Combined Management Report

Information on the central internal control system1)

In addition to the accounting-related internal control system and the risk management system, the Fraport Group identifies, evaluates, and manages strategic, operational, and compliance process risks as part of the central internal control system. To assess the design and effectiveness of the system, a control self-assessment (CSA) is carried out annually, analogous to the accounting-related internal control system. The primary objective of the CSA is to review the design and effectiveness of business process controls and to identify and report any control weaknesses in business processes. The knowledge gained is used, among others, for the continuous improvement and further development of the central internal control system.

Quarterly reports on the current group-wide risk and opportunity situation are given at Executive Board meetings, and the result of the CSA of the central internal control system is presented annually. On the basis of these findings and any process-independent audits, the Executive Board annually assesses the design and effectiveness of Fraport AG's risk management and central internal control system described above.

The central Group Internal Audit performs process-independent audit activities on the risk management and central internal control systems. Audit reviews regularly provide information and findings on the central internal control system, which are to be remedied by measures taken by the REW-RS department together with the departments. The measures for findings from completed audit reviews are currently being processed.

Based on the overall information, the Executive Board has no indication that the risk management system or the central internal control system were not adequate or effective as at December 31, 2022.

Since inherent risks are subject to a probability of detection, a risk management or central internal control system that is judged to be adequate and effective cannot fully ensure complete coverage of all potential risks or exclusion of process violations of any kind.

The Finance and Audit Committee of the Supervisory Board is systematically involved in monitoring the design and effectiveness of the risk management and central internal control system. It receives a semi-annual report on the current risk and opportunity situation and an annual report on the results of the CSA of the central internal control system.

1) The statements in this section are “non-management report disclosures” that are not subject to the external auditor's review of the content of the management report. The reason for this is that these disclosures go beyond the legal obligations.