Audited

Risk and Opportunity Management

All commercial activities inevitably entail both risks and opportunities. HHLA believes that the effective management of risks and opportunities is a significant success factor for the sustainable enhancement of enterprise value.

Managing risks and opportunities is a key component of the HHLA Group’s management strategy. The planning and controlling process, the committees of the Group’s affiliates and reporting are all cornerstones of this risk and opportunity management system. At regular business development meetings, HHLA’s Executive Board discusses strategy, targets and control measures, with due consideration of the risk and opportunity profile.

HHLA’s risk and opportunity management system fosters a keen awareness of dealing with corporate risks and opportunities. It aims to identify risks in good time and take steps to manage or avert them while exploiting opportunities and preventing situations that could jeopardise the continued existence of the HHLA Group. An important element of the system is the promotion of entrepreneurial thinking and independent, responsible action.

Risk and Opportunity Management System

In order to enable proactive steps to be taken to deal with the risk and opportunity profile, the risk and opportunity management system comprises the necessary organisational rules and procedures for identifying risks at an early stage and for reporting on opportunities. The work performed by the risk and opportunity management system is carried out according to systematic principles and is subject to a continual improvement process.

The Executive Board, Internal Audit and Controlling have worked together closely to establish clear lines of responsibility for the identification, assessment, control, monitoring and reporting of risks, as a key element of the risk management system. The Executive Board of HHLA bears overall responsibility for risk management within the HHLA Group. The risk consolidation group includes all of the majority shareholdings as well as all companies consolidated using the equity method.

Risks are catalogued regularly in the course of the annual planning process. All identified risks are described clearly and classified according to defined risk areas.

Risks are categorised by the likelihood of their occurrence and the scale of the potential damage. This reflects the anticipated reduction of the operating result or cash flow before taxes if the risk were to materialise.

Risks are assessed in the context of the existing circumstances or a realistic projection. In addition to estimates and economic or mathematical/statistical inferences, sensitivities derived from planning can be used as a basis for assessment. The Group’s affiliates, divisions and corporate staff departments regularly coordinate with the central Risk Management unit of the holding company to ensure that all identified risks are mapped and assessed consistently throughout the Group.

After identifying and assessing the risk, the company then defines control measures aimed at reducing the likelihood of its occurrence and/or the loss or damage. A distinction is made between the gross risk (excluding measures) and the net risk (including measures).

Risk and Opportunity Management and the Internal Control System for Accounting

Risk and Opportunity Management and the Internal Control System for Accounting (diagramm)Risk and Opportunity Management and the Internal Control System for Accounting (diagramm)

Risks are monitored continuously and any significant changes are reported and documented on a quarterly basis. Additional ad hoc reports are issued whenever significant risks emerge, cease to apply, or change. Risks are reported using standard Group-wide reporting formats in order to ensure a consistent overall picture of current risks.

Categorization of the probability of occurrence

< 25 %

≥ 25 %

≥ 50 %

≥ 75 %

unlikely

possible

likely

most likely
Categorization of the damage amount

Equity of the Group

< 1%

< 5 %

< 10 %

< 25 %

≥ 25 %

not significant

medium

significant

massiv

threatening

Opportunity management is comparable to the risk management process. Opportunities are systematically identified and measures developed in an annual planning process. When opportunities are identified, there is no requirement for them to be quantified. Opportunity management focuses on the monitoring and analysis of individual markets and on the early recognition and identification of trends as a means of identifying opportunities. This includes developments affecting the overall economy or individual sectors as well as regional and local trends. The affiliates’ responsibilities include identifying strategic opportunities in their core markets. HHLA’s Executive Board defines the strategic framework for this objective. In addition, opportunity-oriented projects that affect more than one affiliate are centrally coordinated. HHLA’s Corporate Development department assists the Executive Board with planning, controlling and monitoring multi-segment projects relating to the long-term development of the HHLA Group. Through its role as a link to the Executive Board, Corporate Development also helps divisions and affiliates with strategic issues such as market and competition analyses, business plans or product portfolio alignment.

The most important elements of the risk and opportunity management system and risk and opportunity reporting are described in a corporate guideline. The system remains unchanged from the previous year.

