Successful management of existing and emerging risks is critical to the long-term success of our business and to the achievement of our strategic objectives. In order to seize market opportunities and leverage the potential for success, risk must be accepted to a reasonable degree. Risk management is therefore an integral component of the Group’s Corporate Governance.

The current financial year has seen further maturity of the risk management framework with testing of key controls now occurring in our two largest source markets and regular testing of key financial controls occurring across all of our larger businesses. Our risk governance framework is set out below.

Risk governance framework

Strategic direction and risk appetite
The Executive Board, with oversight by the Supervisory Board, determines the strategic direction of the TUI Group and agrees the nature and extent of the risks it is willing to take to achieve its strategic objectives.

To ensure that the strategic direction chosen by the business represents the best of the strategic options open to it, the Executive Board is supported by the Group Strategy function. This function exists to facilitate and inform the Executive Board’s assessment of the risk landscape and development of potential strategies by which it can drive long-term shareholder value. On an annual basis the Group Strategy function develops an in-depth fact base in a consistent format which outlines the market attractiveness, competitive position and financial performance by division and source market. These are then used to facilitate debate as to the level and type of risk that the Executive Board finds appropriate in the pursuit of its strategic objectives. The strategy, once fully defined, considered and approved by the Executive Board, is then incorporated into the Group’s three-year roadmap and helps to communicate the risk appetite and expectations of the organisation both internally and externally.

Ultimate responsibility for the Group’s risk management rests with the Executive Board. Having determined and communicated the appropriate level of risk for the business, the Executive Board has established and maintains a risk management system to identify, assess, manage and monitor risks which could threaten the existence of the company or have a significant impact on the achievement of its strategic objectives: these are referred to as the principal risks of the Group. This risk management system includes an internally-published risk management policy which helps to reinforce the tone set from the top on risk, by instilling an appropriate risk culture in the organisation whereby employees are expected to be risk aware, control minded and ‘do the right thing’. The policy provides a formal structure for risk management to embed it in the fabric of the business. Each principal risk has assigned to it a member of the Executive Committee as overall risk sponsor to ensure that there is clarity of responsibility and to ensure that each of the principal risks are understood fully and managed effectively.

The Executive Board regularly reports to the Audit Committee of the Supervisory Board on the overall risk position of the Group, on the individual principal risks and their management, and on the performance and effectiveness of the risk management system as a whole.

TUI Group Risk Management Roles & Responsibilities

The Risk Oversight Committee (‘ROC’) ensures on behalf of the Execu­tive Board that business risks are identified, assessed, managed and monitored across the businesses and functions of the Group. Meeting on at least a quarterly basis, the ROC’s responsibilities include consider­ing the principal risks to the Group’s strategy and the risk appetite for each of those risks, assessing the operational effectiveness of the controls in place to manage those risks and any action plans to further improve controls, and reviewing the bottom-up risk reporting from the businesses themselves to assess whether there are any heightened areas of concern. The ROC helps to ensure that risk management is embedded into the planning cycle of the Group and has oversight of the stress-testing of cash flow forecasts.

Senior executives from the Group’s major businesses are required to attend the ROC on a rotational basis and present on the risk and control framework in their business, so that the members of the ROC can ask questions on the processes in place, the risks present in each business and any new or evolving risks which may be on their horizon, and also to seek confirmation that the appropriate risk culture continues to be in place in each of the major businesses.

Chaired by the Chief Financial Officer, other members of the Committee include the Group Director Controlling and Finance Director Tourism, the directors of Compliance & Risk, Financial Accounting, Treasury & Insurance, Group Reporting & Analysis, Assurance, M & A, Investor Relations and representatives from the IT and Legal Compliance functions and Group HR. The director of Group Audit attends without having voting rights to maintain the independence of their function. The ROC reports quarterly to the Executive Board to ensure that it is kept abreast of changes in the risk landscape and developments in the management of principal risks, and to facilitate regular quality discussions on risks and risk management at the Executive Board.

