Risk and opportunity management system

In a dynamic market environment, the early identification and systematic exploitation of opportunities is a fundamental entrepreneurial task. This is an essential prerequisite for our company’s long-term success. We are continuously exposed to risks that can impede the realisation of our short-term and medium-term objectives as well as the implementation of long-term strategies. In some cases, we must consciously take manageable risks to be able to exploit opportunities in a targeted manner. We define risks as internal or external events resulting from uncertainty over future developments that can negatively impact the realisation of our corporate objectives. We define opportunities as possible achievements that extend beyond the defined objectives and can thus facilitate and drive our business development. We consider risks and opportunities as inextricably linked. Risks can, for example, emerge from missed or poorly exploited opportunities. Conversely, exploiting opportunities in dynamic growth markets or in new business areas always entails risks.

With this in mind, we understand our company’s risk and opportunity management system as a tool that helps us to achieve our corporate goals. It is a systematic process that encompasses the entire group. It helps the company’s management to identify, classify and control risks and opportunities. As such, risk and opportunity management form a unity. Our risk management identifies developments and events that could potentially prevent us from reaching our business targets at an early stage and analyses their implications. This allows us to put the necessary countermeasures into place in a timely manner. At the same time, this forecasting process allows us to systematically exploit emerging opportunities.

Centralised management and efficient organisation

Group-wide risk and opportunity management tasks and responsibilities are clearly defined and reflect our corporate structure. We combine centralised business management by the management holding company METRO AG with the decentralised operating responsibility of the individual .

It is the responsibility and a legal obligation of the Management Board of METRO AG to organise a system for METRO. We regard the risk management system, the internal control system, the management system as well as internal to be components of the governance, risk and compliance system (GRC system). This organisational structure is based on the governance elements identified in § 107 Section 3 of the German Stock Corporation Act (AktG) as well as the German Corporate Code. The fundamental principles of the GRC system are defined and documented in our governance, risk and compliance guideline. This guideline is intended to render structures and processes more transparent and to harmonise the procedural-organisational framework for the subsystems. This is the foundation for our efforts to increase the overall efficiency of the GRC system and to continuously enhance its effectiveness.

The group committee for governance, risk and (GRC Committee) is chaired by the CFO of METRO AG and regularly discusses methods and new developments of the GRC subsystems. The committee also conducts regular reviews of the current risk and opportunity situation. Permanent members include representatives of Corporate Accounting (including Risk Management, Internal Control Finance and Internal Control Operations), Corporate Legal Affairs & Compliance and Group Internal Audit. The committee meetings are also attended by Corporate Controlling & Finance, Corporate Treasury, Group Strategy and Corporate Communications and Public Policy. Experts are invited to attend the events as required.

Risk management

The Management Board of METRO AG assumes overall responsibility for the effectiveness of the risk management system as part of the GRC system. The group companies are responsible for identifying, assessing and managing financial risks. Key elements of internal monitoring include effectiveness checks in the form of self-assessments by the management teams as well as internal audits.

The Supervisory Board of METRO AG also oversees the effectiveness of risk management. In compliance with the provisions of the German , the external auditor subjects the company’s risk warning system as part of the risk management system to a periodic . The results of this audit are presented to the Management Board and Supervisory Board.

Our Corporate Risk Management unit is responsible for managing and developing our risk management system. This unit is part of the Group Governance department of METRO AG. It determines the company’s risk management approaches, methods and standards in consultation with the GRC Committee. The Corporate Risk Management unit coordinates the underlying process, ensures information is shared within the company and supports the further development of risk management across all group companies and central business units.

In this context, the GRC Committee keeps the Management Board of METRO AG continuously updated on the essential developments concerning risk management.

The risk management system is organised as a closed-loop system to ensure the design’s effectiveness with respect to the defined risk management rules. This also allows us to guarantee effective implementation and continuous improvement of the system based on results and experiences.

Opportunity management

The systematic identification and communication of opportunities is an integral part of the management and controlling system of METRO. Opportunities include internal or external events and developments that can have a beneficial impact on our business development. In principle, we strive to balance opportunities and risks.

