We use cookies and similar technologies on this website ("Cookies"). In order to allow their use to analyze website usage and to enhance functionality, please click on “Accept”. To change the settings and select which specific Cookies we are allowed to use, or to obtain more detailed information, please click on “Details”.




Below, you can activate/deactivate the individual technologies that are used on this website.
Consent to all

These Cookies make a website usable by providing basic functions such as page navigation, language settings, and access to protected areas. As the website is unable to function properly without them, you cannot opt out of this kind of Cookies.


These Cookies help us to improve the functionality and attractiveness of our websites, and your user experience by saving, for example, your settings, and selections as well as filters, and to recognize your device on subsequent visits.


These Cookies allow us, and the service providers (e.g. Google via the Google Analytics service) to collect and analyze information and statistics about your interaction with our website. This helps to optimize our website using the findings obtained.

Risk Management / Compliance

Objectives of the risk management system

Our risk management system aims, first and foremost, to record, analyze and evaluate risks systematically and in a uniform process throughout the Group. In doing so, we benefit from a high level of risk transparency, on the basis of which we can select and implement effective countermeasures. We document all specific risks of our business to the extent that these are identifiable and specific to an adequate degree. General risks that cannot be assessed concerning their probability of occurrence are not taken into account in quantitative terms. These include natural disasters, for instance.

Risk management system: methods and processes

The Dürr risk management system is geared to the specific features of our business model. It was introduced in its present form in 2008 and has since been continually adjusted to meet new requirements. In 2019 it essentially remained unchanged. The companies Megtec and Universal, acquired in early October 2018, were included in the Dürr Group’s risk management system in 2019. In tandem with the entrenchment of the system within the operating business and decision-making processes, we have also intensified the risk awareness of our employees and management bodies – through communication and by dealing openly with risks.

Risk Field Net Risk 2019
very low1 low2 medium3 high4
Economic environment/capital market x
Sales / bid phase x
Project execution / engineering x
Taxes, legislation, compliance x
Market x
Research & development x
Competition x
Procurement x
Human resources x
IT x
Manufacturing x
Society / environment x
After-sales phase x
Finance / controlling x
Management process x
1 (≤ € 5 million)
2 (> € 5 million to ≤  20 million)
3 (> € 20 million to ≤  40 million)
4 (> € 40 million)

Risk management process

The central risk management team at Dürr AG initiates the nine-stage process every six months. The risk inventory conducted by the operating units constitutes a key element of this standard risk cycle. In the process, individual risks are identified, evaluated and consolidated, i.e. classified into 15 specific risk fields. The risk fields cover all management, core and support processes as well as external risk areas. The evaluation of individual risks is the task of the risk managers of the operating units and of Dürr AG; guidance is provided by the risk management manual as well as risk structure spreadsheets.

The evaluation process consists of three steps: first of all, the potential damage or loss is calculated, i.e. the maximum effect a risk can have on Group EBIT within the next 24 months. Next, we assess the likelihood of specific risk scenarios turning into reality. In a third step, the effectiveness of possible countermeasures is examined and evaluated with a risk-reducing factor.

The bottom line is the net risk potential, i.e. the net EBIT risk that remains after taking account of the probability of occurrence and the effectiveness of the countermeasures. The lower the probability of occurrence and the higher the effectiveness of the countermeasures, the more the net EBIT risk is reduced.

The net risks of the risk fields are totaled to produce the Group’s entire potential risk exposure. Portfolio and correlation effects are not taken into account in this regard.


Overall risk situation

In accordance with the valuation standards described above, the Group’s overall risk potential came to approx. € 285 million at the end of 2019 (2018: € 210 million). The overall risk potential has increased due to the first time inclusion of the Megtec/Universal group and due to the first time inclusion of  compliance risks, which were previously classified as strategic risks and had therefore not been evaluated. Moreover, risks in the “Economic environment/capital market” field rose sharply. In light of the volume of business and the general economic situation, we consider the overall risk potential appropriate. We classify our overall risk situation as easily manageable at present. No risks are currently discernible that might endanger the Group’s continued existence as a going concern, either separately or by interaction with other risks.

Tax Risk Strategy of the Dürr Group

Under UK tax law, we are obliged to publish our tax risk strategy. Further details can be found HERE (only available in English).

Compliance management system (CMS)

The compliance management system comprises all activities at the Dürr Group with the aim to ensure that all conduct in daily business conforms to the rules and high ethical standards. The CMS governs responsibilities, communication channels and measures in three key areas of activity that are closely interconnected: prevention, early detection and response.

The CMS thus supports employees in identifying and preventing compliance breaches and the associated liability risks and penalties.


One of the key contributions toward preventing compliance breaches consists of trainings like e-learning programs, face-to-face trainings and induction events for new employees as well as a range of further information available on the intranet. These training measures support employees in detecting and preventing compliance breaches, and they form an integral part of our CMS. Added to that are written guidelines and organizational instructions that set out internal rules, such as separation of functions, approval procedures and signature rules or dual control ('four-eyes principle').

Early detection

The early detection of risks is a key factor in preventing compliance breaches. A regular process takes place at Group level, whereby Dürr-specific compliance risks are systematically identified, analyzed and updated.

Crucial elements in detecting risks of compliance breaches at an early stage are the annual risk inventory carried out by the Corporate Compliance Board, based on information provided by the local compliance managers, as well as the 6-monthly compliance risk reporting by the Corporate Compliance Officer. Another key factor in the early detection of compliance risks is the Compliance Help Desk, which can be contacted to report potential breaches and risks for Dürr.


If a breach is identified, the relevant Dürr company or functional area is obliged to report the incident immediately using the defined communication channels. Following analysis by the Corporate Compliance Officer, such counter-measures as training, organizational instructions and internal controls are implemented to prevent such compliance breaches in the future.

Organizational structure of compliance management:

  • The Dürr Group's Corporate Compliance Board deals with any issues relating to compliance. It is composed of the CFOs of the divisions and the heads of some of the Group's central functional areas.
  • The Corporate Compliance Officer works at central Group level. He/she handles reports on potential compliance breaches and investigates them. Also among his/her remit is the worldwide compliance training program.
  • Each Dürr company has a local Compliance Manager, who is responsible for local tasks as part of the CMS.

Reporting compliance violations / Helpdesk

To do justice to the trust and confidence placed in Dürr by customers, suppliers, associates, shareholders and employees as well as other stakeholders of the company, absolutely top priority is assigned to the integrity and transparency of our business workflows. To this end, we need to be notified of any compliance violations, particularly in cases of violations of applicable norms under criminal law as well as our Code of Conduct Guidelines.

If you wish, you may also submit any information you may have anonymously. In response to your request, our Compliance Officer will follow up your report anonymously; your data will not be used.

Fabian Mock
Compliance Officer
Dürr Aktiengesellschaft
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen