The UI-CMS is based on the IDW Assurance Standard “Principles for the Proper Performance of Reasonable Assurance Engagements Relating to Compliance Management Systems” (IDW AsS 980) . The concrete design of the basic CMS elements at segment level depends in particular on the compliance goals and targets that have been established, the size of the segment, the corporate culture, and the nature, scale, and complexity of the segment’s business activity. The core elements of the UI-CMS are established procedures (guidelines, processes, and systems) for detecting, avoiding, and pursuing allegations and incidents in relation to corruption and bribery, plus the associated training.
The Code of Conduct for employees serves as the foundation for behaving in line with the rules, summarizes material rules, explains them using examples, and gives concrete recommendations on how to act. It contains anti-corruption rules among other things. The Code of Conduct builds on the Corporate Value of “fairness” and makes the anti-corruption measures transparent. It also illustrates United Internet’s understanding of anti-corruption using concrete examples. Corruption is not tolerated, regardless of where it happens, whom it targets, or what the reason for it is. In line with this, directly or indirectly offering or granting any form of undue benefits (bribery), and requesting or accepting such benefits (corruption), are prohibited.
The rules of conduct are set out in more details in the Group Anti-corruption Policy. This specifies clear rules for accepting and giving gifts and contributions, and explains the measures and processes derived from this. At the same time, it offers United Internet employees practical instructions for avoiding and countering inappropriate requests from third parties effectively and in an ethically acceptable manner. In-person and electronic reporting channels have been established for detecting allegations of corruption bribery.
Another measure that United Internet uses to promote the observance and understanding of the Compliance Guidelines is a regular information cascade from the Management Board down to the individual departments. This is supplemented by alternative communications measures such as the publication of information on the intranet to promote employee engagement and interaction.
Internal investigations within United Internet are performed solely by organizational units that have been authorized to do so. Generally Corporate Audit (the internal audit function) is commissioned to perform internal investigations. This ensures independent, objective examination. Corporate Audit performs its activities in line with the Institute of Internal Auditors’ Global Internal Audit Standards. Corporate Audit makes its internal audit services available to the operating segments. The decision as to whether to use Corporate Audit’s services and the responsibility for commissioning them lies with the senior executive management of the segment concerned. As a basic principle, this function is performed by the CFO on behalf of the full management board. United Internet’s Management Board and the Supervisory Board’s Audit Committee are informed of new and ongoing mandates by the Head of Internal Audit.
Where an internal investigation has been performed by Corporate Audit, the audit findings are documented and serve as the basis for the conclusions in the audit report. These are then used as the basis for deriving recommendations and actions. The audit findings are submitted to United Internet’s CFO, the member of the Management Board responsible for the area, and the CFO of the area that was investigated or affected.
The Head of Internal Audit reports on a quarterly basis to the Management Board, the Audit and Risk Committee established by United Internet’s Supervisory Board, and to the segments concerned. A structured quarterly dialog is held between the Head of Corporate Compliance and the Head of Internal Audit.
Links
Downloads
