Management of risks and opportunities
All commercial activities inevitably entail both risks and opportunities. HHLA believes that the effective management of risks and opportunities is a significant success factor for the sustainable enhancement of enterprise value.
Managing risks and opportunities is a key component of the HHLA Group’s management strategy. The planning and controlling process, the reporting system and the boards of the Group’s affiliates are all cornerstones of this risk and opportunity management system. At regular business development meetings, HHLA’s Executive Board discusses strategy, targets and control measures, with due consideration of the risk and opportunity profile.
HHLA’s risk and opportunity management system fosters a keen awareness of dealing with corporate risks and opportunities. It aims to identify risks in good time and take steps to manage or avert them while exploiting opportunities and preventing situations that could jeopardise the continued existence of the HHLA Group. An important element of the system is the promotion of entrepreneurial thinking and independent, responsible action.
Risk and opportunity management system
The risk and opportunity management system is an essential part of HHLA’s corporate governance system. Its structure is based on the international risk management standard “COSO Enterprise Risk Management (2013)”. Key elements of the risk management system are: identifying, assessing, managing, monitoring and reporting risks; clear responsibilities for process participants (Executive Board and managers of affiliates, Internal Audit, Group Controlling); incorporating all majority shareholdings and companies consolidated using the equity method into the risk consolidation group. The Executive Board bears overall responsibility. Its members deal with and assess the risk management reports on a quarterly basis.
Risks are catalogued regularly in the course of the annual planning process. All identified risks are described clearly and classified according to defined risk areas.
< 25 % |
≥ 25 % |
≥ 50 % |
≥ 75 % |
---|---|---|---|
unlikely |
possible |
likely |
most likely |
Equity of the Group (capability) |
||||
---|---|---|---|---|
< 1 % |
< 5 % |
< 10 % |
< 25 % |
≥ 25 % |
not significant |
medium |
significant |
massive |
threatening |
Risks are categorised by the likelihood of their occurrence and the scale of the potential damage. This reflects the anticipated reduction of the operating result or cash flow before taxes if the risk were to materialise.
Risks are assessed in the context of the existing circumstances or a realistic projection. In addition to estimates and economic or mathematical/statistical inferences, sensitivities derived from planning can be used as a basis for assessment. The Group’s affiliates, divisions and corporate staff departments regularly coordinate with the central Risk Management unit of the holding company to ensure that all identified risks are mapped and assessed consistently throughout the Group.
After identifying and assessing the risk, the company then defines control measures aimed at reducing the likelihood of its occurrence and/or the loss or damage. A distinction is made between the gross risk (excluding measures) and the net risk (including measures). Based on the provisions of the German Act to Strengthen Financial Market Integrity (FISG) with regard to the appropriateness and effectiveness of risk management systems, specific details emerge when systematically examining the effectiveness of risk management measures.
This is followed by systematic risk aggregation to calculate the Group’s risks. Compared with the previous year, the systematisation was enhanced as part of the capability analysis.
Risks are monitored continuously and any significant changes are reported and documented on a quarterly basis. Additional ad hoc reports are issued whenever material risks emerge, cease to apply, or change. Risks are reported using standard Group-wide reporting formats in order to ensure a consistent overall picture of current risks.
Opportunity management is comparable to the risk management process. Opportunities are systematically identified and measures developed in an annual planning process. When opportunities are identified, there is no requirement for them to be quantified. Opportunity management focuses on the monitoring and analysis of individual markets and on the early recognition and assessment of trends as a means of identifying opportunities. This includes developments affecting the overall economy or individual sectors as well as regional and local trends. The affiliates’ responsibilities include identifying strategic opportunities in their core markets. HHLA’s Executive Board defines the strategic framework for this objective, for example in the form of strengthening our core business and tapping additional growth areas. When planning, managing and controlling strategic projects for a specific segment or all segments, the Executive Board of HHLA primarily uses the proprietary resources of the holding company.
The most important elements of the risk and opportunity management system and risk and opportunity reporting are described in a corporate guideline.
