment of the risk landscape and development of potential strategies by which it can drive long-term shareholder value. On an annual basis the Group Strategy function develops an in-depth fact base in a consistent format which outlines the market attractiveness, competitive position and financial performance by division and source market. These are then used to facilitate debate as to the level and type of risk that the Executive Board finds appropriate in the pursuit of its strategic objectives. The strategy, once fully defined, considered and approved by the Executive Board, is then incorporated into the Group’s three-year roadmap and helps to communicate the risk appetite and expectations of the organisation both internally and externally. 

Ultimate responsibility for the Group’s risk management rests with the Executive Board. Having determined and communicated the appropriate level of risk for the business, the Executive Board has established and maintains a risk management system to identify, assess, manage and monitor risks which could threaten the existence of the company or have a significant impact on the achievement of its strategic objectives: these are referred to as the principal risks of the Group. This risk management system includes an internally-published risk management policy which helps to reinforce the tone set from the top on risk, by instilling an appropriate risk culture in the organisation whereby employees are expected to be risk aware, control minded and “do the right thing”. The policy provides a formal structure for risk management to embed it in the fabric of the business. Each principal risk has assigned to it a member of the Executive Committee as overall risk sponsor to ensure that there is clarity of responsibility and to ensure that each of the principal risks are understood fully and managed effectively. 

The Executive Board regularly reports to the Audit Committee of the Supervisory Board on the overall risk position of the Group, on the individual principal risks and their management, and on the performance and effectiveness of the risk management system as a whole.

 

Risk Management System

The Risk Oversight Committee (ROC) ensures on behalf of the Executive Board that business risks are identified, assessed, managed and monitored across the businesses and functions of the Group. Meeting on at least a quarterly basis, the ROC’s responsibilities include considering the principal risks to the Group’s strategy and the risk appetite for each of those risks, assessing the operational effectiveness of the controls in place to manage those risks and any action plans to further improve controls, and reviewing the bottom-up risk reporting from the businesses themselves to assess whether there are any heightened areas of concern. The ROC helps to ensure that risk management is embedded into the planning cycle of the Group and has oversight of the stress-testing of cash flow forecasts. 

Senior executives from the Group’s major businesses are required to attend the ROC on a rotational basis and present on the risk and control framework in their business, so that the members of the ROC can ask questions on the processes in place, the risks present in each business and any new or evolving risks which may be on their horizon, and also to seek confirmation that the appropriate risk culture continues to be in place in each of the major businesses. 

Chaired by the Chief Financial Officer, other members of the Committee include the Group Director Controlling and Finance Director Tourism, the directors of Compliance & Risk, Financial Accounting, Treasury & Insurance, Group Reporting & Analysis, Assurance, M&A, Investor ­Relations and representatives from the IT and Legal Compliance functions. The director of Group Audit attends without having voting rights to maintain the independence of their function. The ROC reports quarterly to the Executive Board to ensure that it is kept abreast of changes in the risk landscape and developments in the management of principal risks, and to facilitate regular quality discussions on risks and risk management at the Executive Board.

The Executive Board has also established a Group Risk team to ensure that the risk management system functions effectively and that the risk management policy is implemented appropriately across the Group. The Group Risk team supports the risk management process by providing guidance, support and challenge to management whilst acting as the central point for co-ordinating, monitoring and reporting on risk across the Group. The Group Risk team is responsible for the administration and operation of the risk and control software which underpins the Group’s risk reporting and risk management process. 

Each division and source market within the Group is required to adopt the Group Risk Management policy. In order to do this, each either has their own Risk Committee or includes risk as a regular agenda item at their Board meetings to ensure that it receives the appropriate senior management attention within their business. In addition, the divisions and source markets each appoint a Risk Champion, who promotes the risk management policy within their business and ensures its effective application. The Risk Champions are necessarily in close contact with the Group Risk team and they are critical both in ensuring that the risk management system functions effectively and in implementing a culture of continuous improvement in risk management and reporting.

Risk Management Process 
The Group Risk team applies a consistent risk methodology across all key areas of the business. This is underpinned by risk and control software which reinforces clarity of language, visibility of risks, controls and actions and accountability of ownership. Although the process of risk identification, assessment and response is continuous and embedded within the day-to-day operations of the divisions and source markets, it is consolidated, reported and reviewed at varying levels throughout the Group on at least a quarterly basis.