The Executive Board has also established a Group Risk team to ensure that the risk management system functions effectively and that the risk management policy is implemented appropriately across the Group. The Group Risk team supports the risk management process by providing guidance, support and challenge to management whilst acting as the central point for coordinating, monitoring and reporting on risk across the Group. The Group Risk team is responsible for the administration and operation of the risk and control software which underpins the Group’s risk reporting and risk management process.

Each division and source market within the Group is required to adopt the Group Risk Management policy. In order to do this, each either has their own Risk Committee or includes risk as a regular agenda item at their Board meetings to ensure that it receives the appropriate senior management attention within their business. In addition, the divisions and source markets each appoint a Risk Champion, who promotes the risk management policy within their business and ensures its effective application. The Risk Champions are necessarily in close contact with the Group Risk team and they are critical both in ensuring that the risk management system functions effectively and in implementing a culture of continuous improvement in risk management and reporting.

Risk Management Process 
The Group Risk team applies a consistent risk methodology across all key areas of the business. This is underpinned by risk and control software which reinforces clarity of language, visibility of risks, controls and actions and accountability of ownership. Although the process of risk identification, assessment and response is continuous and embedded within the day-to-day operations of the divisions and source markets, it is consolidated, reported and reviewed at varying levels throughout the Group on at least a quarterly basis.

Risk Identification: On a quarterly basis, line management closest to the risks identify the risks relevant to the pursuit of the strategy within their business area in the context of four types of risk:

  • longer-term strategic and emerging threats;
  • medium-term challenges associated with business change programmes;
  • short-term risks triggered by changes in the external and regulatory environment; and
  • short-term risks in relation to internal operations and control.

A risk owner is assigned to each risk, who has the accountability and authority for ensuring that the risk is appropriately managed.

Risk Descriptions: The nature of the risk is articulated, stating the underlying concern the risk gives arise to, identifying the possible causal factors that may result in the risk materialising and outlining the potential consequences should the risk crystallise. This allows the divisions / source markets and the Group to assess the interaction of risks and potential triggering events and / or aggregated impacts before developing appropriate mitigation strategies to target causes and / or consequences.

Risk Assessment: The methodology used is to initially assess the gross risk. The gross risk is essentially the worst case scenario, being the product of the impact together with the likelihood of the risk materialising if there were no controls in place to manage, mitigate or monitor the risk. The key benefit of assessing the gross risk is that it highlights the potential risk exposure if controls were to fail completely or not be in place at all. Both impact and likelihood are scored on a rating of 1 to 5 using the criteria outlined below.

The next step in the process is to assess the controls which are currently in place and which help to reduce the likelihood of the risk materialising and / or its impact if it does. The details of the controls including the control owners are documented. Consideration of the controls in place then enables the current or net risk score to be assessed, which is essentially the reasonably foreseeable scenario. This measures the impact and likelihood of the risk with the current controls identified in operation. The key benefit of assessing the current risk score is that it provides an understanding of the current level of risk faced today and the reliance placed on the controls currently in operation.

Impact Assessment

QUANTITATIVE

QUALITATIVE

INSIGNIFICANT < 3 % EBITA*
(< 30 m €)

Minimal impact on

  • Global reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
MINOR 3 – < 5 % EBITA*
(30 – < 50 m €)

Limited impact on

  • Global reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
MODERATE 5 – < 10 % EBITA*
(50 – < 105 m €)

Short term impact on

  • Global reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards
MAJOR 10 – < 15 % EBITA*
(105 – < 160 m €)

Medium term impact on

  • Global reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards

 

CATASTROPHIC ≥ 15 % EBITA*
( ≥ 160 m €)

Detrimental impact on

  • Global reputation
  • Programme delivery
  • Technology reliability
  • Health & Safety ­standards

* Budgeted underlying EBITA for the financial year ended 30 September 2017

Likelihood Assessment

RARE < 10 % Chance
UNLIKELY 10 – < 30 % Chance
POSSIBLE 30 – < 60 % Chance
LIKELY 60 – < 80 % Chance
ALMOST CERTAIN ≥ 80 % Chance

Risk Response: If management are comfortable with the current risk score, then the risk is accepted and therefore no further action is required. The controls in place continue to be operated and management monitor the risk, the controls and the risk landscape to ensure that the risk score stays stable and in line with management’s tolerance of the risk.

