Risk Report
In the past fiscal year the Group's standardized risk management system again played a major role in increasing the transparency of the risk situation at ThyssenKrupp and enhancing our ability to identify, evaluate and control risks. From the present perspective all risks are contained and manageable. The future existence of the Company is secured.
- Risk policy embedded in corporate strategy
- Risk management system established throughout the Group
- Key features of the internal control and risk management system with regard to the Group accounting process
- Utilizing opportunities and simultaneously managing risks
- Risk transfer by central service provider
- Financial risks
- Order risks
- Sales risks
- Risks associated with business relationships with customers in countries with trade restrictions
- Procurement risks
- Risks associated with acquisitions, disposals and restructurings
- Legal risks associated with third-party claims
- Regulatory risks
- Environmental risks
- Risks associated with information security
- Risks associated with pensions and healthcare obligations
- Personnel risks
- General economic risks
- No threat to existence of Group
Risk policy embedded in corporate strategy
Binding throughout the Group, the risk principles at ThyssenKrupp are based on our corporate strategy. Our risk management system is targeted at safeguarding existing assets and sustainably increasing the value of the Company; it therefore fulfills a core business function. To achieve an appropriate increase in value, we make optimum use of opportunities while consciously and responsibly taking business risks in our core processes and managing these actively. As part of our efficient risk management, other risks are transferred, reduced or completely prevented. Overall the Group can extensively cover all risks taken.
The Group Policy Statement on Risk Management documents the framework conditions and responsibilities for orderly and forward-looking risk management and is binding for all employees. Groupwide codes of conduct such as the Group's compliance standards and the prohibition of speculative transactions also form part of the risk principles. Regular control measures and numerous training programs help communicate the importance of the requirements to all employees. We continue to consider the risks to the Group contained and manageable.
Risk management system established throughout the Group
Alongside the risk principles, the Group Policy Statement on Risk Management includes other binding standards for the risk management process. In various reporting elements we communicate information on operating and strategic risks in a standardized process which permits the identification, assessment, control and monitoring of risks. Because it is integrated in the Group's corporate controlling department, risk management is also closely interlinked with planning and other reporting processes. Risk maps for all Group entities are prepared with the help of a web-based reporting tool in which Group companies report on the status of their risk situation using tiered threshold values, identify risk management measures and update the early warning indicators for assessing risks.
Each business area updates its assessment of the opportunities and risks in the current fiscal year on a monthly basis and provides information on any changes to material risks in the risk map. The material risks – clearly defined at Group level on the basis of probability of occurrence and loss amounts - are discussed in the Risk Committee and then communicated in a systematic and transparent report to the Executive Board and the Supervisory Board Audit Committee.
This standardized and transparent risk management system was introduced by the Executive Board of ThyssenKrupp AG for the entire Group and has proven itself to be efficient. In addition, ad hoc risks and losses incurred are communicated directly to the risk management officers outside the normal reporting channels.
To ensure the efficient monitoring of the risk management system, Corporate Center Internal Auditing carries out regular audits worldwide. Their findings help us further improve the way risks are managed throughout the Group. In addition we continuously optimize the tools and methods for registering and managing risks so as to enhance the quality of the information generated and further strengthen the interlinking of internal processes.
Key features of the internal control and risk management system with regard to the Group accounting process
Our internal control system, defined as the entire body of coordinated principles, processes and measures applied in the Company to ensure business and control objectives are achieved, is continuously optimized to guarantee the security and efficiency of business management, the reliability of financial reporting, and compliance with laws and policies.
For the accounting process at ThyssenKrupp this means that implemented controls adequately ensure that despite any risks the consolidated financial statements comply with the requirements. Various integrated and independent supervision measures are in place to help achieve this aim.
Our consolidated financial statements are prepared on the basis of a standard accounting policy which is regularly updated and made available to all relevant employees via an internal internet platform. A specially developed consolidation tool based on standard software is used, which ensures a uniform procedure and minimizes the risk of false statements in the Group's financial accounting and external reporting.
Financial reporting is organized in clearly defined sub-processes. Clear-cut responsibilities in line with the principle of segregating functions and the dual-control principle reduce the risk of fraudulent conduct.
As the department responsible for the preparation of the consolidated financial statements, Corporate Center Accounting and Financial Reporting issues the decentralized units with binding standards for content and scheduling so as to safeguard the consistency of accounting practices in the Group and minimize scope for discretion in connection with the recognition, measurement and statement of assets and liabilities.
In some cases individual decentralized units use the Group's shared service centers to prepare their local financial statements. Service center employees and all other employees involved in the accounting process undergo regular training and receive support.
