The following risk management-related information is part of the extensive Dürr Group risk management report in our Annual Report 2021. Details can be accessed in the → risk management report.
Our strategy is to manage the risks associated with our entrepreneurial actions so as to achieve a balanced ratio to the opportunities. To this end, we make use of an effective risk management system.
Our risk management system is deployed throughout the Group. It has existed in its fundamental structure since 2008, and is continually adapted to new requirements. Since 2021, our risk management system has taken account of material aspects and requirements of the IDW Audit Standard 340 in its new version (revised IDW PS 340).
Our risk management system is designed to meet the needs of the mechanical and plant engineering business. It allows for a systematic, consistent risk recording, analysis and – to the extent possible – assessment, and for effective countermeasures to be initiated at an early stage. We document all specific risks, provided that they are identifiable and sufficiently concrete. Non-quantifiable strategic risks as well as general risks with a low probability of occurring are not taken into account, unless they are risks with very high damage potential (referred to as extreme risks). We also document and evaluate our opportunities; the relevant information is contained in the “Opportunities” page 104 chapter of the Annual Report 2021.
The risk management system covers all essential business and decision-making processes. We maintain open dealings with risks and encourage employees to report any misdirected developments at an early stage. The risk management process takes account of all risks of the participating companies. The central risk management team at Dürr AG initiates the nine-stage process every six months. The centerpiece of this standard risk cycle is the risk inventory of the Group’s companies. In the risk inventory, individual risks are identified, assessed and consolidated, i.e. classified into 16 specific risk fields (chart 2.70). The risk fields cover management, core and supporting processes as well as external risk areas. In comparison to the previous year, the new risk field “Corporate/Information Security” was added to the previously existing 15 risk fields due to the growing importance of these topics. At the same time, a corporate security team was established within the Corporate Management System Assurance department. Risks within this field already contained in other risk fields in the past were reclassified.
The risk managers of the operating units and Dürr AG are responsible for assessing individual risks. They use the risk management manual as well as risk structure spreadsheets to do so. The assessment process consists of three stages: First of all, the damage potential is calculated, i.e. the maximum impact on EBIT, or equity respectively, that can result from a risk in the following 24 months. Next, we assess the probability of occurrence of a specific risk. In a third step, the effectiveness of possible countermeasures is examined and assessed using a risk-reducing factor.
The bottom line is the net risk potential, i.e. the net equity risk that remains after taking the probability of occurrence and the effectiveness of countermeasures into account. The lower the probability of occurrence and the higher the effectiveness of countermeasures, the more sharply the net risk declines. The net risks of the 16 risk fields correspond to the sum total of net risks of all individual risks assigned. Depending on the extent of the net risk, each risk field is assigned to one of the four following categories:
- Very low (≤ €5 million)
- Low (> €5 million to ≤ €20 million)
- Medium (> €20 million to ≤ €40 million)
- High (> €40 million)
The net risks of all 16 risk fields are totaled to produce the Group’s entire potential risk exposure (aggregate net equity risk). Interdependencies between material individual risks as well as between net risks of the 16 risk fields are analyzed and included in the overall risk potential. The overall risk potential is subsequently compared to the risk-bearing capacity. The risk-bearing capacity is based on the liquidity expected for the following two years. If the overall risk potential exceeds a certain threshold, the Board of Management is informed in order to initiate risk-reducing measures without delay. Should the overall risk potential exceed the risk-bearing capacity, the Company’s continued existence is assumed to be in danger.
The Group companies and divisions prepare their risk reports after the risk inventory has been completed. These reports constitute the basis for the Group Risk Report of Dürr AG, containing information on individual risks and overall risk. Following an analysis by the Board of Management and the Dürr Management Board, the Group Risk Report is forwarded to the Supervisory Board and then discussed at length by the Audit Committee. Next, the Audit Committee Chairman reports to the Supervisory Board.
Acute risks are reported without delay to the Board of Management and the Heads of the relevant divisions. The risk managers of the Group, divisions and Group companies are responsible for the process of identifying, assessing, managing and monitoring risks as well as for reporting; in most cases, these are the CFOs of the Group companies or the Heads of the controlling departments. The Internal Audit department is also involved and verifies compliance with the defined processes on a regular basis.
The overall risk potential at the end of 2021 amounted to approximately €438 million, equivalent to a decrease of approximately €11 million, or approximately 2% year-on-year. The risks in connection with the coronavirus pandemic declined considerably compared to the previous year. In contrast, there were higher risks due to supply bottlenecks and price hikes in procurement, as well as increased IT security risks due to a general rise in ransomware attacks. In addition, there is a risk of the earnings effects of our increasing investments in process improvements turning out lower than assumed. In absolute terms, “Finance/controlling”, “Economic environment/capital market and “Taxes/legislation/compliance” were the main risk fields, followed by the “Procurement” and “Market” fields.
The net risk potentials of 262 individual risks assessed were included in the overall risk potential, i.e. one more than in the previous year. The overall risk potential reflects the challenging framework conditions of our business during a time in which numerous companies have adjusted better to the conditions of the pandemic but with a surge in economic growth still being impeded by supply bottlenecks. As the overall risk potential only accounts for about one third of risk-bearing capacity, we do not consider its level alarming but still controllable, as in the past. Risks that might endanger the Group’s ability to continue as a going concern, whether separately or in combination with other risks, are not discernible from today’s perspective.
|Risk field||Net risk 2021|
|Economic environment / capital market||x|
|Sales / bid phase||x|
|Project execution / engineering||x|
|Taxes / legislation / compliance||x|
|Research & development||x|
|Corporate / information security||x|
|Society / environment||x|
|Finance / controlling||x|
|1 (≤ €5 million)|
2 (> €5 million to ≤ €20 million)
3 (> €20 million to ≤ €40 million)
4 (> €40 million)
Please find all information regarding our risk management in the → risk management report in our Annual Report 2021.
Under UK tax law, we are obliged to publish our tax risk strategy. Further details can be found HERE (only available in English).