If, however, management assesses that the current risk score is too high, then an action plan will be drawn up with the objective of introducing new or stronger controls which will reduce the impact and / or likelihood of the risk to an acceptable, tolerable and justifiable level. This is known as the target risk score and is the parameter by which management can ensure the risk is being managed in line with the Group’s overall risk appetite. The risk owner will normally be the individual tasked with ensuring that this action plan is implemented within an agreed timetable.

Each division / source market will continue to review their risk register on an ongoing basis through the mechanism appropriate for their business e. g. local Risk Committee. The risk owner will be held to account if action plans are not implemented within the agreed delivery timescales.

This bottom-up risk reporting is considered by the ROC alongside the Group’s principal risks. New risks are added to the Group’s principal risk register if deemed to be of a significant nature so that the ongoing status and the progression of key action plans can be managed in line with the Group’s targets and expectations.

Ad hoc risk reporting
Whilst there is a formal process in place aligned to reporting on risks and risk management on a quarterly basis, the process of risk identification, assessment and response is continuous and therefore if required risks can be reported to the Executive Board outside of the quarterly process if events dictate that this is necessary and appropriate. Ideally such ad hoc reporting is performed by the business or function which is closest to the risk, but it can be performed by the Group Risk team if necessary. The best example of ad hoc risk reporting in the year was an assessment of the risks posed by the insolvency of Air Berlin.

Risk maturity & culture
During the current financial year, the Risk Champions and the Group Risk team have continued to work together on risk management actions plans for the businesses as part of the culture of continuous improvement. Periodically we ask the businesses to formally assess the risk maturity and culture of their business, primarily through the Risk Champions completing self-assessment questionnaires, validating this with their local boards and then discussing their responses with the Group Risk team.

We regularly conduct a Group-wide employee survey, and the feedback received from our employees often leads to a number of initiatives being taken. The survey is a key yardstick for us, indicating where we stand and facilitating the reinforcement of our vision and values into our corporate culture. 

Entity scoping 
A robust exercise is conducted each year to determine the specific entities in the Group which need to be included within the risk and control software and therefore be subject to the full rigour of the risk management process. The scoping exercise starts with the entities included within the Group’s consolidation system, and applies materiality thresholds to a combination of revenue, profit and asset benchmarks. From the entities this identifies, the common business management level at which those entities are managed is identified to dictate the entities which need to be set in the risk and control software itself to facilitate completeness of bottom-up risk reporting across the Group. This ensures that the risks and controls are able to be captured appropriately at the level at which the risks are being managed.

Effectiveness of risk management system
The Executive Board regularly reports to the Audit Committee of the Supervisory Board on the performance and effectiveness of the risk management system, supported by the ROC and the Group Risk team. The results of control testing in the UK&I and German businesses and the financial control testing undertaken across a number of our larger businesses forms a key part of the effectiveness oversight. Additionally, the Audit Committee receives assurance from Internal Audit through its programme of audits over a selection of principal risks and business transformation initiatives most critical to the Group’s continued success.

The conclusion from all of the above assurance work is that the risk management system has functioned effectively throughout the year and there have been no significant failings or weaknesses identified. Of course there is always room for improvement and as noted earlier, the Risk Champions and the Group Risk team have continued to work together on risk management actions plans for the businesses. Broadly this concerns ensuring consistency of approach in assessing risk scores, clearer identification of controls currently in place as well as any action plans to introduce further controls, and ensuring that risk identification has considered the four risk categories.