Risk identification: On a quarterly basis, line management closest to the risks identify the risks relevant to the pursuit of the strategy within their business area in the context of four types of risk:

  • longer-term strategic and emerging threats; 
  • medium-term challenges associated with business change programmes; 
  • short-term risks triggered by changes in the external and regulatory environment; and
  • short-term risks in relation to internal operations and control.

A risk owner is assigned to each risk, who has the accountability and authority for ensuring that the risk is appropriately managed.

Risk descriptions: The nature of the risk is articulated, stating the under­lying concern the risk gives arise to, identifying the possible causal factors that may result in the risk materialising and outlining the potential consequences should the risk crystallise. This allows the divisions / source markets and the Group to assess the interaction of risks and potential triggering events and / or aggregated impacts before developing appropriate mitigation strategies to target causes and / or consequences.

Risk assessment: The methodology used is to initially assess the gross risk. The gross risk is essentially the worst case scenario, being the product of the impact together with the likelihood of the risk materialising if there were no controls in place to manage, mitigate or monitor the risk. The key benefit of assessing the gross risk is that it highlights the potential risk exposure if controls were to fail completely or not be in place at all. Both impact and likelihood are scored on a rating of 1 to 5 using the criteria outlined below.

The next step in the process is to assess the controls which are currently in place and which help to reduce the likelihood of the risk materialising and / or its impact if it does. The details of the controls including the control owners are documented. Consideration of the controls in place then enables the current or net risk score to be assessed, which is essentially the reasonably foreseeable scenario. This measures the impact and likelihood of the risk with the current controls identified in operation. The key benefit of assessing the current risk score is that it provides an understanding of the current level of risk faced today and the reliance placed on the controls currently in operation.

Impact Assessment

quantitative

Qualitativ

insignificant < 3 % EBITA*
(< € 30 m)

Minimal impact on

  • Globale reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
minor 3 – < 5 % EBITA*
( 30 – < € 50 m)

Limited impact on

  • Globale reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
moderate 5 – < 10 % EBITA*
(50 – < € 100 m)

Short term impact on

  • Globale reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
major 10 – < 15 % EBITA*
(100 – < € 160 m)

Medium term impact on

  • Globale reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards

 

catastrophic ≥ 15 % EBITA*
( ≥ € 160 m)

Detrimental impact on

  • Globale reputation
  • Umsetzung von ­Programmen
  • Zuverlässigkeit der Technologie
  • Arbeits- & Gesundheitsschutzstandards

* Budgeted underlying EBITA for the financial year ended 30 September 2016

Likelihood Assessment  
rare
< 10% Chance
unlikely
10 – < 30 % Chance
possible
30 – < 60 % Chance
likely
60 – < 80 % Chance
almost certain
≥ 80 % Chance

Risk Response: If management are comfortable with the current risk score, then the risk is accepted and therefore no further action is required. The controls in place continue to be operated and management monitor the risk, the controls and the risk landscape to ensure that the risk score stays stable and in line with management’s tolerance of the risk.

If, however, management assesses that the current risk score is too high, then an action plan will be drawn up with the objective of introducing new or stronger controls which will reduce the impact and / or likelihood of the risk to an acceptable, tolerable and justifiable level. This is known as the target risk score and is the parameter by which management can ensure the risk is being managed in line with the Group’s overall risk appetite. The risk owner will normally be the individual tasked with ensuring that this action plan is implemented within an agreed timetable.

Each division / source market will continue to review their risk register on an ongoing basis through the mechanism appropriate for their business e. g. local Risk Committee. The risk owner will be held to account if action plans are not implemented within the agreed delivery timescales.

This bottom-up risk reporting is considered by the ROC alongside the Group’s principal risks. New risks are added to the Group’s principal risk register if deemed to be of a significant nature so that the ongoing status and the progression of key action plans can be managed in line with the Group’s targets and expectations.

Ad hoc risk reporting
Whilst there is a formal process in place aligned to reporting on risks and risk management on a quarterly basis, the process of risk identification, assessment and response is continuous and therefore if required risks can be reported to the Executive Board outside of the quarterly process if events dictate that this is necessary and appropriate. Ideally such ad hoc reporting is performed by the business or function which is closest to the risk, but it can be performed by the Group Risk team if necessary. The best example of ad hoc risk reporting in the year was an early assessment ahead of the UK referendum of the possible risks posed by a vote in favour of the UK leaving the EU (“Brexit”). A Brexit Steering Committee has now been created to monitor developments in this area. 

