Risk and opportunity management system
As one of the world’s leading providers in the telecommunications and information technology industry, we are subject to all kinds of uncertainties and change. In order to operate successfully in this ongoing volatile environment, we need to anticipate any developments at an early stage and systematically identify, assess, and manage the resulting risks. It is equally important to recognize and exploit opportunities. We therefore consider a functioning risk and opportunity management system to be a central element of value-oriented corporate governance.
The need for a risk management system arises not only from business management requirements, but also from regulations and law, in particular § 91 (2) of the German Stock Corporation Act (Aktiengesetz – AktG). The Audit Committee monitors the effectiveness of the internal control system and the risk management system as required by § 107 (3) sentence 2 AktG.
Our Group-wide risk and opportunity management system covers all strategic, operational, financial, and reputational risks as well as the corresponding opportunities for our fully consolidated entities. The aim is to identify these risks and opportunities early on, monitor them, and manage them in accordance with the desired risk profile.
We base our system on an established standard process (see the following graphic). Once risks and opportunities have been identified, we move on to analyze and assess them in more detail. The effects of risks and opportunities are not offset against each other. We then decide on the specific action to be taken, e.g., reducing risks or seizing opportunities. The respective risk owner implements, monitors, and evaluates the associated measures. All steps are repeatedly traversed and modified to reflect the latest developments and decisions.
Our risk and opportunity management system is based on the globally applicable risk management standard of the International Standards Organization (ISO). ISO standard 31 000 “Risk management – Principles and guidelines” is regarded as a guideline for internationally recognized risk management systems.
Our Internal Audit unit reviews the functionality and effectiveness of our risk management system at regular intervals. The external auditor mandated by law to audit the Company’s annual financial statements and consolidated financial statements in accordance with § 317 (4) of the German Commercial Code (Handelsgesetzbuch – HGB) examines whether the risk early warning system is able to identify at an early stage risks and developments that could jeopardize the Company’s future. Our system complies with the statutory requirements for risk early warning systems and conforms to the German Corporate Governance Code.
In addition, our Group Controlling unit specifies a series of Group guidelines and processes for the planning, budgeting, financial management, and reporting of investments and projects. These guidelines and processes guarantee the necessary transparency during the investment process and the consistency of investment planning and decisions in our Group and operating segments. They also provide decision-making support for the Board of Management and the Board of Management Assets Committee. This process additionally includes the systematic identification of strategic risks and opportunities.
ORGANIZATION OF RISK MANAGEMENT
The Group Risk Management unit provides methods for the risk management system applied Group-wide and the associated reporting system. Our Germany, United States, Europe, and Systems Solutions operating segments are connected to the central risk management system via their own risk management systems. The relevant risk owners in the operating segments and central Group units are responsible for managing and reducing risks.
As of January 1, 2017, our organizational structure changed: We created a new Technology and Innovation Board of Management department. Going forward, we will report on this department in our Group Headquarters & Group Services segment. We will also report on our new Group Development operating segment as of the start of 2017. For more information, please refer to the section “Group organization”.
RISK IDENTIFICATION AND REPORTING
Each operating segment produces a quarterly risk report in accordance with the standards laid down by the central Risk Management unit and based on specific materiality thresholds. These reports assess risks, taking into account their extent in terms of impact on results of operations or financial position, as well as their probability of occurrence, and they identify action to be taken and suggest or initiate measures. The assessment additionally includes qualitative factors that could be important for our strategic positioning and reputation and also determine the aggregate risk. We base our assessment of risks on a period of two years. This is also the length of our forecast period.
The Group risk report, which presents the main risks, is prepared for the Board of Management on the basis of this information. The Board of Management informs the Supervisory Board. The Audit Committee of the Supervisory Board also examines this report at its meetings. If any unforeseen risks arise outside regular reporting of key risks, they are reported ad hoc.
In addition to the quarterly risk report, we use additional tools for monitoring and analyzing risks, in which we collect a large number of early-warning and economic indicators, e.g., on macroeconomic, political, and legal developments in our markets.
IDENTIFICATION OF OPPORTUNITIES THROUGH THE ANNUAL PLANNING PROCESS
In addition to the systematic management of risks, the Company’s long-term success must be secured through integrated opportunities management. The identification of opportunities and their strategic and financial assessment play a major role in our annual planning process.
The short-term monitoring of results and the medium-term planning process help our operating segments and Group Headquarters to identify and seize the opportunities in our business throughout the year. While short-term monitoring of results mainly targets opportunities for the current financial year, the medium-term planning process focuses on opportunities that are strategically important for our Group. We distinguish between two types of opportunities:
- Opportunities with external causes over which we have no influence, for example, the revocation of additional taxes in Europe.
- Opportunities created internally, for example by focusing our organizational structure on innovation and growth areas and products, or through business partnerships and collaborations from which we expect synergies.
We have continuously increased the efficiency of our planning process so as to give us greater scope. This puts the organization in a position to identify and seize new opportunities and generate new business. The preliminary plans of our operating segments form the basis for a concentrated planning phase during which members of the Board of Management, business leaders, senior executives, and experts from all business areas intensively discuss the strategic and financial focus of our Group and our operating segments on a daily basis, and from all of which they ultimately produce an overall picture. The identification of opportunities from innovation and their strategic and financial assessment play a major role throughout this phase. This daily “brainstorming” may result in opportunities being rejected, passed back to the respective working groups for revision, or adopted and transferred to the organization.