Finally, in accordance with Section 317 (4) HGB (German Commercial Code), the auditor of TUI AG has reviewed the Group’s early detection system for risks in place as required by Section 91 (2) AktG (German Stock Corporation Act) to conclude, if the system can fulfill its duties.

Principal risks

There are some principal risks which are inherent to the tourism sector and necessarily face all businesses in the sector. For these inherent risks we have controls, processes and procedures in place as a matter of course which serve to mitigate each risk to either minimise the likelihood of the event occurring and / or minimise the impact if it does occur. These risks are on our risk radar and we regularly monitor the risk, the controls and the risk landscape to ensure that the risk score stays stable and in line with our risk appetite in each case.

Furthermore, the tourism industry is fast-paced and competitive, with the emergence of new market participants operating new business models, combined with consumer tastes and preferences evolving all the time. As a result as a business we always have to adapt to the changing environment, and it is this process of constant change which generally gives rise to a number of principal risks which we have to actively manage in order to bring the risk into line with our overall risk appetite. We have action plans in place to increase controls around each of these risks and reduce the current net risk score to the target level indicated in the heat map overleaf.

In the heat map the assessment criteria used are shown. Note that the quantitative impact assessment is based on the budgeted underlying EBITA for the financial year ended 30 September 2017.

If the risk detail in the subsequent tables does not suggest otherwise, the risks shown below relate to all segments of the Group. The risks listed are the principal risks to which we are exposed and are not exhaustive. They will necessarily evolve over time due to the dynamic nature of our business.

Principal Risk Heat Map

Risks with no impact on underlying EBITA
Impairment risk related to the investment in container shipping (Hapag-Lloyd AG). During the current financial year, TUI Group disposed of all of its investment in the container shipping company, Hapag-Lloyd AG, and therefore this risk no longer exists.

German trade tax risk. As noted in prior years, the German tax authorities have issued guidance on how certain items of expenditure should be treated for the purposes of German trade tax. The Group continues to disagree with the German tax authorities’ interpretation of this matter and it is possible that the issue will have to be litigated through the German tax courts which could take a considerable amount of time to bring it to a resolution. There was no change to this risk during the ­financial year 2017, however the provision on the balance sheet at 30 September 2017 was increased to € 50 m (2016: € 44 m), primarily due to the interest effects.

Overall risk assessment. 
With the UK government formally triggering Article 50 of the Treaty on European Union of Lisbon on 29th March 2017, Brexit has become an active principal risk facing TUI Group. Brexit has an impact both on existing principal risks (e. g. Macroeconomic risks and Input Cost Volatility, through the uncertainty it has introduced to prospects for future growth rates in the UK economy and the sustained depreciation of sterling since the referendum result in 2016) as well as introducing a new class of principal risk due to the direct potential impact it could have on specific areas of our business model.

Our main concern is whether or not all of our airlines would continue to have access to EU airspace as now. Other areas of uncertainty include the status of our UK employees working in the EU and vice versa, and the potential for customer visa requirements for holidays from the UK to the EU. If we were unable to continue to fly intra-EU routes, such as from Germany to Spain, this would have a significant operational and financial impact on TUI Group. It is for this reason that we currently give Brexit the highest possible risk score using the impact and likelihood assessment criteria detailed on page 33, with the expectation that this score will decline over time as either political negotiations lead to confirmation of continued access to EU airspace, or as our mitigation strategies begin to be implemented.

Macroeconomic risk we view as being materially unchanged compared to last year, with Brexit and the UK election result in June continuing to create some degree of uncertainty over prospects for future growth rates in the UK economy. The sustained depreciation of sterling since last year’s UK Brexit referendum has a cost impact through making foreign denominated input costs in the UK business more expensive in sterling terms. Whilst the standard hedging policy we follow meant that the UK Source Market had already hedged a significant proportion of its foreign currency requirements for the current financial year ahead of the Brexit referendum, the unhedged portion resulted in higher costs which impacted the UK business in the second half of this year. Assuming the Pound Sterling does not strengthen, this will remain the case through to the Summer 2018 season. Normal business practice is to increase holiday prices to offset these higher input costs and protect margins, however competitive pressures may prevent prices from rising to the full extent required. Whilst the business continues to focus strongly on efficiency, which assists to offset against this we view the input cost volatility risk as having increased compared to last year.

