Annual Report 2015

Risk management and internal control system

(Section 289 (5) of German Commercial Code, Section 315 (2) No. 5 of German Commercial Code)

With its worldwide activities the technotrans Group is, through its business processes, exposed to a wide range of risks that are part and parcel of any entrepreneurial activity. In order to seize specific opportunities, it is necessary to take assessable and manageable risks in a deliberate and controlled manner. Within a systematic and efficient risk management system, principles of risk policy are drawn up and current developments regularly logged, analysed, evaluated and – if necessary – appropriate countermeasures taken. The risk management system helps to safeguard the group permanently as a going concern by identifying as early as possible all risks that could materially impair the net worth, financial position and financial performance of the group. The internal control system (ICS), which constitutes an integral part of the risk management system, is described in summary form below.

The group-wide risk management system observes the following risk principles, among others:

  • The overriding risk principle at technotrans is to protect the company as a going concern. No action or decision may endanger the company as a going concern.
  • Any risks to the company as a going concern must be communicated to the Board of Management without delay.
  • Necessary risks are consciously accepted to a certain extent in return for economic success. Risks to income must carry the prospect of an appropriate opportunity of a return.
  • Risks are to be avoided as far as possible or, insofar as economically advisable, insured against, continually monitored and brought to the attention of the Board of Management, as well as the Supervisory Board if necessary, in the context of regular risk reporting. In the event of residual risks, countermeasures must be taken.

The risk management system is designed to promote the awareness of opportunities and risks among technotrans employees, and to guard against potential risks. The necessary procedures and rules of communication within individual corporate divisions have been defined and established by the Board of Management. The superior in charge of each area of operations is responsible for compliance with the standards and directives on how to handle risks. Control is exercised through audits by Group Controlling as well as by the Board of Management. The risk management system including the ICS is moreover regularly updated and thus constitutes the basis for the systematic identification, analysis, evaluation, management, documentation and communication of the various risk types and profiles. The same applies to our compliance programme. We do not tolerate any contravention of applicable law and to that end regularly examine the internal set of rules as well as our own compliance organisation, and seek to improve them.

Organisation of the Risk Management System

Organisationally, risk management is integrated into the tasks of Group Controlling and ensures that reports are submitted on a regular basis to the Board of Management and the Supervisory Board, specifically the Audit Committee. This organisational structure also makes it possible to identify tendencies and risks early on with the aid of key performance indicators, and thus ensures that the Group Board of Management can immediately implement suitable measures if there is a negative shift.

The objective of the ICS in respect of the financial reporting process is to guarantee with reasonable assurance, through the implementation of controls, that the (Consolidated) Financial Statements conform to the regulations, notwithstanding the risks identified. The non-central organisation of the ICS for financial reporting features a uniform, centrally defined reporting structure which, based on the local statutory requirements, is in harmony with the group principles. The subsidiaries report periodically to IFRS standards, for group reporting purposes. Newly established or acquired companies are integrated into this reporting process as swiftly as possible. There are no uniform ERP and bookkeeping systems throughout the entire group. The reporting and consolidation processes for all group companies are performed using a uniform IT system that is made available centrally by technotrans AG. To guarantee uniform reporting, there exist corporate guidelines such as financial reporting and consolidation manuals, compliance with which is regularly examined. At intermittent intervals internal checks on the subsidiaries’ financial reporting and compliance audits are carried out in situ. These include in particular IT-based and random examinations and plausibility checks, as well as the separation of functions and the dual control principle. At the end of the financial year the local financial statements are audited before they are released for the Consolidated Financial Statements. All measures taken and the ongoing refinement and adjustment of the ICS help to assure the reliability of financial reporting. Even suitable, functioning systems cannot provide any absolute guarantee that risks will be identified and controlled.

Group-wide, technotrans has a standardised organisation for risk management. Risks within technotrans AG and its subsidiaries are recorded promptly and non-centrally within the regular risk reports (quarterly). These include changes to risks already identified, as well as new developments that could lead to the creation of additional risks. The risks are analysed, evaluated based on their probability and the potential loss involved, and matched up with appropriate measures (net view). Residual risks are evaluated again and further measures are earmarked for them. For example, to avoid defaults every customer is issued with a general or individual credit limit (which possibly takes into account the amount of trade credit insurance cover) and their payment history is monitored. Receivables are regularly analysed to assess what measures are needed in order to close overdue items. The results of these analyses are then discussed with the customer. In the case of customers for standard business, the next stage is to announce the suspension of supplies and then to enforce that suspension until the customer is back below the credit limit. In parallel, external sources are used to assess customers’ creditworthiness on a regular basis and to adjust the credit limits if necessary. This is also practised after supplies have repeatedly been suspended.
Individual discussions or meetings are then held, at which the risks are addressed, discussed and then evaluated on the basis of their probability and potential consequences Those events that cause a percentage deviation in the expected EBIT value in the annual planning for the subsequent year are defined as risks.

The risks are classified qualitatively as “low”, “medium” and “high”. Taking account of the potential impact of a loss and the probability of risks materialising, individual risk potentials are calculated for quantifiable risks. These are then placed in relation to the planned net profit for the period (plan EBIT) to obtain the assessment basis for the risk category (low, medium and high).

technotrans uses this as the basis for classifying its risks for 2016

  • as low if the risk potential of the individual risk is assessed at a value of less than 10 percent of the plan result
  • as medium if the risk potential of the individual risk is assessed at a value of between 10 and 20 percent of the plan result,
  • as high or as a threat to the company as a going concern if the risk potential of the individual risk is assessed at a value of more than 20 percent of the plan result.