Risk maturity & culture
During the current financial year, the Risk Champions and the Group Risk team have continued to work together on risk management actions plans for the businesses as part of the culture of continuous improvement. Periodically we ask the businesses to formally assess the risk maturity and culture of their business, primarily through the Risk Champions completing self-assessment questionnaires, validating this with their local boards and then discussing their responses with the Group Risk team. 

Entity scoping 
A robust exercise is conducted each year to determine the specific entities in the Group which need to be included within the risk and control software and therefore be subject to the full rigour of the risk management process. The scoping exercise starts with the entities included within the Group’s consolidation system, and applies materiality thresholds to a combination of revenue, profit and asset benchmarks. From the entities this identifies, the common business management level at which those entities are managed is identified to dictate the entities which need to be set in the risk and control software itself to facilitate completeness of bottom-up risk reporting across the Group. This ensures that the risks and controls are able to be captured appropriately at the level at which the risks are being managed. 

Effectiveness of risk management system
The Executive Board regularly reports to the Audit Committee of the Supervisory Board on the performance and effectiveness of the risk management system, supported by the ROC and the Group Risk team. Additionally, the Audit Committee receives assurance from Internal Audit through its programme of audits over a selection of principal risks and business transformation initiatives most critical to the Group’s continued success. Finally, the Group’s auditor assess the risk management system in accordance with section 317 (4) of the German Commercial Code. 

The conclusion from all of the above assurance work is that the risk management system has functioned effectively throughout the year and there have been no significant failings or weaknesses identified. Of course there is always room for improvement and as noted earlier, the Risk Champions and the Group Risk team have continued to work together on risk management actions plans for the businesses. Broadly this concerns ensuring consistency of approach in assessing risk scores, clearer identification of controls currently in place as well as any action plans to introduce further controls, and ensuring that risk identification has considered the four risk categories. 

 

Principal risks

There are some principal risks which are inherent to the tourism sector and necessarily face all businesses in the sector. For these inherent risks we have controls, processes and procedures in place as a matter of course which serve to mitigate each risk to either minimise the likelihood of the event occurring and / or minimise the impact if it does occur. These risks are on our risk radar and we regularly monitor the risk, the controls and the risk landscape to ensure that the risk score stays stable and in line with our risk appetite in each case. 

Furthermore, the tourism industry is fast-paced and competitive, with the emergence of new market participants operating new business models, combined with consumer tastes and preferences evolving all the time. As a result as a business we always have to adapt to the changing environment, and it is this process of constant change which generally gives rise to a number of principal risks which we have to actively manage in order to bring the risk into line with our overall risk appetite. We have action plans in place to increase controls around each of these risks and reduce the current net risk score to the target level indicated in the heat map overleaf.

In the heat map the assessment criteria used are shown on page 52 below. Note that the quantitative impact assessment is based on the budgeted underlying EBITA for the financial year ended 30 September 2016.

If the risk detail in the subsequent tables does not suggest otherwise, the risks shown below relate to all segments of the Group. The risks listed are the principal risks to which we are exposed and are not exhaustive. They will necessarily evolve over time due to the dynamic nature of our business. 

Risk Position

Risks with no impact on underlying EBITA
Impairment risk related to the investment in container shipping (Hapag-­Lloyd AG). TUI Group continues to hold a substantial investment in the container shipping company, Hapag-Lloyd AG. Significant deterioration in the market value of the investment will require an impairment to be booked in the income statement of the TUI Group – as has occurred in the financial year ended 30th September 2016. Whilst this risk has been reduced by the impairment already taken in the current and prior years, the value of the investment on our balance sheet is still material and therefore the risk continues to exist. We are committed to our plan to fully exit this investment in the medium term.

German trade tax risk. As noted in prior years, the German tax authorities have issued guidance on how certain items of expenditure should be treated for the purposes of German trade tax. The Group continues to disagree with the German tax authorities’ interpretation of this matter and it is possible that the issue will have to be litigated through the German tax courts which could take a considerable amount of time to bring it to a resolution. However due to a judgement from the fiscal court Munster on 4 February 2016, a reassessment of the trade tax risk for the purchase of hotel accommodation was undertaken in the current financial year, resulting in a separately recognised tax expense of € 37 m in the income statement.  