Accounting-related internal control system
Structure of the system
HHLA’s internal control system is designed to ensure that the (financial) reporting processes used throughout the company are consistent, transparent and reliable. Furthermore, it makes sure they comply with legal standards and the company’s own guidelines. It comprises principles, procedures and methods designed to reduce risk and ensure the effectiveness and propriety of HHLA’s processes.
The internal control system is regularly monitored and assessed according to documented processes, risks and controls. It therefore ensures transparency with regard to its structure and functionality for the purposes of internal and external reporting.
HHLA’s internal accounting control system and risk and opportunity management are based on the criteria set out in the “Internal Control – Integrated Framework” working paper published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Accounting processes are assessed to determine whether there is a risk posed to the existence, completeness, accuracy, valuation, ownership and reporting of transactions. The company also conducts a risk assessment regarding the possibility of fraud. Concluding unusual or complex transactions can lead to specific accounting risks. There is also a latent risk of error when processing non-routine transactions. Employees are by necessity given a certain amount of leeway when recognising and measuring balance sheet items, which can give rise to further risks.
Appropriate and effective controls are intended to reduce accounting risks and make sure that transactions are documented, recorded, processed and assessed correctly in the balance sheet, as well as being quickly and correctly adopted in financial reporting. Controls are in place for all accounting processes.
The Internal Audit department is responsible for monitoring HHLA’s internal control system for its accounting processes by means of individual audits. The external auditor also assesses the effectiveness of the accounting-related internal control system, primarily by carrying out spot checks.
The internal control and risk and opportunity management systems for accounting will always have certain limitations, regardless of how carefully they are designed. For this reason, it is impossible to fully guarantee that accounting standards will always be met or that every incorrect statement will always be avoided or identified.
Significant regulations and controls
Accounting tasks and functions are clearly defined within the Group. There is a clear functional demarcation between accounts payable and accounts receivable as well as the preparation of separate financial statements and the preparation of consolidated financial statements. There is also a clear demarcation between these departments and the respective segment accounting. Separating execution, settlement and authorisation functions and giving these responsibilities to different members of staff reduces the risk of fraud. Multi-stage approval and authorisation thresholds for ordering, payment transactions and accounting are employed across the Group. These include using the double-checking principle. There is a single accounting manual that covers the consistent application and documentation of accounting rules for the entire Group. Other accounting guidelines are also in place. Like the accounting manual, they are reviewed regularly and updated if necessary.
Most bookkeeping procedures are recorded using accounting systems developed by SAP. For the purpose of preparing HHLA’s consolidated financial statements, affiliates add more information to their separate financial statements to form standardised report packages, which are then fed into the SAP ECCS consolidation module for all Group companies.
Measures are in place to protect the IT systems from unauthorised access. Access rights are granted in line with each user’s role. Only those departments responsible for mapping transactions are given write access. Departments responsible for processing information use read access. The principles of function-related authorisations are defined in a set of SAP authorisation guidelines. These form part of a comprehensive IT security guideline, which regulates general access to the IT systems.
External service providers are used for pension reports, fiscal issues and for other reports and projects if necessary.
The specific formal requirements for the consolidation process pertaining to the consolidated financial statements are clearly defined. In addition to a definition of the consolidated group, there are also detailed rules requiring affiliates to use a standardised and complete report package. There are also specific provisions regarding the recording and handling of Group clearing transactions and subsequent balance reconciliations, or the determination of the fair value of shareholdings. As part of the consolidation process, the Group accounting team analyses the separate financial statements submitted by affiliates and corrects them if necessary. Incorrect information is identified and corrected as necessary using control mechanisms already defined in the SAP ECCS system or using system-based plausibility checks.
Independent monitoring
During their individual audits, Internal Audit reviews the risk management processes and the controls built into these processes. The Supervisory Board of HHLA focuses on the appropriateness and effectiveness of the risk management system, the internal control system, the compliance management system and the internal audit system. The external auditors assess the early risk identification and monitoring system on behalf of the Supervisory Board as part of their audit of the consolidated financial statements.