We control and monitor the relevant IT systems used in the consolidation process on a centralized basis and perform regular system backups to reduce the risk of data loss and system failure. Automatic controls and manual checks by experienced employees as well as custom authorizations and access controls are part of a security system designed to protect finance systems against misuse.
Corporate Center Internal Auditing is also involved in the overall process in that it regularly checks the efficiency of the internal control and risk management system in the accounting processes.
The overall package of processes, systems and controls provides sufficient guarantee that the Group accounting process is carried out reliably and in compliance with IFRS, German GAAP (HGB) and other standards and laws of relevance to accounting.
Utilizing opportunities and simultaneously managing risks
When we see and wish to utilize appropriate opportunities in connection with our strategic decisions, we take risks responsibly in compliance with the requirements of the risk principles and make the necessary provision to cover risks.
Risk transfer by central service provider
As central service provider, ThyssenKrupp Risk and Insurance Services again handled the Groupwide transfer of risks to insurers in 2010/2011. The scope and structure of insurance cover is determined on the basis of risk assessments in which insurable risks at the Group companies are identified, evaluated and reduced or removed through asset-specific protection plans. Depending on the Group's risk-bearing ability, we agree appropriate deductibles for individual classes of insurance.
To keep risk prevention at a sustainable and appropriately high level, binding standards are in place for all Group companies. These standards were developed by experts from all areas of the Group under the leadership of ThyssenKrupp Risk and Insurance Services and are updated on an ongoing basis. Internal and external auditors regularly check compliance with these standards.
To limit the risk of insurer insolvency, we spread the risk over numerous insurers taking into account the ratings given to these insurers by recognized agencies.
Financial risks
Central responsibilities of ThyssenKrupp AG as parent company include the coordination and management of financial requirements within the Group and securing the financial independence of the Company as a whole. To this end we optimize Group financing and limit the financial risks. Risks in the individual financial risk areas are minimized through an ongoing process of monitoring and intensive controls.
Credit risk (default risk): We enter into financial instrument transactions in the financing area only with counterparties who have a very high credit standing and/or are covered by a deposit guarantee fund. Transactions are concluded only within specified counterparty risk limits. Outstanding receivables and default risks in connection with supplies and services are constantly monitored by the Group companies; in some cases they are additionally insured under commercial credit policies. The credit standing of key account customers is monitored particularly closely.
Liquidity risk: To secure the solvency and financial flexibility of the Group at all times, we maintain long-term credit facilities and cash funds on the basis of a multi-year financial planning system and a liquidity planning system on a rolling monthly basis. The cash pooling system and external financings are concentrated mainly on ThyssenKrupp AG and specific financing companies. We use the cash pooling system to allocate resources to Group companies internally according to requirements.
Market risk: Various measures are used to mitigate or eliminate the risk of fluctuations in the fair values or future cash flows from non-derivative or derivative financial instruments due to market changes. These mainly include off-exchange-traded foreign currency forward contracts, interest-rate swaps, interestrate/ foreign currency derivatives and commodity forward contracts with banks and commercial partners. To hedge against commodity price risks we also use exchange-traded futures. The use of derivative financial instruments is extensively monitored, with checks being carried out on the basis of policies in the framework of regular reporting.
Currency risk: To contain the risks of our numerous payment flows in different currencies – in particular in US dollars – we have developed Groupwide policies for foreign currency management. All companies of the Group are required to hedge foreign currency positions at the time of their inception; companies based in the euro zone hedge via our central clearing office. Translation risks arising from the conversion of foreign currency positions are generally not hedged.
Interest rate risk: To cover our capital requirements, we procured funds on the international money and capital markets in different currencies and with various maturities. The resulting financial liabilities and our financial investments are partially exposed to risks from changing interest rates. To manage these risks, regular interest rate risk analyses are prepared, the results of which feed into our risk management system.
Order risks
Cost overruns and/or schedule delays can occur in the handling of major orders. We counter these risks by deploying experienced project managers and continuously improving our management instruments. We select our customers carefully and minimize the risk of default by collecting progress payments.
Sales risks
As a global industrial group, ThyssenKrupp is dependent on the international economic situation. Especially in the currently weakening global economy, we closely monitor economic trends in our sales regions in order to minimize the market risks. If necessary we have a package of measures at our disposal, for example an immediate adjustment of our capacities.
Our international presence in different sectors and our widely differentiated product and customer structure make us largely independent of regional crises on our sales markets. Our effective receivables management system counters the risk of bad debt and continuously monitors the credit rating of our customers. More details on sales risks are provided in the section headed "Specific risks for our operations".