The other risk we see as having increased over the course of the current year is Information Security, of which cyber security is a major component, due to increased global cyber-crime activity as highlighted by well-publicised events such as the Wannacry incident. To address this increasing risk we have launched a Group-wide Information Secur­ity awareness campaign to promote secure behaviours amongst our colleagues. The overall goal is to make information security part of everyone’s job.

Destination disruption is an inherent risk to which all providers of holiday and travel services are exposed. This disruption can take place in many forms such as natural catastrophes (e. g. recent hurricane activity in the Caribbean), outbreaks of diseases, social unrest, terrorist attacks and the implications of war in countries close to our source markets and destinations. General customer concerns over safety and security in eastern Mediterranean destinations (particularly Turkey) has continued to depress demand across all our source markets for these destinations, although there has been some improvement in demand compared to last year. Due to our geographic reach, we are able to offer our customers alternative destinations such as Spain, Canary Islands, Cape Verde etc. Despite this continued shift in demand, Turkey remains an important destination for our Group. Our general policy in respect of destinations remains to follow foreign office advice in each of our source markets relating to non-essential travel to specific destinations. Overall, we consider this risk to be materially unchanged compared to the prior year.

Our brand change programme has seen further successful brand changes in the current financial year in our Nordic and Belgian businesses and the major brand transition in the UK&I of Thomson to TUI is now well underway in financial year 2018. Overall therefore we see this risk as having declined over the year. Similarly the progress made with our sustainable development initiatives leads us to view the Corporate & Social Responsibility risk as having declined compared to last year.

Two risks have dropped out of our Principal Risk register compared to last year. Achievement of our merger synergy targets means that this programme has now ceased and therefore the Corporate Streamlining risk drops out of our risk register completely. Similarly, we have successfully navigated our way through the initial period of post-merger concern with regards to retaining key talent and we now have standardised processes in place for managing key talent in the Group, and therefore Talent Management risk is viewed as now being a ‘Business As Usual’ risk which is overseen by the Group HR team.

Finally, during the current financial year TUI Group disposed of all of its investment in the container shipping company, Hapag-Lloyd AG, and therefore the impairment risk highlighted in previous years no longer exists.

Other than the items noted above, the Executive Board is of the opinion that there has been no other significant change to the risk landscape of the Group.

Viability statement
In accordance with provision C2.2 of the 2014 revision of the UK Corporate Governance Code, the Executive Board has assessed the prospect of the Company over a longer period than the twelve months required by the ’Going Concern’ provision. The Executive Board considers annually and on a rolling-basis a three year strategic plan for the business as outlined earlier in the ‘Strategic direction and risk appetite’ section. The latest three year plan was approved in October 2017 and covers the period to 30 September 2020. A three year horizon is considered appropriate for a fast-moving competitive environment such as tourism, and it is noted that the Group’s current € 1,535.0 m revolving credit limit, which is used to manage the seasonality of the Group’s cash flows and liquidity, matures in July 2022 which is beyond the timeframe of the three year horizon. The three year plan considers cash flows as well as the financial covenants which the credit facility requires compliance with. Key assumptions underpinning the three year plan and the associated cash flow forecast is that aircraft and cruise ship finance will continue to be readily available, and that the terms of the UK leaving the EU are such that all of our airlines continue to have access to EU airspace as now.

The Executive Board has conducted a robust assessment of the principal risks facing the company, including those that would threaten its business model, future performance, solvency or liquidity. Sensitivity analysis is applied to the cash flow to model the potential effects should certain principal risks actually occur, individually or in unison. This includes modelling the effects on the cash flow of significant disruption to a major destination in the summer season.

