Management of risks and opportunities

All commercial activities inevitably entail both risks and opportunities. HHLA believes that the effective management of risks and opportunities is a significant success factor for the sustainable enhancement of enterprise value.

Managing risks and opportunities is a key component of the HHLA Group’s management strategy. The planning and controlling process, the boards of the Group’s affiliates and reporting are all cornerstones of this risk and opportunity management system. At regular business development meetings, HHLA’s Executive Board discusses strategy, targets and control measures, with due consideration of the risk and opportunity profile.

HHLA’s risk and opportunity management system fosters a keen awareness of dealing with corporate risks and opportunities. It aims to identify risks in good time and take steps to manage or avert them while exploiting opportunities and preventing situations that could jeopardise the continued existence of the HHLA Group. An important element of the system is the promotion of entrepreneurial thinking and independent, responsible action.

Risk and opportunity management system

The risk and opportunity management system is an essential part of HHLA’s corporate governance system. Key elements of the risk management system are: identifying, assessing, managing, monitoring and reporting risks; clear responsibilities for process participants (managers of affiliates, Internal Audit, Group Controlling); incorporating all majority shareholdings and companies consolidated using the equity method into the risk consolidation group. The Executive Board bears overall responsibility. Its members deal with and assess the risk management reports on a quarterly basis.

Risks are catalogued regularly in the course of the annual planning process. All identified risks are described clearly and classified according to defined risk areas.

Categorisation of the probability of occurrence

< 25 %

≥ 25 %

≥ 50 %

≥ 75 %

unlikely

possible

likely

most likely

Categorisation of the damage amount

Equity of the Group

< 1 %

< 5 %

< 10 %

< 25 %

≥ 25 %

not significant

medium

significant

massive

threatening

Risks are categorised by the likelihood of their occurrence and the scale of the potential damage. This reflects the anticipated reduction of the operating result or cash flow before taxes if the risk were to materialise.

Risks are assessed in the context of the existing circumstances or a realistic projection. In addition to estimates and economic or mathematical/statistical inferences, sensitivities derived from planning can be used as a basis for assessment. The Group’s affiliates, divisions and corporate staff departments regularly coordinate with the central Risk Management unit of the holding company to ensure that all identified risks are mapped and assessed consistently throughout the Group.

After identifying and assessing the risk, the company then defines control measures aimed at reducing the likelihood of its occurrence and/or the loss or damage. A distinction is made between the gross risk (excluding measures) and the net risk (including measures).

Risks are monitored continuously and any significant changes are reported and documented on a quarterly basis. Additional ad hoc reports are issued whenever material risks emerge, cease to apply, or change. Risks are reported using standard Group-wide reporting formats in order to ensure a consistent overall picture of current risks.

Opportunity management is comparable to the risk management process. Opportunities are systematically identified and measures developed in an annual planning process. When opportunities are identified, there is no requirement for them to be quantified. Opportunity management focuses on the monitoring and analysis of individual markets and on the early recognition and assessment of trends as a means of identifying opportunities. This includes developments affecting the overall economy or individual sectors as well as regional and local trends. The affiliates’ responsibilities include identifying strategic opportunities in their core markets. HHLA’s Executive Board defines the strategic framework for this objective, for example in the form of strengthening our core business and tapping additional growth areas. When planning, managing and controlling strategic projects for a specific segment or all segments, the Executive Board of HHLA primarily uses the proprietary resources of the holding company.

Risk and opportunity management and the internal control system for accounting

Risk and opportunity management and the internal control system for accounting (diagram)

The most important elements of the risk and opportunity management system and risk and opportunity reporting are described in a corporate guideline. The system remains unchanged from the previous year.

Accounting-related internal control system

Structure of the system

HHLA’s internal control system is designed to ensure that the (financial) reporting processes used throughout the company are consistent, transparent and reliable. Furthermore, it makes sure they comply with legal standards and the company’s own guidelines. It comprises principles, procedures and methods designed to reduce risk and ensure the effectiveness and propriety of HHLA’s processes.

The internal control system is regularly monitored and assessed according to documented processes, risks and controls. It therefore ensures transparency with regard to its structure and functionality for the purposes of internal and external reporting.

HHLA’s internal accounting control system and risk and opportunity management are based on the criteria set out in the “Internal Control – Integrated Framework” working paper published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Accounting processes are assessed to determine whether there is a risk posed to the existence, completeness, accuracy, valuation, ownership and reporting of transactions. The company also conducts a risk assessment regarding the possibility of fraud. Concluding unusual or complex transactions can lead to specific accounting risks. There is also a latent risk of error when processing non-routine transactions. Employees are by necessity given a certain amount of leeway when recognising and measuring balance sheet items, which can give rise to further risks.

Appropriate and effective controls are intended to reduce accounting risks and make sure that transactions are documented, recorded, processed and assessed correctly in the balance sheet, as well as being quickly and correctly adopted in financial reporting. Controls are in place for all accounting processes.

The Internal Audit department is responsible for monitoring HHLA’s internal control system and risk and opportunity management for its accounting processes. The external auditor also assesses the effectiveness of the accounting-related internal control system, primarily by carrying out spot checks.

The internal control and risk and opportunity management systems for accounting will always have certain limitations, regardless of how carefully they are designed. For this reason, it is impossible to fully guarantee that accounting standards will always be met or that every incorrect statement will always be avoided or identified.

Significant regulations and controls

Accounting tasks and functions are clearly defined within the Group. There is a clear functional demarcation between accounts payable and accounts receivable as well as the preparation of separate financial statements and the preparation of consolidated financial statements. There is also a clear demarcation between these departments and the respective segment accounting. Separating execution, settlement and authorisation functions and giving these responsibilities to different members of staff reduces the risk of fraud. Multi-stage approval and authorisation thresholds for ordering, payment transactions and accounting are employed across the Group. These include using the double-checking principle. There is a single accounting manual that covers the consistent application and documentation of accounting rules for the entire Group. Other accounting guidelines are also in place. Like the accounting manual, they are reviewed regularly and updated if necessary.

Most bookkeeping procedures are recorded using accounting systems developed by SAP. For the purpose of preparing HHLA’s consolidated financial statements, affiliates add more information to their separate financial statements to form standardised report packages, which are then fed into the SAP ECCS consolidation module for all Group companies.

Measures are in place to protect the IT systems from unauthorised access. Access rights are granted in line with each user’s role. Only those departments responsible for mapping transactions are given write access. Departments responsible for processing information use read access. The principles of function-related authorisations are defined in a set of SAP authorisation guidelines. These form part of a comprehensive IT security guideline, which regulates general access to the IT systems.

External service providers are used for pension reports, fiscal issues and for other reports and projects if necessary.

The specific formal requirements for the consolidation process pertaining to the consolidated financial statements are clearly defined. In addition to a definition of the consolidated group, there are also detailed rules requiring affiliates to use a standardised and complete report package. There are also specific provisions regarding the recording and handling of Group clearing transactions and subsequent balance reconciliations, or the determination of the fair value of shareholdings. As part of the consolidation process, the Group accounting team analyses the separate financial statements submitted by affiliates and corrects them if necessary. Incorrect information is identified and corrected as necessary using control mechanisms already defined in the SAP ECCS system or using system-based plausibility checks.

Independent monitoring

During their audits, Internal Audit reviews the risk management processes as well as the effectiveness and suitability of the controls built into these processes. HHLA’s Supervisory Board monitors the effectiveness of the risk management system. The external auditors assess the early risk identification and monitoring system on behalf of the Supervisory Board as part of their audit of the consolidated financial statements.