Risk and opportunity management system
The risk management system with regard to material and existence-threatening risks is integrated into the value-based management and planning system of the Daimler Group. It is an integral part of the overall planning, management and reporting process in the legal entities, divisions and corporate functions. The risk management system is intended to systematically and continually identify, assess, control, monitor and report material risks and risks threatening Daimler’s existence, in order to ensure the achievement of corporate targets and to enhance risk awareness at the Group.
The opportunity management system at the Daimler Group is derived from the risk management system. The objective of opportunity management is to recognize the possible opportunities arising in business activities as a result of positive developments at an early stage and to utilize them as optimally as possible for the Group by taking appropriate measures. Taking advantage of opportunities may lead to an overachievement of planned goals. Opportunity management considers those opportunities that are relevant and implementable, but which have not yet been included in any planning.
In the context of operational planning, risks and opportunities – with consideration of appropriate risk and opportunity categories – are identified and assessed generally for a two-year planning period. Furthermore, the discussions for the derivation of mid-term and strategic targets in the context of strategic planning include the identification and assessment of risks and opportunities relating to a longer period. The reporting of risks and opportunities in the Management Report generally relates to a period of one year. Besides the reporting at specific times and with reference to the described periods, risk and opportunity management is established as a continuous task within the Group. In addition to the regular reporting, there is also an internal reporting obligation within the Group for risks with reporting relevance arising unexpectedly. The Group’s central corporate risk management regularly reports the identified risks and opportunities to the Board of Management and the Supervisory Board.
Risk assessment takes place on the basis of the probability of occurrence and the possible impact of the risk according to the levels low, medium and high. These levels also apply to the potential impact of opportunities. An analysis of the probability of occurrence is not conducted here. When assessing the impact of a risk, the effect in relation to EBIT is basically considered.
At the Daimler Group, risks below €500 million are categorized as low, between €500 million and €1 billion as medium and above €1 billion as high. Risk management is based on the principle of completeness. This means that at the level of the individual entities, all concrete risks enter the risk management process. General uncertainties without any clear indication of a possible effect on earnings are monitored by the internal control system (ICS). The assessment of the dimensions probability of occurrence and possible impact is based on the levels shown in table B.58 and is conducted before measures are implemented.
B.58 Assessment of probability of occurrence and possible impact
|Level||Probability of occurrence|
|Low||0 % <||Probability of occurrence||≤ 33 %|
|Medium||33 % <||Probability of occurrence||≤ 66 %|
|High||66 % <||Probability of occurrence||< 100 %|
|Low||€0 <||Impact||< €500 million|
|Medium||€500 million ≤||Impact||< €1 billion|
|High||Impact||≥ €1 billion|
The quantification of each risk and opportunity category in the Management Report summarizes the individual risks and opportunities for each category. If the impact of an individual risk exceeds the amount of €2 billion, this risk is described separately in the Management Report. If not otherwise presented, even in the case of simultaneous occurrence of all individual risks in a risk category, the Group does not expect any effect in this category of more than €3 billion. In the context of describing the risk and opportunity categories, significant changes in comparison to the prior year are explained.
The scope of consolidation for risk and opportunity management corresponds to the scope of consolidation of the consolidated financial statements and goes beyond that if necessary. The risks and opportunities of the divisions and operating units, important associated companies, joint ventures, joint operations and the corporate departments are included.
The tasks of the employees responsible for risk and opportunity management include, besides identification and assessment, the development of measures and the initiation of such measures, if necessary. The objective of such measures is to avoid, reduce or transfer risks. The utilization or enhancement of an opportunity, and its partial or full implementation, also require measures to be taken. The cost-effectiveness of a measure is assessed before its implementation. The development of all risks and opportunities of the individual entities and of the related countermeasures that have been initiated are continually monitored. Risk and opportunity controlling at the Daimler Group takes place at the level of the divisions based on individual risks and opportunities.
The internal control and risk management system with regard to the accounting processhas the objective of ensuring the correctness and effectiveness of accounting and financial reporting. It is designed in line with the internationally recognized framework for internal control systems of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Internal Control – Integrated Framework), is continually developed further and is an integral part of the accounting and financial reporting process in all relevant legal entities and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, it is regularly checked, if
- the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly taught and adhered to;
- transactions within the Group are fully accounted for and properly eliminated;
- issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
- processes are established to guarantee the completeness of financial reporting;
- processes are established for the segregation of duties and for the “four-eyes principle” (dual accountability) in the context of preparing financial statements and authorization and access rules exist for relevant IT accounting systems.
The effectiveness of the internal control system is systematically assessed with regard to the corporate accounting process. The first step consists of a risk analysis and the definition of control. Significant risks are identified relating to the process of corporate accounting and financial reporting in the main legal entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Random samples are regularly tested to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate magnitude and effectiveness of the controls. The results of this self-assessment are documented and reported in a global IT system. Identified weaknesses are eliminated with consideration of their potential effects. At the end of the annual cycle, the selected legal entities and corporate functions confirm the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about the main control weaknesses and the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material false statements in accounting are avoided.
The organizational embedding and monitoring of risk and opportunity management takes place through the risk management organization established at the Group. The divisions, corporate functions and legal entities are asked to report about concrete risks and opportunities at regular intervals. This information is passed on to Corporate Risk Management, which processes the information and provides it to the Board of Management and the Supervisory Board as well as to the Group Risk Management Committee (GRMC).
In order to ensure the complete presentation and assessment of material risks and risks threatening the existence of the Group, as well as the control and risk processes with regard to the corporate accounting process, Daimler has established the Group Risk Management Committee. It is composed of representatives of Finance & Controlling, Accounting, Legal and Group Compliance, and is chaired by the Board of Management Member for Finance & Controlling and Daimler Financial Services. The internal auditing department contributes material findings on the internal control and risk management system.
In addition to dealing with fundamental issues, the committee has the following tasks:
- The GRMC defines and designs the framework conditions with regard to the organization, methods, processes and systems that are needed to ensure a functional, group-wide and holistic control and risk management system.
- The GRMC regularly reviews the effectiveness and functionality of the installed control and risk management processes. Minimum requirements can be laid down in terms of the design of the control processes and of risk management and necessary and appropriate measures can be initiated to eliminate any system failings or weaknesses identified. The measures taken by the GRMC ensure that relevant risks and process weaknesses that might exist are identified and eliminated as early as possible.
However, responsibility for operational risk management and for the control and risk management processes with regard to the corporate accounting process remains directly with the divisions, corporate functions and legal entities.
Reports regarding the current risk situation and the effectiveness, functionality and appropriateness of the internal control and risk management system are regularly presented to the Board of Management and to the Audit Committee of the Supervisory Board of Daimler AG. Furthermore, the responsible managers regularly discuss the risks of business operations with the Board of Management.
The Audit Committee of the Supervisory Board is responsible for monitoring the internal control and risk management system. The internal auditing department monitors whether the statutory conditions and the Group’s internal guidelines are adhered to in the Group’s monitoring and risk management system. If required, measures are then initiated in cooperation with the respective management. External auditors audit the system for the early identification of risks that is integrated in the risk management system for its general suitability to identify risks threatening the existence of the Group; in addition, they report to the Supervisory Board on any significant weaknesses that have been recognized in the internal control and risk management system.