Risk and opportunity management system

In a dynamic market environment, the early identification and systematic exploitation of opportunities is a fundamental entrepreneurial task. This is an essential prerequisite for our company’s long-term success. We are continuously exposed to risks that can impede the realisation of our short-term and medium-term objectives as well as the implementation of long-term strategies. In some cases, we must consciously take manageable risks to be able to exploit opportunities in a targeted manner. We define risks as internal or external events resulting from uncertainty over future developments that can negatively impact the realisation of our corporate objectives. We define opportunities as possible achievements that extend beyond the defined objectives and can thus facilitate and drive our business development. We consider risks and opportunities as inextricably linked. Risks can, for example, emerge from missed or poorly exploited opportunities. Conversely, exploiting opportunities in dynamic growth markets or in new business areas always entails risks.

With this in mind, we understand our company’s risk and opportunity management system as a tool that helps us to achieve our corporate goals. It is a systematic process that encompasses the entire group. It helps the company’s management to identify, classify and control risks and opportunities. As such, risk and opportunity management form a unity. Our risk management identifies developments and events that could potentially prevent us from reaching our business targets at an early stage and analyses their implications. This allows us to put the necessary countermeasures into place in a timely manner. At the same time, this forecasting process allows us to systematically exploit emerging opportunities.

Centralised management and efficient organisation

Group-wide risk and opportunity management tasks and responsibilities are clearly defined and reflect our corporate structure. We combine centralised business management by the management holding company METRO AG with the decentralised operating responsibility of the individual .

It is the responsibility and a legal obligation of the Management Board of METRO AG to organise a system for METRO. We regard the risk management system, the internal control system, the management system as well as internal to be components of the governance, risk and compliance system (GRC system). This organisational structure is based on the governance elements identified in § 107 Section 3 of the German Stock Corporation Act (AktG) as well as the German Corporate Code. The fundamental principles of the GRC system are defined and documented in our governance, risk and compliance guideline. This guideline is intended to render structures and processes more transparent and to harmonise the procedural-organisational framework for the subsystems. This is the foundation for our efforts to increase the overall efficiency of the GRC system and to continuously enhance its effectiveness.

The group’s Governance, Risk, and Committee (GRCC Committee) is chaired by the Chief Financial Officer of METRO AG and regularly discusses methods and new developments of the GRC subsystems. The committee also conducts regular reviews of the current risk and opportunity situation. Permanent members include representatives of Corporate Accounting (including Risk Management and Internal Control Finance and Internal Control Operations), Corporate Legal Affairs & Compliance and Group Internal Audit. The committee meetings are also attended by Corporate Controlling & Finance, Corporate Treasury, Group Strategy and Corporate Public Policy. Experts are invited to attend the events as required.

Risk management

The Management Board of METRO AG assumes overall responsibility for the effectiveness of the risk management system as part of the GRC system. The group companies are responsible for identifying, assessing and managing risks. Key elements of internal monitoring include effectiveness checks in the form of self-assessments by the management teams as well as internal audits.

The Supervisory Board of METRO AG also oversees the effectiveness of the risk management. In compliance with the provisions of the German Corporate Sector Supervision and Transparency Act (KonTraG), the external auditor subjects the company’s early risk warning system as part of the risk management system to a periodic . The results of this audit are presented to the Management Board and Supervisory Board.

Our Corporate Risk Management unit is responsible for managing and developing our risk management system. This unit is part of the Group Governance department within Corporate Accounting at METRO AG. It determines the company’s risk management approaches, methods and standards in consultation with the GRCC Committee. The Corporate Risk Management unit coordinates the underlying process, ensures information is shared within the company and supports the further development of risk management across all group companies and central business units. In this context, the GRCC Committee keeps the Management Board of METRO AG continuously updated on the essential developments concerning risk management.

The risk management system is organised as a closed-loop system to ensure the design’s effectiveness with respect to the defined risk management rules. This also allows us to guarantee effective implementation and continuous improvement of the system based on results and experiences.

