Risk and opportunity management system
The risk management system is intended to systematically and continually identify, assess, control, monitor and report on risks threatening the Daimler Group’s existence and other material risks jeopardizing the Group’s success, in order to support the achievement of corporate targets and to enhance risk awareness at the Group. The risk management system is integrated into the value-based management and planning system of the Daimler Group and is a fixed component of the overall planning, management and reporting process in the companies, segments and corporate functions.
The opportunity management system at the Daimler Group is based on the risk management system. The objective of opportunity management is to recognize the possible opportunities arising in business activities as a result of positive developments at an early stage, and to use them in the best possible way for the Group by taking appropriate measures. By taking advantage of opportunities, planned targets should be met or exceeded. Opportunity management considers relevant and realizable opportunities that have not yet been included in any planning.
In the context of the planning, risks and opportunities are considered with an observation period of up to five years. The reporting of risks and opportunities in the Management Report generally relates to a period of one year.
Risk assessment takes place on the basis of probability of occurrence and possible impact according to the levels “Low,” “Medium” and “High.” These levels also apply to the possible impact of opportunities. An analysis of the probability of occurrence is not considered here. When assessing the impact of a risk or opportunity, unless otherwise reported, its effect in relation to EBIT is considered.
At Group level, risks and opportunities below €500 million are classified as “Low,” between €500 million and €1 billion as “Medium” and above €1 billion as “High.” For the quantification of each risk and opportunity category in the Management Report, the individual risks and opportunities are summarized for each category. The assessment of the dimensions, probability of occurrence and possible impact is based on the levels shown in table B.58 and is conducted before measures are planned. In the context of describing the risk and opportunity categories, significant changes in comparison to the prior year are explained.
Sustainability aspects are integrated into the Group-wide risk management process at Daimler. They are understood to be conditions, events, or developments involving environmental, social or governance factors (ESG), the occurrence of which may have an actual or potential impact on the Daimler Group’s profitability, cash flows and financial position, as well as on its reputation. ESG-related risks and opportunities that are very likely to have a serious negative impact on non-financial aspects in accordance with the CSR Directive Implementation Act (CSR-RUG) can be found in the respective categories of the Risk and Opportunity Report according to their cause. Furthermore, Daimler follows the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) with regard to climate-related risks and opportunities.
Risk management is based on the principle of completeness. This means that at the level of the individual entities, all identified risks enter the risk management process.
The scope of consolidation for risk and opportunity management corresponds to the scope of the consolidated financial statements and goes beyond that if necessary. The risks and opportunities of the segments and operating units, important associated companies, joint ventures, joint operations and the corporate departments are included.
Furthermore, the employees responsible for risk management have the task of defining measures and, if necessary, initiating such measures to avoid, reduce or protect the Group against risks. Within the context of opportunity management, measures are to be taken with which opportunities can be seized, improved and (fully or partially) realized. The cost-effectiveness of a measure is assessed before its implementation. The possible impact and probability of occurrence of all risks and opportunities of the individual entities and the related measures that have been initiated are continually monitored. The management activities take place at the level of the segments based on individual risks and opportunities. As the parent company of the Daimler Group, Daimler AG monitors implementation by the segments as part of its regulatory, legal, and compliance functions.
The organizational embedding of risk and opportunity management takes place through the risk management organization established at the Group. Responsibility for operational risk management and for the risk management processes lies with the segments, corporate functions, organizational entities and companies. They report on the specific risks and opportunities to the next-higher level unit on a regular basis. Significant, unexpected risks must be reported on immediately. Through the segments, this information is passed on to Group Risk Management for reporting to the Board of Management and the Supervisory Board. The Group Risk Management Committee (GRMC) is responsible for the continual improvement of the risk management system and for assessing its efficiency and effectiveness. The GRMC is composed of representatives of Accounting & Financial Reporting, the Legal department, Compliance, Technical Compliance, Corporate & Information Security and the members responsible for finance of the Boards of Management of Mercedes-Benz AG, Daimler Truck AG and Daimler Mobility AG; it is chaired by the Board of Management members of Daimler AG responsible Finance & Controlling / Daimler Mobility and for Integrity and Legal Affairs. The Internal Auditing department contributes material findings on the internal control and risk management system.
The internal control system with regard to the accounting process has the objective of ensuring the correctness and effectiveness of accounting and financial reporting. It is designed in line with the internationally recognized framework for internal control systems of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Internal Control – Integrated Framework), is continually developed further, and is an integral part of the accounting and financial reporting processes in the relevant companies, organizational units and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, it is regularly checked as to whether
- the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly taught and adhered to;
- transactions within the Group are accounted for and properly eliminated;
- issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
- processes are established to guarantee the completeness of financial reporting;
- processes are established for the segregation of duties and for the “four-eyes principle” in the context of preparing financial statements, and whether authorization and access rules exist for relevant IT accounting systems.
The effectiveness of the internal control system is systematically assessed with regard to the corporate accounting process. The first step consists of risk analysis and a definition of control with the objective of identifying significant risks relating to the processes of corporate accounting and financial reporting in the main companies, organizational entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Random samples are regularly tested to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate magnitude and effectiveness of the controls. The results of this self-assessment are documented and reported in a Group-wide IT system; identified control weaknesses are eliminated. At the end of the annual cycle, the selected companies, organizational entities and corporate functions confirm the effectiveness of the internal control system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about potential significant control weaknesses and the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material misstatements in accounting are avoided.
The Audit Committee of the Supervisory Board of Daimler AG and the committees of the Supervisory Boards of Mercedes-Benz AG, Daimler Truck AG and Daimler Mobility AG are responsible for monitoring the internal control and risk management system. The Internal Auditing department monitors whether the statutory conditions and the Group’s internal guidelines concerning the internal control and risk management system of the Group are adhered to. If required, measures are initiated in cooperation with the respective management. External auditors audit the system for the early identification of risks, which is integrated in the risk management system, for its general suitability to identify risks threatening the existence of the Group; in addition, they report to the Audit Committee and the Supervisory Board on any significant weaknesses that have been recognized in the internal control and risk management system.