Risks associated with business relationships with customers in countries with trade restrictions
Due to our global organization, ThyssenKrupp has business relationships in countries subject to trade restrictions. In 2010 the Federal Republic of Germany, the EU and the USA, acting on the basis of UN Resolution 1929, expanded existing trade restrictions on the Islamic Republic of Iran to include the petroleum sector, and added further individuals and a number of banks to the sanctions lists to prohibit business with them. Violations of the tightened trade restrictions are subject to severe penalties and could damage ThyssenKrupp's reputation. We have always complied scrupulously with export control regulations and in particular trade restrictions. In addition, the Executive Board of ThyssenKrupp AG ordered a review of the business activities with Iranian customers in existence before the tighter trade restrictions came into effect to establish whether they comply with the new laws. In September 2010 it was decided that ThyssenKrupp will not enter into any new transactions with Iranian customers. This measure significantly reduces the risk of a potential violation of trade restrictions. In addition, an Elevator investment in Iran has been sold.
Procurement risks
Depending on the market situation, prices for raw materials and energy can fluctuate significantly. We safeguard our competitiveness by adjusting purchasing prices and securing alternative procurement sources. The geographical distribution of orders makes us less vulnerable to regional supply bottlenecks. To hedge against raw material price swings, in particular for nickel and copper, we also use derivative financial instruments – mainly commodity forward transactions. The use of these instruments is subject to strict rules. Details of these risk areas are provided in the Notes.
The energy transition in Germany will permanently increase the price of electricity with the rise in the share of renewable energies and the associated need to expand the electricity grids. On top of this there are cost-intensive regulatory requirements for the electricity and gas networks of our major production locations. To counter the risk of rising energy prices we pursue a structured energy procurement policy. Furthermore all business areas are further increasing their efforts to save energy and recycle waste so as to prevent greenhouse emissions and conserve natural resources.
Risk policy embedded in corporate strategy
Binding throughout the Group, the risk principles at ThyssenKrupp are based on our corporate strategy. Our risk management system is targeted at safeguarding existing assets and sustainably increasing the value of the Company; it therefore fulfills a core business function. To achieve an appropriate increase in value, we make optimum use of opportunities while consciously and responsibly taking business risks in our core processes and managing these actively. As part of our efficient risk management, other risks are transferred, reduced or completely prevented. Overall the Group can extensively cover all risks taken.
The Group Policy Statement on Risk Management documents the framework conditions and responsibilities for orderly and forward-looking risk management and is binding for all employees. Groupwide codes of conduct such as the Group's compliance standards and the prohibition of speculative transactions also form part of the risk principles. Regular control measures and numerous training programs help communicate the importance of the requirements to all employees. We continue to consider the risks to the Group contained and manageable.
Risks associated with acquisitions, disposals and restructurings
Active portfolio management is a key element of our corporate development. We constantly monitor and if necessary make provision in the balance sheet for risks associated with the disposal or acquisition of companies, business activities and real estate and with restructurings.
Legal risks associated with third-party claims
Claims can result in legal risks. In the associated legal proceedings ThyssenKrupp is represented by its own experienced corporate counsel, if necessary with the additional support of external attorneys. We minimize claims for damages under product liability law through the high quality of our products.
When contractual partners assert claims against ThyssenKrupp under plant construction, supply and service contracts, we examine the individual claims carefully and make provision where payment obligations are considered likely.
Our strict compliance program reduces the risk of antitrust violations and corruption at all levels of the Group. In the Compliance Commitment the Executive Board of ThyssenKrupp AG states that antitrust violations and corruption are not tolerated in the Group. We monitor and regularly update our supplementary policies and publications as well as our internal compliance organization.
We have separated the legal counsel service from compliance in terms of organization and staff. Within compliance the advisory function was also segregated from general principles and compliance investigations. In May 2011 we resolved further measures which will be implemented in the framework of a multi-year program. These measures include an increase in the number of employees in the compliance organization, namely by appointing regional compliance officers in selected regions.
We appointed KPMG AG to audit our compliance program to auditing standard 980 of the Institute of Public Auditors in Germany (Institut der Wirtschaftsprüfer e.V.) for the period April to September 2011. The audit covered the structure, implementation and in particular the effectiveness of our compliance program, and was therefore the most extensive audit possible under IDW PS 980. Due to the special rules applying in the USA, the subsidiaries in this country were not part of the audit. KPMG confirmed that the compliance management system at ThyssenKrupp AG is appropriately implemented and was effective in the period reviewed. Insofar as recommendations for compliance work were made on the basis of the audit findings, their implementation is being examined.