Overall risk assessment. Destination disruption is an inherent risk to which all providers of holiday and travel services are exposed. This disruption can take place in many forms such as natural catastrophes, outbreaks of diseases, social unrest, terrorist attacks and the implications of war in countries close to our source markets and destinations. Whilst thankfully we did not directly experience a tragic event like the Tunisia incident of June 2015, incidents in various destinations (e. g. Sharm el-Sheikh in October 2015) continue to keep the risk of disruption in some North African destinations at a high level. Furthermore, general customer concerns over safety and security in eastern Mediterranean destinations (particularly Turkey) has led to a general decline in demand across all our source markets for these destinations. Due to our geographic reach, we have been able to respond to this shift in demand by remixing capacity away from North Africa and the eastern Mediterranean towards destinations customers are currently favouring such as Spain, Canary Islands, Cape Verde etc. Despite this current shift in demand, Turkey remains an important destination for our Group. Our general policy in respect of destinations remains to follow foreign office advice in each of our source markets relating to non-essential travel to specific destinations. It is noted that in January 2017 there will be an inquest in the UK into the Tunisia incident of June 2015 and we await any industry recommendations that may arise as a result.

One of the biggest events in 2015 / 16 which has the potential to significantly alter the risk landscape of the Group is the UK referendum at the end of June which resulted in a vote for the UK to leave the EU (“Brexit”). The exchange rate volatility seen earlier in the year has continued as a result, which has an immediate impact on the translation of the sterling results from our UK business into euros, the reporting currency of the Group. The depreciation of sterling against the euro means that each £ of profit translates into a smaller euro value. The outcome of the referendum has led to a greater degree of uncertainty over the future economic performance of the UK economy. Whilst we have not seen any apparent slow-down in bookings in our UK business to date, there is a greater potential for this to occur in the medium term. Therefore for both of these reasons we see our macroeconomic risk as having increased compared to this time last year, although the strength and differentiation of our customer offering means that we are well positioned to deal with the changing macroeconomic environment. The depreciation of sterling also has a cost impact through making foreign denominated input costs in the UK business more expensive in sterling terms. Whilst the standard hedging policy we follow means that for the 2015 / 16 financial year the UK business was largely immune to these cost pressures, the risk crystallises to a greater extent in 2016 / 17, as S17 was partially hedged (c. 40 %) at the time of the referendum, if sterling stays at current levels. Normal business practice is to increase holiday prices to offset these higher input costs and protect margins, however competitive pressures may prevent prices from rising to the full extent required. The other immediate impact of the Brexit vote has been the reduction in UK interest rates and therefore discount factors applied to UK pension liabilities, which has resulted in a significant increase in the pension liability at the year-end. Whilst this does not of itself present a risk at the moment, it may do so when the next actuarial valuation is performed on the UK pension scheme if it then leads to a requirement to make higher cash pension contributions over a sustained period of time. Please see note Pension provisions and similar obligations of the financial statements for further details on the pension deficit. 

The Group has created a Brexit Steering Committee to monitor developments as the political negotiations take place concerning the specifics of the terms of the UK exit from and future trading relationship with the EU and how this may affect the TUI Group’s business model. At this stage it is too early to assess whether there will be any impact on areas such as flying rights, customer visa requirements or employee contracts and therefore we view Brexit as being an emerging risk around which more clarity will be gained in the future once Article 50 is triggered by the UK government and exit negotiations begin. 

The completion in December 2014 of the merger between TUI AG and TUI Travel PLC has had an impact on our risk landscape by opening up new business opportunities but also introducing new risks in the pursuit of those opportunities (e. g. brand change) and in the context of the delivery of specific merger synergies. We are pleased that the post-­merger integration of the Group has progressed well and at a faster pace than originally anticipated. We are on track to deliver our specific merger synergy targets, integration-related restructuring programmes are ongoing as expected, and we have successfully navigated our way through the initial period of post-merger concern with regards to retaining key talent. We therefore perceive these risks to be at a lower level than they were 12 months ago. 

In the course of the restructuring of our tourism activities, we have completed the disposal in September 2016 of Hotelbeds Group and commenced the marketing of Travelopia (formerly part of Specialist Group). Such large disposal transactions have inherent risks associated with them due to the amount of management time they require to bring them to a successful conclusion, combined with continuing obligations and customary representation and warranties. 

Finally, the risk of a deterioration in the valuation of our container shipping investment crystallised again during the year and a further impairment has been taken. Whilst this has therefore reduced the risk for future periods, the value of the investment on our balance sheet is still material and therefore the risk continues to exist.

Other than the items noted above, the Executive Board is of the opinion that there has been no other significant change to the risk landscape of the Group.