We conduct macroeconomic analyses, study relevant trends and evaluate market, competition and locality analyses. We also analyse the critical success factors of our business models and the relevant cost drivers of our company. The Management Board of METRO AG specifies the derived market and business opportunities as well as efficiency enhancement potential in the context of strategic as well as short-term and medium-term planning. It does so by seeking to engage in a regular dialogue with the management of the group companies and units at the central holding company. As a company, we focus primarily on business approaches driven by the market and by customers. We continuously review the various elements of our sustainable long-term growth strategy.

Reporting

Group reporting is the central element of our internal risk and opportunity communications. It is complemented by the risk and opportunity management reporting. The objective is to allow for a structured and continuous monitoring of risks and opportunities, which is documented in accordance with legal and regulatory stipulations.

We ascertain our group’s risk inventory on an annual basis by systematically mapping and assessing all significant group-wide risks based on quantitative and qualitative indicators and uniform criteria relating to the loss potential and the probability of occurrence. The results of the risk inventory and the risk portfolio are updated on a regular basis.

The topically responsible risk coordinators, for example those responsible for procurement, sales or administrative functions, validate the results reported by the group companies and central business units. In a second step, they summarise these results in a functional risk profile accompanied by a detailed description of significant individual risks. Important issues are then validated in direct consultation with the GRC Committee and specific action for an improved spreading of risks is developed.

In addition, we consider the results of the analyses concerning strengths, weaknesses, opportunities and threats carried out as part of the strategic planning process. We also consider analyses of the reports compiled by us as part of our medium-term planning and projections. Furthermore, we examine relevant results from the internal control system, the compliance management system, the issues management system, the opportunity management system and internal auditing.

Risk management as a closed loop system

Risk management as a closed loop system (graphic)

The overarching risk and opportunity portfolio at METRO that emerges from these findings enables us to gain a very good overall understanding of the company’s risk and opportunity situation. The so-called GRC report describes the current situation and includes recommendations for risk management and measures to improve the effectiveness of the GRC subsystems.

The Management Board regularly informs the Supervisory Board and the Audit Committee about issues relating to the management of risks and opportunities. Once a year, the Supervisory Board is furnished with a comprehensive written report on the organisation and direction of our risk and opportunity management as well as the current risk and opportunity situation.

When preparing the half-year financial report, we regularly review and update the overarching risk and opportunity portfolio compiled in the .

We also use an emergency notification system in the case of unexpected serious risks arising for our asset, financial and earnings position. In this case, the Management Board of METRO AG directly and promptly receives the necessary information.

Sales line
Part of a retail company that operates stores or markets with a specific sales concept.
Glossary
Governance
Principles governing the management and supervision of the different players who have an influence on a company.
Glossary
Compliance
All measures specifying a company’s and its employees’ behaviour in accordance with legislation, established social guidelines and values.
Glossary
Audit
A procedure that assesses an organisation’s processes and structures according to previously formulated standards and guidelines. Audits shed light on the effectiveness of process optimisation measures. If an audit is conducted by an external auditor, the certificate issued after the review can be used as evidence of adherence to standards
Glossary
Governance
Principles governing the management and supervision of the different players who have an influence on a company.
Glossary
Compliance
All measures specifying a company’s and its employees’ behaviour in accordance with legislation, established social guidelines and values.
Glossary
Corporate Sector Supervision and Transparency Act (KonTraG)
The Corporate Sector Supervision and Transparency Act entered into force in May 1998. Its aim is to create organisational structures in companies that allow for sufficient controls and transparency. At the same time, it intends to create the necessary conditions for ensuring that developments which might pose a threat to the company’s continued existence can be identified at an early stage. The Management Board is required by KonTraG to implement adequate risk management and an internal audit function that is appropriate for the company’s size and organisational structure.
Glossary
Audit
A procedure that assesses an organisation’s processes and structures according to previously formulated standards and guidelines. Audits shed light on the effectiveness of process optimisation measures. If an audit is conducted by an external auditor, the certificate issued after the review can be used as evidence of adherence to standards
Glossary
Previous year
Period of 12 months, usually cited as reference for statements in the annual report.
Glossary