Risk Management / Compliance
OBJECTIVES OF THE RISK MANAGEMENT SYSTEM
Our risk management system aims, first and foremost, to record, analyze and evaluate risks systematically and in a uniform process throughout the Group. In doing so, we benefit from a high level of risk transparency, on the basis of which we can select and implement effective countermeasures. We document all specific risks of our business to the extent that these are identifiable and specific to an adequate degree. General risks that cannot be assessed concerning their probability of occurrence are not taken into account in quantitative terms. These include natural disasters, for instance.
RISK MANAGEMENT SYSTEM: METHODS AND PROCESSES
The Dürr risk management system is geared to the specific features of our business model. It was introduced in its present form in 2008 and has since been continually adjusted to meet new requirements. In tandem with the entrenchment of the system within the operating business and decision-making processes, we have also intensified the risk awareness of our employees and management bodies – through communication and by dealing openly with risks.
Risk management process
The central risk management team at Dürr AG initiates the nine-stage process every six months. The risk inventory conducted by the operating units constitutes a key element of this standard risk cycle. In the process, individual risks are identified, evaluated and consolidated, i.e. classified into 15 specific risk fields. The risk fields cover all management, core and support processes as well as external risk areas. The evaluation of individual risks is the task of the risk managers of the operating units and of Dürr AG; guidance is provided by the risk management manual as well as risk structure spreadsheets. The evaluation process consists of three steps: first of all, the potential damage or loss is calculated, i.e. the maximum effect a risk can have on Group EBIT within the next 24 months. Next, we assess the likelihood of specific risk scenarios turning into reality. In a third step, the effectiveness of possible countermeasures is examined and evaluated with a risk-reducing factor.
The bottom line is the net risk potential, i.e. the net EBIT risk that remains after taking account of the probability of occurrence and the effectiveness of the countermeasures. The lower the probability of occurrence and the higher the effectiveness of the countermeasures, the more the net EBIT risk is reduced.
The net risks (net EBIT risks) of the 15 risk fields are calculated from the sum total of net EBIT risks of all allocated individual risks. Depending on the extent of the net risk, each risk field is assigned to one of the following categories:
- Very low (≤ € 5 million)
- Low (> € 5 million to ≤ € 20 million)
- Medium (> € 20 million to ≤ € 40 million)
- High (> € 40 million)
The net risks of the risk fields are totaled to produce the Group’s entire potential risk exposure. Portfolio and correlation effects are not taken into account in this regard.
Overall risk situation
In accordance with the valuation standards described above, the Group’s overall risk potential came to approx. € 180 million at the end of 2016 (2015: € 175 million). This includes the net risk potential of 267 individual risks evaluated. In light of the volume of business and the general economic situation, we consider the overall risk potential appropriate. We classify our overall risk situation as easily manageable at present. No risks are currently discernible that might endanger the Group’s continued existence as a going concern, either separately or by interaction with other risks.
The compliance management system (CMS) at Dürr
The compliance management system comprises all activities at Dürr with the aim to ensure that all conduct in daily business conforms to the rules and high ethical standards. The CMS governs responsibilities, communication channels and measures in three key areas of activity that are closely interconnected: prevention, early detection and response.
The CMS thus supports Dürr employees in identifying and preventing compliance breaches and the associated liability risks and penalties.
At Dürr, one of the key contributions toward preventing compliance breaches consists of trainings like e-learning programs, face-to-face trainings and induction events for new employees as well as a range of further information available on the intranet. These training measures support employees in detecting and preventing compliance breaches, and they form an integral part of our CMS. Added to that are written guidelines and organizational instructions that set out internal rules, such as separation of functions, approval procedures and signature rules or dual control ('four-eyes principle').
The early detection of risks is a key factor in preventing compliance breaches. A regular process takes place at Group level, whereby Dürr-specific compliance risks are systematically identified, analyzed and updated.
Crucial elements in detecting risks of compliance breaches at an early stage are the annual risk inventory carried out by the Corporate Compliance Board, based on information provided by the local compliance managers, as well as the 6-monthly compliance risk reporting by the Corporate Compliance Officer. Another key factor in the early detection of compliance risks is the Compliance Help Desk, which can be contacted to report potential breaches and risks for Dürr.
If a breach is identified, the relevant Dürr company or functional area is obliged to report the incident immediately using the defined communication channels. Following analysis by the Corporate Compliance Officer, such counter-measures as training, organizational instructions and internal controls are implemented to prevent such compliance breaches in the future.
Organizational structure of compliance management:
The Dürr Group's Corporate Compliance Board deals with any issues relating to compliance. It is composed of the CFOs of the divisions and the heads of some of the Group's central functional areas.
The Corporate Compliance Officer works at central Group level. He/she handles reports on potential compliance breaches and investigates them. Also among his/her remit is the worldwide compliance training program.
Each Dürr company has a local Compliance Manager, who is responsible for local tasks as part of the CMS.
Reporting compliance violations / Helpdesk
To do justice to the trust and confidence placed in Dürr by customers, suppliers, associates, shareholders and employees as well as other stakeholders of the company, absolutely top priority is assigned to the integrity and transparency of our business workflows. To this end, we need to be notified of any compliance violations, particularly in cases of violations of applicable norms under criminal law as well as our Code of Conduct Guidelines.
If you wish, you may also submit any information you may have anonymously. In response to your request, our Compliance Officer will follow up your report anonymously; your data will not be used.
Phone +49 7142 78-3328