Accounting-Related Internal Control System

Structure of the Internal Control System

HHLA’s internal control system is designed to ensure that the (financial) reporting processes used throughout the company are consistent, transparent and reliable. Furthermore, it makes sure they comply with legal standards and the company’s own guidelines. It comprises principles, procedures and methods designed to reduce risk and ensure the effectiveness and propriety of HHLA’s processes.

The internal control system is regularly monitored and assessed according to documented processes, risks and controls. It therefore ensures transparency with regard to its structure and functionality for the purposes of internal and external reporting.

HHLA’s internal accounting control and risk and opportunity management system is based on the criteria set out in the “Internal Control – Integrated Framework” working paper published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Accounting processes are assessed to determine whether there is a risk posed to the existence, completeness, accuracy, valuation, ownership and reporting of transactions. The company also conducts a risk assessment regarding the possibility of fraud. Concluding unusual or complex transactions can lead to specific accounting risks. There is also a latent risk of error when processing non-routine transactions. Employees are by necessity given a certain amount of leeway when recognising and measuring balance sheet items, which can give rise to further risks.

Internal controls are intended to reduce accounting risks and make sure that transactions are documented, recorded, processed and assessed correctly in the balance sheet, as well as being quickly and correctly adopted in financial reporting. Controls are in place for all accounting processes.

The Internal Audit department is responsible for monitoring HHLA’s internal control system and risk and opportunity management for its accounting processes. The external auditor also assesses the effectiveness of the accounting-related internal control system, primarily by carrying out spot checks.

The internal control and risk and opportunity management systems for accounting will always have certain limitations, regardless of how carefully they are designed. For this reason, it is impossible to fully guarantee that accounting standards will always be met or that every incorrect statement will always be avoided or identified.

Significant Regulations and Controls

Accounting tasks and functions are clearly defined within the Group. There is a clear functional demarcation between accounts payable and accounts receivable as well as the preparation of Separate Financial Statements and the preparation of Consolidated Financial Statements. There is also a clear demarcation between these departments and the respective segment accounting. Separating execution, settlement and authorisation functions and giving these responsibilities to different members of staff reduces the risk of fraud. Multi-stage approval and authorisation thresholds for ordering, payment transactions and accounting are employed across the Group. These include using the double-checking principle. There is a single accounting manual that covers the consistent application and documentation of accounting rules for the entire Group. Other accounting guidelines are also in place. Like the accounting manual, they are reviewed regularly and updated if necessary.

Most bookkeeping procedures are recorded using accounting systems developed by SAP. For the purpose of preparing HHLA’s Consolidated Financial Statements, affiliates add more information to their Separate Financial Statements to form standardised report packages, which are then fed into the SAP ECCS consolidation module for all Group companies.

Measures are in place to protect the IT systems from unauthorised access. Access rights are granted in line with each user’s role. Only those departments responsible for mapping transactions are given write access. Departments responsible for processing information use read access. The principles of function-related authorisations are defined in a set of SAP authorisation guidelines. IT security guidelines also cover access to IT systems in general.

External service providers are used for pension reports, fiscal issues and for other reports and projects if necessary.

The specific formal requirements for the consolidation process pertaining to the Consolidated Financial Statements are clearly defined. In addition to a definition of the consolidated group, there are also detailed rules requiring affiliates to use a standardised and complete report package. There are also specific provisions regarding the recording and handling of Group clearing transactions and subsequent balance reconciliations, or the determination of the fair value of shareholdings. As part of the consolidation process, the Group accounting team analyses the Separate Financial Statements submitted by affiliates and corrects them if necessary. Incorrect information is identified and corrected as necessary using control mechanisms already present in the SAP ECCS system or using system-based plausibility checks.

Independent Monitoring

Internal Audit is responsible for auditing the risk and opportunity management system and conducts regular checks to monitor compliance with the internal control system. HHLA’s Supervisory Board monitors the effectiveness of the risk management system. The external auditors assess the early risk identification and monitoring system on behalf of the Supervisory Board as part of their audit of the Annual Financial Statements.