Risk and opportunity management system
In a dynamic market environment, the early identification and systematic exploitation of opportunities is a fundamental entrepreneurial task. This is an essential prerequisite for our company’s long-term success. We are continuously exposed to risks that can impede the realisation of our short-term and medium-term objectives as well as the implementation of long-term strategies. In some cases, we must consciously take manageable risks to be able to exploit opportunities in a targeted manner. We define risks as internal or external events resulting from uncertainty over future developments that can negatively impact the realisation of our corporate objectives. We define opportunities as possible achievements that extend beyond the defined objectives and can thus facilitate and drive our business development. We consider risks and opportunities as inextricably linked. Risks can, for example, emerge from missed or poorly exploited opportunities. Conversely, exploiting opportunities in dynamic growth markets or in new business areas always entails risks.
With this in mind, we understand our company’s risk and opportunity management system as a tool that helps us to achieve our corporate goals. It is a systematic process that encompasses the entire group. It helps the company’s management to identify, classify and control risks and opportunities. As such, risk and opportunity management form a unity. Our risk management identifies developments and events that could potentially prevent us from reaching our business targets at an early stage and analyses their implications. This allows us to put the necessary countermeasures into place in a timely manner. At the same time, this forecasting process allows us to systematically exploit emerging opportunities.
Centralised management and efficient organisation
Group-wide risk and opportunity management tasks and responsibilities are clearly defined and reflect our corporate structure. We combine centralised business management by the management holding company METRO AG with the decentralised operating responsibility of the individual sales lines.
It is the responsibility and a legal obligation of the Management Board of METRO AG to organise a governance system for METRO. We regard the risk management system, the internal control system, the compliance management system as well as internal auditing to be components of the governance, risk and compliance system (GRC system). This organisational structure is based on the governance elements identified in § 107 Section 3 of the German Stock Corporation Act (AktG) as well as the German Corporate Governance Code. The fundamental principles of the GRC system are defined and documented in our governance, risk and compliance guideline. This guideline is intended to render structures and processes more transparent and to harmonise the procedural-organisational framework for the subsystems. This is the foundation for our efforts to increase the overall efficiency of the GRC system and to continuously enhance its effectiveness.
The group committee for governance, risk and compliance (GRC Committee) is chaired by the CFO of METRO AG and regularly discusses methods and new developments of the GRC subsystems. The committee also conducts regular reviews of the current risk and opportunity situation. Permanent members include representatives of Corporate Accounting (including Risk Management, Internal Control Finance and Internal Control Operations), Corporate Legal Affairs & Compliance and Group Internal Audit. The committee meetings are also attended by Corporate Controlling & Finance, Corporate Treasury, Group Strategy and Corporate Communications and Public Policy. Experts are invited to attend the events as required.
The Management Board of METRO AG assumes overall responsibility for the effectiveness of the risk management system as part of the GRC system. The group companies are responsible for identifying, assessing and managing financial risks. Key elements of internal monitoring include effectiveness checks in the form of self-assessments by the management teams as well as internal audits.
The Supervisory Board of METRO AG also oversees the effectiveness of risk management. In compliance with the provisions of the German Corporate Sector Supervision and Transparency Act (KonTraG), the external auditor subjects the company’s risk warning system as part of the risk management system to a periodic audit. The results of this audit are presented to the Management Board and Supervisory Board.
Our Corporate Risk Management unit is responsible for managing and developing our risk management system. This unit is part of the Group Governance department of METRO AG. It determines the company’s risk management approaches, methods and standards in consultation with the GRC Committee. The Corporate Risk Management unit coordinates the underlying process, ensures information is shared within the company and supports the further development of risk management across all group companies and central business units.
In this context, the GRC Committee keeps the Management Board of METRO AG continuously updated on the essential developments concerning risk management.
The risk management system is organised as a closed-loop system to ensure the design’s effectiveness with respect to the defined risk management rules. This also allows us to guarantee effective implementation and continuous improvement of the system based on results and experiences.
The systematic identification and communication of opportunities is an integral part of the management and controlling system of METRO. Opportunities include internal or external events and developments that can have a beneficial impact on our business development. In principle, we strive to balance opportunities and risks.
We conduct macroeconomic analyses, study relevant trends and evaluate market, competition and locality analyses. We also analyse the critical success factors of our business models and the relevant cost drivers of our company. The Management Board of METRO AG specifies the derived market and business opportunities as well as efficiency enhancement potential in the context of strategic as well as short-term and medium-term planning. It does so by seeking to engage in a regular dialogue with the management of the group companies and units at the central holding company. As a company, we focus primarily on business approaches driven by the market and by customers. We continuously review the various elements of our sustainable long-term growth strategy.
Group reporting is the central element of our internal risk and opportunity communications. It is complemented by the risk and opportunity management reporting. The objective is to allow for a structured and continuous monitoring of risks and opportunities, which is documented in accordance with legal and regulatory stipulations.
We ascertain our group’s risk inventory on an annual basis by systematically mapping and assessing all significant group-wide risks based on quantitative and qualitative indicators and uniform criteria relating to the loss potential and the probability of occurrence. The results of the risk inventory and the risk portfolio are updated on a regular basis.
The topically responsible risk coordinators, for example those responsible for procurement, sales or administrative functions, validate the results reported by the group companies and central business units. In a second step, they summarise these results in a functional risk profile accompanied by a detailed description of significant individual risks. Important issues are then validated in direct consultation with the GRC Committee and specific action for an improved spreading of risks is developed.
In addition, we consider the results of the analyses concerning strengths, weaknesses, opportunities and threats carried out as part of the strategic planning process. We also consider analyses of the reports compiled by us as part of our medium-term planning and projections. Furthermore, we examine relevant results from the internal control system, the compliance management system, the issues management system, the opportunity management system and internal auditing.
The overarching risk and opportunity portfolio at METRO that emerges from these findings enables us to gain a very good overall understanding of the company’s risk and opportunity situation. The so-called GRC report describes the current situation and includes recommendations for risk management and measures to improve the effectiveness of the GRC subsystems.
The Management Board regularly informs the Supervisory Board and the Audit Committee about issues relating to the management of risks and opportunities. Once a year, the Supervisory Board is furnished with a comprehensive written report on the organisation and direction of our risk and opportunity management as well as the current risk and opportunity situation.
When preparing the half-year financial report, we regularly review and update the overarching risk and opportunity portfolio compiled in the previous year.
We also use an emergency notification system in the case of unexpected serious risks arising for our asset, financial and earnings position. In this case, the Management Board of METRO AG directly and promptly receives the necessary information.