Group risk management
Risk management is a fundamental element of the Group’s business practice on all levels and is embedded into the business planning and controlling processes of the Group. Material risks are monitored and regularly discussed within the Risk and Compliance Committee and the Audit Committee of the Board of Directors.
The Risk and Compliance Committee headed by the CEO and having the CFO, the Chief Compliance Officer, the Head of Internal Audit, and the Group General Counsel as members, monitors the risk profile of the Group and the development of essential internal controls to mitigate these risks.
A risk is defined as the possibility of an adverse event which has a negative impact on the achievement of the Group’s objectives.
The Group carries out an annual risk assessment and in conformity with the Swiss Code of Best Practice for Corporate Governance, the Group’s risk management system covers both financial and operational risks.
Risk management as an integral part of the Internal Control System (ICS) for financial reporting
Risk management is incorporated within the ICS. Preventive, risk-mitigating measures to control risks are proactively taken at different levels and are an integral part of management responsibility.
Risk assessment in 2018
An independent risk assessment procedure is implemented for operational risks review. The Regional Management is interviewed in order to assess the risks for each country in their respective region. In addition, each Management Board member assesses the overall strategic risk exposure of the Group. Within the framework of the Corporate Governance process, the updated risk assessment is presented to the Audit Committee of the Board of Directors.
Financial risks analysis and assessment are carried out by the finance and accounting department.
The following risk areas have been identified amongst others for which mitigating actions have been implemented:
- Financial risks such as development of interest rates, credit and financial markets and currency risks are constantly monitored and controlled by the corporate finance and accounting department.
- Risks of unstable macroeconomic developments as well as the uncertainties in the financial markets. These risks are mitigated by appropriate risk diversification and avoidance of regional and industry clustering.
- Risks related to IT network availability, IT data and security are managed by the permanent monitoring of systems, redundant infrastructure as well as interlinked data centers with back-up structures and business continuity plans.
- The increase of regulations, growing complexity and customer expectations have led to rising security requirements and risks; such risks and requirements are considered in the planning of supply chain solutions and worldwide operation.
- Organised crime, terrorism, legal and non-compliance risks such as fraud, intentional and unintentional violations of the law and internal regulations are counteracted by comprehensive and worldwide staff training and a network of compliance officers at regional and national levels.
Organisation of risk management
A continuous dialogue between the Management Board, Risk and Compliance Committee and Audit Committee ensures the Group’s effective risk management. The risk management system is governed by the Risk Assessment Guideline defining risk groups and subgroups, the structure and the process of risk assessments. The risk catalogue is reviewed regularly and critical analysis ensures a continuous development of the risk management system.
Summarised assessment of the risk situation
In 2018, no significant risks were identified that would have the potential to substantially negatively impact the Group and its future development.
The most material risks remain the uncertainty of the global economic development, the geopolitical instability, volatile currency fluctuations and the financial markets, thus all of those factors being in focus of the management.