Opportunity management

The systematic identification and communication of opportunities is an integral part of the management and controlling system of METRO.

We conduct macroeconomic analyses, study relevant trends and evaluate market, competition and locality analyses. We also analyse the critical success factors of our business models and the relevant cost drivers of our company. The Management Board of METRO AG specifies the derived market and business opportunities as well as efficiency enhancement potential in the context of strategic as well as short-term and medium-term planning. It does so by seeking to engage in a regular dialogue with the management of the group companies and units at the central holding company. As a company, we focus primarily on business approaches driven by the market and by customers. We continuously review the various elements of our sustainable long-term growth strategy.

Reporting

Group reporting is the central element of our internal risk and opportunity communications. It is complemented by the risk and opportunity management system reporting. The objective is to allow for a structured and continuous monitoring of risks and opportunities which is documented in accordance with legal and regulatory stipulations.

We ascertain our risk inventory on an annual basis by systematically mapping and assessing all significant group-wide risks based on quantitative and qualitative indicators and uniform criteria relating to the loss potential and the probability of occurrence. The results of the risk inventory and the risk portfolio are updated on a regular basis.

In financial year 2017/18, the risk inventory was supported with by an IT solution. This led to a signi- ficant increase in efficiency and quality.

The topically responsible risk coordinators, for example those responsible for procurement, sales or administrative functions, validate the results reported by the group companies and central business units. In a second step, they summarise these results in a functional risk profile accompanied by a detailed description of significant individual risks. Important issues are then validated in direct consultation with the GRC Committee and specific action for an improved management of the risks is derived.

In addition, we consider the results of the analyses concerning strengths, weaknesses, opportunities and threats carried out as part of the strategic planning process. We also consider analyses of the reports compiled by us as part of our medium-term planning and projections. Furthermore, we examine relevant results from the internal control system, the compliance management system, the issues management system, the opportunity management system and internal auditing.

Risk management as a closed-loop system

Risk managment as a closed-loop-system (graphic)

The overarching risk and opportunity portfolio at METRO that emerges from these findings enables us to gain a very good overall understanding of the company’s risk and opportunity situation. The so-called GRC report describes the current situation and includes recommendations for risk management and measures to improve the effectiveness of the GRC subsystems.

The Management Board regularly informs the Supervisory Board and the Audit Committee about issues relating to the management of risks and opportunities. Twice a year, the Supervisory Board is furnished with a written report on the organisation and direction of our risk and opportunity management as well as the current risk and opportunity situation.

When preparing the half-year financial report, we regularly review and update the overarching risk and opportunity portfolio compiled in the .

We also use an emergency notification system in the case of unexpected serious risks arising for our asset, financial and earnings position. The Management Board of METRO AG will in this case be provided with the necessary information directly and without delay.

Sales line
Part of a retail company that operates outlets or stores with a specific merchandising concept.
Glossary
Governance
Statutory and factual regulatory framework for the management and supervision of a company.
Glossary
Compliance
All measures specifying a company’s and its employees’ behaviour in accordance with legislation, established social guidelines and values.
Glossary
Audit
A procedure that assesses an organisation’s processes and structures according to previously formulated standards and guidelines. Audits shed light on the effectiveness of process optimisation measures. If an audit is conducted by an external auditor, the certificate issued after the review can be used as evidence of adherence to standards.
Glossary
Governance
Statutory and factual regulatory framework for the management and supervision of a company.
Glossary
Compliance
All measures specifying a company’s and its employees’ behaviour in accordance with legislation, established social guidelines and values.
Glossary
Audit
A procedure that assesses an organisation’s processes and structures according to previously formulated standards and guidelines. Audits shed light on the effectiveness of process optimisation measures. If an audit is conducted by an external auditor, the certificate issued after the review can be used as evidence of adherence to standards.
Glossary
Previous year
Period of 12 months, usually cited as reference for statements in an annual report.
Glossary