Taking account of the company’s current position, principal risks and the aforementioned sensitivity analysis, the Executive Board has a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due over the three year period of the assessment.

Key features of the internal control and risk management system in relation to the Group accounting process (sections 289 (5) and 315 (2) no 5 of the German Commercial Code HGB)

1. Definition and elements of the internal control and risk management system in the TUI Group
The TUI Group’s internal control system comprises all the principles, processes and measures that are applied to secure effective, efficient and accurate accounting which is compliant with the necessary legal requirements.

In the completed financial year, the TUI Group’s existing internal control system was further developed, drawing on the internationally recognised framework of COSO (Committee of Sponsoring Organizations of the Treadway Commission), which forms the conceptual basis for the internal control system.

The TUI Group’s internal control system consists of internal controls and the internal monitoring system. The Executive Board of TUI AG, in exercising its function of managing business operations, has entrusted responsibility for the internal control system in the TUI Group to specific Group functions.

The elements of the internal monitoring system in the TUI Group comprise both measures integrated into processes and measures performed independently. Besides manual process controls, e. g. the ‘four-eyes principle’, another key element of the process-related measures are automated IT process controls. Process-related monitoring is also secured by bodies such as the Risk Oversight Committee of TUI AG and by specific Group functions.

The Supervisory Board of TUI AG, in particular its Audit Committee, as well as the Group Auditing department at TUI AG are incorporated into the TUI Group’s internal monitoring system through their audit activities performed independently from business processes. On the basis of section 107 (3) of the German Stock Corporation Act, the Audit Committee of TUI AG deals primarily with the auditing of the annual financial statements, monitoring the accounting process and the effectiveness of the internal control and risk management system. In the Audit Committee Report the reliability of the financial reporting and the monitoring of the financial accounting process as well as the effectiveness of the internal control and risk management system are described.

The Group’s auditors have oversight of the TUI Group’s control environment. The audit of the consolidated financial statements by the Group auditor and the audit of the individual financial statements of Group companies included in the consolidated financial statements, in particular, constitute a key non-­process-related monitoring measure with regard to Group accounting.

In relation to Group accounting, the risk management system, introduced as an Enterprise Risk Management System (ERM System) as a component of the internal control system, also addresses the risk of misstatements in Group bookkeeping and external reporting. Apart from operational risk management, which includes the transfer of risks to insurance companies by creating cover for damage and liability risks and also hedging transactions to limit foreign currency and fuel price risks, the TUI Group’s risk management system embraces the systematic early detection, management and monitoring of risks across the Group. A more detailed explanation of the risk management system is provided in the section on the Risk Governance Framework in the Risk Report.

2. Use of IT systems
Bookkeeping transactions are captured in the individual financial statements of TUI AG and of the subsidiaries of TUI AG, through local accounting systems such as SAP or Oracle. As part of the process of preparing their individual financial statements, subsidiaries complete standardized reporting packages in the Group’s Oracle Hyperion Financial Management 11.1.2.4 (HFM) reporting system. HFM is used as the uniform reporting and consolidation system throughout the Group so that no add­itional interfaces exist for the preparation of the consolidated financial statements.

All consolidation processes used to prepare the consolidated financial statements of TUI AG, e. g. capital consolidation, assets and liabilities consolidation and expenses and income elimination including at equity measurement, are generated and fully documented in HFM. All elements of TUI AG’s consolidated financial statements, including the disclosures in the Notes, are developed from the HFM consolidation system. HFM also provides various modules for evaluation purposes in order to prepare complementary information to explain TUI AG’s consolidated financial statements.

The HFM reporting and consolidation system has an in-built workflow process whereby when businesses promote their data within the system, to signal that their reporting package is complete, they are then locked out from making any further changes to that data. This ensures data integrity within the system and also facilitates a strong audit trail enabling changes to a reporting package to be identified. This feature of the HFM system has been checked and validated by the TUI AG Group Audit department on several occasions since the system was introduced.