Viability statement
In accordance with provision C2.2 of the 2014 revision of the UK Corporate Governance Code, the Executive Board has assessed the prospect of the Company over a longer period than the 12 months required by the ‘Going Concern’ provision. The Executive Board considers annually and on a rolling-basis a three year strategic plan for the business as outlined earlier in the “Strategic direction and risk appetite” section. The latest three year plan was approved in October 2016 and covers the period to 30th September 2019. A three year horizon is considered appropriate for a fast-moving competitive environment such as tourism, and it is noted that the Group’s current € 1,535.0 m revolving credit facility, which is used to manage the seasonality of the Group’s cash flows and liquidity, matures in December 2020 which is beyond the timeframe of the three year horizon. The three year plan considers cash flows as well as the financial covenants which the credit facility requires compliance with. A key assumption underpinning the three year plan and the associated cash flow forecast is that aircraft and cruise ship finance will continue to be readily available.

The Executive Board has conducted a robust assessment of the principal risks facing the company, including those that would threaten its business model, future performance, solvency or liquidity. Sensitivity analysis is applied to the cash flow to model the potential effects should certain principal risks actually occur, individually or in unison. This includes modelling the effects on the cash flow of significant disruption to a major destination in the summer season.

Taking account of the company’s current position, principal risks and the aforementioned sensitivity analysis, the Executive Board has a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due over the three year period of the assessment.

Key features of the internal control and risk management system in relation to the Group accounting process (sections 289 (5) and 315 (2) no 5 of the German Commercial Code HGB)

1. Definition and elements of the internal control and risk management system in the TUI Group
The TUI Group’s internal control system comprises all the principles, processes and measures that are applied to secure effective, efficient and accurate accounting which is compliant with the necessary legal requirements. 

In the completed financial year, the TUI Group’s existing internal control system was further developed, drawing on the internationally recognised framework of COSO (Committee of Sponsoring Organizations of the Treadway Commission), which forms the conceptual basis for the internal control system. 

The TUI Group’s internal control system consists of internal controls and the internal monitoring system. The Executive Board of TUI AG, in exercising its function of managing business operations, has entrusted responsibility for the internal control system in the TUI Group to specific Group functions. 

The elements of the internal monitoring system in the TUI Group comprise both measures integrated into processes and measures performed independently. Besides manual process controls, e. g. the “four-eyes principle”, another key element of the process-related measures are automated IT process controls. Process-related monitoring is also secured by bodies such as the Risk Oversight Committee of TUI AG and by specific Group functions. 

The Supervisory Board of TUI AG, in particular its Audit Committee, as well as the Group Auditing department at TUI AG and the decentralized audit departments within Group companies, are incorporated into the TUI Group’s internal monitoring system through their audit activities performed independently from business processes. On the basis of ­section 107 (3) of the German Stock Corporation Act, the Audit Committee of TUI AG deals primarily with the auditing of the annual financial statements, monitoring the accounting process and the effectiveness of the internal control and risk management system. 

The Group’s auditors have oversight of the TUI Group’s control environment through their non-process-related activities. The audit of the consolidated financial statements by the Group auditor and the audit of the individual financial statements of Group companies included in the consolidated financial statements, in particular, constitute a key non-process-related monitoring measure with regard to Group accounting. 

In relation to Group accounting, the risk management system, introduced as an Enterprise Risk Management System (ERM System) as a component of the internal control system, also addresses the risk of misstatements in Group bookkeeping and external reporting. Apart from operational risk management, which includes the transfer of risks to insurance companies by creating cover for damage and liability risks and also hedging transactions to limit foreign currency and fuel price risks, the TUI Group’s risk management system embraces the systematic early detection, management and monitoring of risks across the Group. A more detailed explanation of the risk management system is provided in the section on the Risk Governance Framework in the Risk Report. 

2. Use of IT systems
Bookkeeping transactions are captured in the individual financial statements of the subsidiaries of TUI AG, through local accounting systems such as SAP or Oracle. As part of the process of preparing their individual financial statements, subsidiaries complete standardized reporting packages in the Group’s Oracle Hyperion Financial Management 11.1.2.3 (HFM) reporting system. HFM is used as the uniform reporting and consolidation system throughout the Group so that no additional interfaces exist for the preparation of the consolidated financial statements.

All consolidation processes used to prepare the consolidated financial statements of TUI AG, e. g. capital consolidation, assets and liabilities consolidation and expenses and income elimination including at equity measurement, are generated and fully documented in HFM. All elements of TUI AG’s consolidated financial statements, including the disclosures in the Notes, are developed from the HFM consolidation system. HFM also provides various modules for evaluation purposes in order to prepare complementary information to explain TUI AG’s consolidated financial statements. 

