Risk and opportunity management system
The risk management system with regard to existence-threatening and other material risks is integrated into the value-based management and planning system of the Daimler Group. It is an integral part of the overall planning, management and reporting process in the legal entities, divisions and corporate functions. The risk management system is intended to systematically and continually identify, assess, control, monitor and report risks threatening Daimler’s existence and other material risks, in order to support the achievement of corporate targets and to enhance risk awareness at the Group.
The opportunity management system at the Daimler Group is derived from the risk management system. The objective of opportunity management is to recognize the possible opportunities arising in business activities as a result of positive developments at an early stage, and to utilize them as optimally as possible for the Group by taking appropriate measures. By taking advantage of opportunities, planned targets should be secured or overachieved. Opportunity management considers relevant and implementable opportunities that have not yet been included in any planning.
In the context of operative planning, risks and opportunities – with consideration of appropriate risk and opportunity categories – are identified and assessed for a two-year planning period. Furthermore, the discussions for the derivation of mid-term and strategic targets in the context of strategic planning include the identification and assessment of risks and opportunities relating to a longer period. The reporting of risks and opportunities in the Management Report generally relates to a period of one year. Besides the reporting at specific times, risk and opportunity management is established as a continuous task within the Group. In addition to the regular reporting, there is also an internal reporting obligation within the Group for material risks arising unexpectedly. The central Group Risk Management regularly reports the identified risks and opportunities to the Board of Management and the Supervisory Board.
Risk assessment takes place on the basis of probability of occurrence and possible impact according to the levels low, medium and high. These levels also apply to the possible impact of opportunities. An analysis of the probability of occurrence is not considered here. When assessing the impact of a risk, its effect on EBIT is basically considered.
At the Daimler Group, risks below €500 million are classified as low, between €500 million and €1 billion as medium, and above €1 billion as high. For the quantification of each risk and opportunity category in the Management Report, the individual risks and opportunities are summarized for each category. The assessment of the dimensions probability of occurrence and possible impact is based on the levels shown in table B.58 and is conducted before measures are implemented. In the context of describing the risk and opportunity categories, significant changes in comparison to the prior year are explained.
B.58 Assessment of probability of occurrence/possible impact
|Level||Probability of occurrence|
|Low||0 % <||Probability of occurrence||≤ 33 %|
|Medium||33 % <||Probability of occurrence||≤ 66 %|
|High||66 % <||Probability of occurrence||< 100 %|
|Low||€0 < <||Impact||€500 million|
|Medium||€500 million ≤||Impact||< €1 billion|
|High||Impact||≥ €1 billion|
Risk management is based on the principle of completeness. This means that at the level of the individual entities, all concrete risks enter the risk management process. General uncertainties without any clear indication of a possible effect on earnings are monitored by the internal control system (ICS).
The scope of consolidation for risk and opportunity management corresponds to the scope of consolidation of the consolidated financial statements and goes beyond that if necessary. The risks and opportunities of the divisions and operating units, important associated companies, joint ventures, joint operations and the corporate departments are included.
The tasks of the employees responsible for risk and opportunity management include, besides the identification and assessment of risks and opportunities, the development of measures and the initiation of such measures, if necessary. The objective of such measures is to avoid, reduce or transfer risks. The utilization or enhancement of an opportunity, and its partial or full implementation, also require measures to be taken. The cost-effectiveness of a measure is assessed before its implementation. The development of all risks and opportunities of the individual entities and of the related measures that have been initiated are continually monitored. The management activities take place at the level of the divisions based on individual risks and opportunities.
The internal control and risk management system with regard to the accounting process has the objective of ensuring the correctness and effectiveness of accounting and financial reporting. It is designed in line with the internationally recognized framework for internal control systems of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Internal Control – Integrated Framework), is continually developed further, and is an integral part of the accounting and financial reporting process in all relevant legal entities and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, it is regularly checked, if
- the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly taught and adhered to;
- transactions within the Group are accounted for and properly eliminated;
- issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
- processes are established to guarantee the completeness of financial reporting;
- processes are established for the segregation of duties and for the “four-eyes principle” (dual accountability) in the context of preparing financial statements, and authorization and access rules exist for relevant IT accounting systems.
The effectiveness of the internal control system is systematically assessed with regard to the corporate accounting process. The first step consists of risk analysis and the definition of control. Significant risks are identified relating to the process of corporate accounting and financial reporting in the main legal entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Random samples are regularly tested to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate magnitude and effectiveness of the controls. The results of this self-assessment are documented and reported in a groupwide IT system. Identified weaknesses are eliminated with consideration of their potential effects. At the end of the annual cycle, the selected legal entities and corporate functions confirm the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about the main control weaknesses and the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material false statements in accounting are avoided.
The organizational embedding and monitoring of risk and opportunity management takes place through the risk management organization established at the Group. The divisions, corporate functions and legal entities are requested to report about concrete risks and opportunities at regular intervals. This information is passed on to Group Risk Management, which processes the information and provides it to the Board of Management and the Supervisory Board as well as to the Group Risk Management Committee (GRMC).
In order to ensure the complete presentation and assessment of existence-threatening and other material risks of the Group, as well as the control and risk processes with regard to the corporate accounting process, Daimler has established the GRMC. It is composed of representatives of Accounting & Financial Reporting, the Legal departement and Group Compliance, and is chaired by the Board of Management Member for Finance & Controlling/Daimler Financial Services. The internal auditing department contributes material findings on the internal control and risk management system.
In addition to dealing with fundamental and material issues related to the design of the risk management, the committee has the following tasks:
- The GRMC is responsible for the creation and design of the framework conditions relating to the organization, methods, processes and systems for a functional, Group-wide risk management at Daimler AG and its subsidiaries.
- The GRMC regularly reviews the effectiveness and functionality of the installed risk management processes, including the necessary adaptations. This includes reviewing the appropriateness of the organization, methods, processes and systems. The GRMC specifies minimum requirements relating to the design of risk management, gives instructions for necessary and appropriate corrective measures to eliminate possibly identified system failings or weaknesses, and monitors their implementation. The general objective is to ensure efficient and effective risk management that facilitates the early identification of material risks and enables management to recognize developments at an early stage and to control them by taking suitable measures.
Responsibility for operational risk management and for the risk management processes lies directly with the divisions, corporate functions and legal entities.
Reports regarding the current risk situation and the effectiveness, functionality and appropriateness of the internal control and risk management system are regularly presented to the Board of Management and to the Audit Committee of the Supervisory Board of Daimler AG. Furthermore, the responsible managers regularly discuss risks and opportunities out of business operations with the Board of Management.
The Audit Committee of the Supervisory Board is responsible for monitoring the internal control and risk management system. The internal auditing department monitors whether the statutory conditions and the Group’s internal guidelines concerning the internal control and risk management system of the Group are adhered to. If required, measures are then initiated in cooperation with the respective management. External auditors audit the system for the early identification of risks which is integrated in the risk management system for its general suitability to identify risks threatening the existence of the Group; in addition, they report to the Supervisory Board on any significant weaknesses that have been recognized in the internal control and risk management system.