In extensive training programs and an interactive compliance e-learning program, we inform our employees about compliance requirements, infringement risks and potential sanctions. In 2010/2011 more than 3,500 employees worldwide took part in classroom training sessions. To supplement the compliance training program, we have introduced a Groupwide interactive e-learning program comprising modules on competition law and combating corruption, which is available in eleven languages. The second cycle of the e-learning program which started in August 2008 is aimed at refreshing the knowledge of employees who have taken part previously and for the first time training employees outside Europe. Since the launch of the second cycle, 25,600 employees worldwide have completed online training courses on competition law and anti-corruption policies.
A report on pending litigation and claims for damages can be found in the Notes.
Regulatory risks
Our business operations are in some cases closely dependent on the legal framework at national or European level. Developments such as changes to competition rules in individual sections of the markets can involve risks for us and lead to higher costs or other disadvantages. To contain these risks we maintain close working contact with the relevant institutions to prevent distortion of competition.
Based on model calculations, we will face substantial costs for emission allowances in the third trading period of the EU Emissions Trading Scheme from 2013 to 2020. As an energy-intensive industrial and services group we face earnings risks if we are unable in the competitive international market to pass on to our customers all or any of the additional costs. ThyssenKrupp participates both directly and via industry associations in the discussion process on politically desired energy price surcharges.
Environmental risks
Due to the production processes in our industrial plants, we are exposed to process-related risks that can lead to air and water pollution. ThyssenKrupp continuously invests in sustainable environmental protection in our production operations so as to conserve resources and minimize environmental impact over the long term. Many Group companies have established certified environmental management systems which reduce the risk of environmental damage.
Some of our real estate no longer used for operations is subject to risks from past pollution and mining subsidence which we contain with preventive measures and scheduled remediation work. Our real estate area recognizes adequate provisions for this every fiscal year.
Risks associated with information security
We continually review our information technologies to ensure the secure handling of IT-based business processes and reduce risks. If necessary, the systems are updated and protected even more effectively. Further, measures are in place to maximize information security awareness and provide the necessary technical support for all employees. The IT-based integration of business processes is subject to the condition that the risks involved for our Group companies and business partners are minimized. In the reporting year we therefore again carried out extensive measures to further improve our security standards and our information security management system.
Various business processes and data centers attained security certification which documents the standard achieved for our customers. In the new ThyssenKrupp Quarter in Essen we raised the standard of security significantly: By incorporating state-of-the-art technologies from the planning stage we were able to achieve an appropriate level of protection. Regular tests are carried out – in some cases with external support – to check whether our IT infrastructure is vulnerable to hacking. If necessary increased protection is introduced immediately. In addition we have established a Groupwide program to guarantee segregation of duties in ERP (Enterprise Resource Planning) systems in accordance with the principle of dual control. This minimizes risks for numerous business processes at authorization level.
Together with the Group’s data protection officer, our experts ensure that personal data are processed only in accordance with the rules of the German Data Protection Act. All these measures allow us to continue to protect the Group’s business data as well as the privacy of our business associates and employees through preventive action and to respond appropriately to potential new risks.
Risks associated with pensions and healthcare obligations
The fund assets used to finance pension liabilities are exposed to capital market risks. To minimize these risks, the individual investment forms are selected and weighted on the basis of studies by independent experts. The aim is to adjust the investments to ensure that the associated pension liabilities are permanently fulfilled in respect of the current and future income from the investments. Pension obligations are subject to risks from increased life expectancies of beneficiaries and from obligations to adjust pension amounts on a regular basis. In addition, the cost of healthcare obligations in the USA may increase. Furthermore, in some countries there is a risk of significantly higher payments having to be made to finance pension plans in the future due to stricter statutory requirements. In individual cases, the premature cancellation of a pension plan may necessitate an additional allocation.
Personnel risks
Our staff and managers with their commitment to ThyssenKrupp are of central importance to our success. To find key personnel to fill vacancies and avoid losing competent employees, we position ourselves as an attractive employer and promote the long-term retention of employees in the Group. We offer executives an ongoing management development program, career prospects and attractive incentives, while our staff receive targeted mentoring. We inform interested young people about career opportunities at ThyssenKrupp from an early stage and support apprentices as they start work. Our cooperation with key universities and early contacts with talented students also help us secure the young people we need for our workforces.
General economic risks
We expect further growth of the global economy in 2012. However, our forecasts are subject to great uncertainties. For the industrialized countries there is a risk of a further slowdown in the economy, in particular on account of the debt crisis in some countries and the associated turbulence on the financial markets. If growth in the emerging countries fails to match expectations, the risk of a global economic downturn will increase. This would impact demand on the markets important to us.
No threat to existence of Group
The overall risk situation at ThyssenKrupp continues to be manageable. Our continuous risk management activities with tailored risk control in all business operations play a key role in this. The existence of the Group is secured.
Source: Annual Report 2010/2011, p. 108-115, 119
For more details, please turn to the Corporate Governance Report Page.
