Opportunity and risk management system

In a dynamic market environment, the early identification and systematic exploitation of opportunities is our entrepreneurial task. This is an essential prerequisite for our company’s long-term success. We define opportunities as possible achievements that extend beyond the defined objectives and can thus facilitate and drive our business development. However, our company is also exposed to risks that can impede the realisation of our short-term and medium-term objectives as well as the implementation of long-term strategies. We define risks as any potential future negative deviations from corporate objectives that may result from internal or external events. We consider opportunities and risks as inextricably linked. Risks can arise from missed or underutilised opportunities. In some cases, we must also consciously take manageable risks to be able to exploit opportunities in a targeted manner. Conversely, exploiting opportunities in dynamic growth markets or in new business areas always entails risks.

In this sense, we see our opportunity and risk management as an instrument for achieving our corporate goals. A systematic process that encompasses the entire group helps the company’s management to identify, classify and control opportunities and risks early on. Opportunity and risk management thus form a single unit. Our risk management identifies developments and events that could potentially prevent us from reaching our business targets at an early stage and makes it possible to analyse their implications. This allows us to put the necessary countermeasures into place in a timely manner. At the same time, this forecasting process enables us to assess and seize opportunities.

Centralised management and efficient organisation

Group-wide opportunity and risk management tasks and responsibilities are clearly defined and reflect our corporate structure. We combine centralised business management by the management holding company METRO AG with the decentralised responsibility of the sales companies for the operating business and the service companies that support the operating business.

It is the responsibility and a legal obligation of the Management Board of METRO AG to organise a management system for METRO. We regard the risk management system, the internal control system, the management system as well as internal auditing to be components of the governance, risk and compliance system (GRC system). This organisational structure is based on the governance elements identified in § 107 Section 3 of the German Stock Corporation Act (AktG) as well as the German Corporate Governance Code. The fundamental principles of the GRC system are defined and documented in our governance, risk and compliance guideline. Structures and processes are made transparent and the subsystems are harmonised in terms of their organisational processes. On this basis, we work on increasing the efficiency and effectiveness of the GRC system.

The group’s Governance, Risk and Compliance Committee (GRCC) is chaired by the Chief Financial Officer of METRO AG and regularly discusses methods and new developments of the GRC subsystems. The committee also conducts regular reviews of the current opportunity and risk situation. Permanent members include representatives of Corporate Accounting (including Risk Management, Internal Control Finance and Internal Control Operations), Corporate Controlling & Finance, Corporate Treasury, Corporate Legal Affairs & Compliance, Corporate Public Policy, Group Strategy, METRO Insurance Broker and Group Internal Audit. In addition, representatives of the Investor Relations and Corporate Communications divisions participate in selected meetings. Experts are included as needed.

Opportunity management

Systematically identifying and communicating opportunities is an integral part of METRO’s corporate management.

We conduct macroeconomic analyses, study relevant trends and evaluate market, competition and locality analyses. We also analyse the critical success factors of our business models and the relevant cost drivers of our company. The Management Board of METRO AG specifies the derived market and business opportunities as well as efficiency enhancement potential in the context of strategic as well as short-term and medium-term planning. It does so by engaging in a regular dialogue with the management of the group companies and units at the central holding company. As a company, we pursue market- and customer-driven business approaches in this process and continually review our strategy to ensure long-term sustainable growth.

Risk management

The Management Board of METRO AG assumes overall responsibility for the effectiveness of the risk management system as part of the GRC system. The group companies are responsible for identifying, assessing and managing risks. Our Corporate Risk Management unit is responsible for managing and developing our risk management system. This unit is part of the Group Governance department of METRO AG. It determines the company’s risk management approaches, methods and standards in consultation with the GRCC. The Corporate Risk Management unit coordinates the underlying process, ensures information is shared within the company and supports the further development of risk management across all group companies and central business units. In this context, the GRCC keeps the Management Board of METRO AG continuously updated on the essential developments concerning risk management.

The risk management system is organised as a closed-loop system to ensure the design’s effectiveness with respect to the defined risk management rules. This also allows us to guarantee effective implementation and continuous improvement of the system based on results and experiences. The internal control system supports the group companies in fulfilling their responsibility to manage process risks.

Key elements of internal monitoring include effectiveness checks in the form of internal audits as well as self-assessments by the management teams.

The Supervisory Board of METRO AG also oversees the effectiveness of the group’s risk management. In compliance with the provisions of the German Corporate Sector Supervision and Transparency Act (KonTraG), the external auditor subjects the company’s early warning system as part of the risk management system to a periodic . The results of this audit are presented to the Management Board and Supervisory Board.

Reporting

The objective of opportunity and risk communication is to deal with opportunities and risks in a structured and continuous manner in accordance with legal and regulatory requirements.

Once a year we perform an IT-supported risk inventory, by systematically mapping, describing and assessing all significant group-wide risks based on quantitative and qualitative indicators and uniform criteria relating to the loss potential and the probability of occurrence. The results of the risk inventory and the risk portfolio derived from it are updated on a regular basis.

In financial year 2018/19, the risk inventory was carried out by means of a uniform risk catalogue. It significantly improved the comparability and thus the validation of risks.

The risk coordinators functionally responsible for particular operational areas, for example Procurement, Supply Chain Management, Quality Assurance (QA) or administrative functions, validate the results reported by the group companies and central business units at group level and summarise them in a functional risk profile. The bottom-up view of the companies is supplemented by the top-down view of the departments. Information such as medium-term planning by the Corporate Controlling department or analyses of the strengths, weaknesses, opportunities and threats (SWOT analysis) of the Global Strategy department are included. Key issues are subsequently validated by the GRC Committee to derive specific action measures.

We also consider the results of the internal control system, the compliance management system, the Internal Audit unit as well as the issues management system. The Corporate Public Policy department’s Issues Management system continuously monitors and identifies topics of special interest and media issues of relevance to the group. This enables us to address the public debate with swift, clear and uniform statements. The group’s issues management and risk management systems are closely interconnected.

Risk management as a closed-loop system

The opportunity and risk portfolio for METRO, which is ultimately derived from all findings, enables us to take an overall look at the opportunity and risk situation of our Company. The GRC report includes:

  • the assessment of the management of METRO AG regarding the effectiveness of the governance management subsystems,
  • the opportunity and risk profile of METRO, and
  • Recommendations on risk management measures and the optimisation of the governance approach.

The Management Board regularly informs the Supervisory Board and the Audit Committee about issues relating to the management of opportunities and risks. Twice a year, the Supervisory Board is provided with a written report on the organisation and direction of our opportunity and risk management as well as the current opportunity and risk situation.

We use an emergency notification system in the case of unexpected serious risks arising for our asset, financial and earnings position. The Management Board of METRO AG will in this case be provided with the necessary information directly and without delay.

Governance
Statutory and factual regulatory framework for the management and supervision of a company.
Glossary
Compliance
All measures specifying a company’s and its employees’ behaviour in accordance with legislation, established social guidelines and values.
Glossary
Auditing
Also audit. A procedure that assesses an organisation’s processes and structures according to previously formulated standards and guidelines. Audits shed light on the effectiveness of process optimisation measures. If an audit is conducted by an external auditor, the certificate issued after the review can be used as evidence of adherence to standards.
Glossary