At their own discretion, TUI AG’s Group auditors select certain individual financial statements from the financial statements entered in the HFM reporting and consolidation system by the Group companies, which are then reviewed for the purposes of auditing the consolidated financial statements.

3. Specific risks related to Group accounting 
Specific risks related to Group accounting may arise, for example, from unusual or complex business transactions, in particular at critical times towards the end of the financial year. Business transactions not routinely processed also entail special risks. The discretion necessarily granted to employees for the recognition and measurement of assets and liabilities may result in further Group accounting-related risks. The outsourcing and transfer of accounting-specific tasks to service com­panies may also give rise to specific risks. Accounting-related risks from derivative financial instruments are outlined in the Notes to the consoli­dated financial statements.

4. Key regulation and control activities to ensure proper and reliable (Group) Accounting
The internal control measures aimed at securing proper and reliable Group accounting ensure that business transactions are fully recorded in a timely manner in accordance with legal requirements and the Articles of Association. This also ensures that assets and liabilities are properly recognised, measured and presented in the consolidated ­financial statements. The control operations also ensure that bookkeeping records provide reliable and comprehensive information.

Controls implemented to secure proper and reliable accounting include, for instance, analysis of facts and developments on the basis of specific indicators. Separation of administrative, execution, settlement and authorization functions and the implementation of these functions by different persons reduces the potential for fraudulent operations. Organisational measures also aim to capture any corporate or Group-wide restructuring or changes in sector business operations rapidly and appropriately in Group accounting. They also ensure, for instance, that bookkeeping transactions are correctly recognised in the period in which they occur in the event of changes in the IT systems used by the accounting departments of Group companies. The internal control system likewise ensures that changes in the TUI Group’s economic or legal environment are mapped and that new or amended accounting standards are correctly applied.

The TUI Group’s accounting policies together with the International Financial Reporting Standards (IFRS) in compliance with EU legislation, govern the uniform accounting and measurement principles for the German and foreign companies included in TUI’s consolidated financial statements. They include general accounting principles and methods, policies concerning the statement of financial position, income statement, notes, management report, cash flow statement and segment reporting.

The TUI Group’s accounting policies also govern specific formal requirements for the consolidated financial statements. Besides defining the group of consolidated companies, they include detailed guidance on the reporting of financial information by those companies via the group reporting system HFM on a monthly, quarterly and year end basis. TUI’s accounting policies also include, for instance, specific instructions on the initiating, reconciling, accounting for and settlement of transactions between group companies or determination of the fair value of certain assets, especially goodwill.

At Group level, specific controls to ensure proper and reliable Group accounting include the analysis and, where necessary, correction of the individual financial statements submitted by the Group companies, taking account of the reports prepared by the auditors and meetings to discuss the financial statements which involve both the auditors and local management. Any further content that requires adjusting can be isolated and processed downstream.

The control mechanisms already established in the HFM consolidation system minimize the risk of processing erroneous financial statements. Certain parameters are determined at Group level and have to be applied by Group companies. This includes parameters applicable to the measurement of pension provisions or other provisions and the interest rates to be applied when cash flow models are used to calculate the fair value of certain assets. The central implementation of impairment tests for goodwill recognized in the financial statements secures the application of uniform and standardized evaluation criteria.

5. Disclaimer
With the organisational, control and monitoring structures established by the TUI Group, the internal control and risk management system enables company-specific facts to be captured, processed and recognized in full and properly presented in the Group’s accounts.

However, it lies in the very nature of the matter that discretionary decision-making, faulty checks, criminal acts and other circumstances, in particular, cannot be ruled out and will restrict the efficiency and reliability of the internal control and risk management systems, so that even Group-wide application of the systems cannot guarantee with absolute certainty the accurate, complete and timely recording of facts in the Group’s accounts.

Any statements made relate exclusively to TUI AG and to subsidiaries according to IFRS 10 included in TUI AG’s consolidated financial statements.