The HFM reporting and consolidation system has an in-built workflow process whereby when businesses promote their data within the system, to signal that their reporting package is complete, they are then locked out from making any further changes to that data. This ensures data integrity within the system and also facilitates a strong audit trail enabling changes to a reporting package to be identified. This feature of the HFM system has been checked and validated by the TUI AG Group Audit department on several occasions since the system was introduced. 

At their own discretion, TUI AG’s Group auditors select certain individual financial statements from the financial statements entered in the HFM reporting and consolidation system by the Group companies, which are then reviewed for the purposes of auditing the consolidated financial statements.

3. Specific risks related to Group accounting 
Specific risks related to Group accounting may arise, for example, from unusual or complex business transactions, in particular at critical times towards the end of the financial year. Business transactions not routinely processed also entail special risks. The discretion necessarily granted to employees for the recognition and measurement of assets and liabilities may result in further Group accounting-related risks. The outsourcing and transfer of accounting-specific tasks to service companies may also give rise to specific risks. Accounting-related risks from derivative financial instruments are outlined in the Notes to the consolidated financial statements. 

4. Key regulation and control activities to ensure proper and reliable Group accounting
The internal control measures aimed at securing proper and reliable Group accounting ensure that business transactions are fully recorded in a timely manner in accordance with legal requirements and the Articles of Association. This also ensures that assets and liabilities are properly recognised, measured and presented in the consolidated financial ­statements. The control operations also ensure that bookkeeping records provide reliable and comprehensive information. 

Controls implemented to secure proper and reliable accounting include, for instance, analysis of facts and developments on the basis of specific indicators. Separation of administrative, execution, settlement and ­authorisation functions and the implementation of these functions by different persons reduces the potential for fraudulent operations. Organisational measures also aim to capture any corporate or Group-wide restructuring or changes in sector business operations rapidly and appropriately in Group accounting. They also ensure, for instance, that bookkeeping transactions are correctly recognised in the period in which they occur in the event of changes in the IT systems used by the accounting departments of Group companies. The internal control system likewise ensures that changes in the TUI Group’s economic or legal environment are mapped and that new or amended accounting standards are correctly applied. 

The TUI Group’s accounting policies together with the International ­Financial Reporting Standards (IFRS) in compliance with EU legislation, govern the uniform accounting and measurement principles for the German and foreign companies included in TUI’s consolidated financial statements. They include general accounting principles and methods, policies concerning the statement of financial position, income statement, notes, management report, cash flow statement and segment reporting. 

The TUI Group’s accounting policies also govern specific formal requirements for the consolidated financial statements. Besides defining the group of consolidated companies, they include detailed guidance on the reporting of financial information by those companies via the group reporting system HFM on a monthly, quarterly and year end basis. TUI’s accounting policies also include, for instance, specific instructions on the initiating, reconciling, accounting for and settlement of transactions between group companies or determination of the fair value of certain assets, especially goodwill. 

At Group level, specific controls to ensure proper and reliable Group accounting include the analysis and, where necessary, correction of the individual financial statements submitted by the Group companies, taking account of the reports prepared by the auditors and meetings to discuss the financial statements which involve both the auditors and local management. Any further content that requires adjusting can be isolated and processed downstream. 

The control mechanisms already established in the HFM consolidation system minimize the risk of processing erroneous financial statements. Certain parameters are determined at Group level and have to be applied by group companies. This includes parameters applicable to the measurement of pension provisions or other provisions and the interest rates to be applied when cash flow models are used to calculate the fair value of certain assets. The central implementation of impairment tests for goodwill recognized in the financial statements secures the application of uniform and standardized evaluation criteria.

5. Disclaimer
With the organisational, control and monitoring structures established by the TUI Group, the internal control and risk management system enables company-specific facts to be captured, processed and recognised in full and properly presented in the Group’s accounts. 

However, it lies in the very nature of the matter that discretionary decision-­making, faulty checks, criminal acts and other circumstances, in particular, cannot be ruled out and will restrict the efficiency and reliability of the internal control and risk management systems, so that even Group-wide application of the systems cannot guarantee with absolute certainty the accurate, complete and timely recording of facts in the Group’s accounts. 

Any statements made relate exclusively to subsidiaries according to IFRS 10 included in TUI AG’s consolidated financial statements.