Risk and opportunity management system

The risk management system with regard to material risks and existence-threatening risks is integrated into the value-based management and planning system of the Daimler Group. It is an integral part of the overall planning, management and reporting process in the relevant legal entities, divisions and corporate functions. The risk management system is intended to systematically and continually identify, assess, control, monitor and document material risks and risks threatening Daimler’s existence, in order to secure the achievement of corporate goals and to enhance risk awareness at the Group.

Opportunity management system at the Daimler Group is derived from the risk management system. The objective of opportunity management is to recognize at an early stage the possible opportunities arising in business activities as a result of positive developments, and to utilize them as optimally as possible for the Group by taking appropriate measures. Taking advantage of opportunities may lead to overachieve planned goals.

Risk assessment in principal is carried out for a two-year planning period, although Daimler also identifies and monitors risks related to a longer period in the discussions for the derivation of medium-term and strategic goals. Within the context of the strategic and operational planning, relevant and feasible opportunities are identified in addition to risks. Those opportunities are considered that are possible but which have not yet been included in the planning. The reporting of risks and opportunities in the management report in principal refer to a period of one year.

In the context of its operational planning, Daimler uses appropriate risk and opportunity categories to identify and assess risks and opportunities for the divisions and operating units, important associated companies, joint ventures, joint operations and the corporate departments. The scope of consolidation for risk and opportunity management corresponds to the scope of consolidation of the consolidated financial statements and goes even beyond if necessary.

Risk assessment takes place on the basis of the probability of occurrence and the possible impact of the risk according to the categories low, medium and high. These categories also apply to the potential impact of opportunities, although an analysis of the probability of occurrence is not conducted here. When assessing the impact of a risk, the effect before measures in relation to EBIT is considered. At the Daimler Group, risks below €500 million are categorized as low, between €500 million and €1 billion as medium and above €1 billion as high. Risk management is based on the principle of completeness. This means that at the level of the individual entities, all specific risks flow into the risk management process. General uncertainties without clear indication of a possible effect on earnings are monitored in the internal control system (ICS). The assessment of the dimensions of the probability of occurrence and possible impact is based on the categories shown in table B.54.

B.54

Assessment of probability of occurrence and possible impact
Category Probability of occurrence
       
Low 0% < Probability of occurrence ≤ 33%
Medium 33% < Probability of occurrence ≤ 66%
High 66% < Probability of occurrence < 100%
       
Category Possible impact
Low €0 ≤ Impact < €500million
Medium €500 million ≤ Impact < €1 billion
High   Impact ≥ €1 billion

Quantification of each risk and opportunity category in the Management Report summarizes the individual risks and opportunities for each category. The category descriptions include the explaination of important changes in comparison to the prior year.

The tasks of the employees responsible for risk and opportunity management include, in addition to identification and assessment, the development of measures and the initiation of such measures where appropriate, whereby the goal of such measures is to avoid, reduce or counteract risks. The utilization or enhancement of an opportunity, and its partial or full implementation, also require the application of specific measures. The standard approach here is to assess the cost-effectiveness of the measures before they are implemented. The development of all the risks and opportunities of the individual entities and of the related countermeasures that have been initiated are continually monitored.

Corporate risk management regularly reports on the identified risks and opportunities to the Board of Management and the Supervisory Board. As well as the regular reporting, there is also an internal reporting obligation within the Group for risks arising unexpectedly.

Risk controlling at the Daimler Group takes place at the level of the divisions based on individual risks. If the impact of an individual risk exceeds the amount of €2 billion, this risk is described separately in the Management Report. To the extent not otherwise presented, even in the case of simultaneous occurrence of all individual risks in a risk category, the Group does not expect any effect in this category of more than €3 billion.

The internal control and risk management system with regard to the accounting process has the goal of ensuring the correctness and effectiveness of accounting and financial reporting. It is designed in line with the internationally recognized framework for internal control systems of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Internal Control — Integrated Framework), is continually developed further and is an integral part of the accounting and financial reporting process in all relevant legal entities and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, it is regularly checked that

  • the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly taught and adhered to;
  • transactions within the Group are fully accounted for and properly eliminated;
  • issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
  • processes exist to guarantee the completeness of financial reporting;
  • processes exist for the segregation of duties and for the “four-eyes principle” (dual accountability) in the context of preparing financial statements, and authorization and access rules exist for relevant IT accounting systems.

We systematically assess the effectiveness of the internal control system with regard to the corporate accounting process. The first step consists of risk analysis and definition of control. Significant risks are identified relating to the process of corporate accounting and financial reporting in the main legal entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Random samples are regularly tested to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate magnitude and effectiveness of the controls. The results of this self-assessment are documented and reported in a global IT system. Any weaknesses recognized are eliminated with consideration of their potential effects. At the end of the annual cycle, the selected legal entities and corporate functions confirm the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about the main control weaknesses and about the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material false statements are avoided in accounting.

The organizational embedding and monitoring of risk management takes place through the risk management organization established at the Group. As previously described in the “Risk management system” section with regard to material risks and risks threatening Daimler’s existence, the divisions, corporate functions and legal entities inquire about the specific risks at regular intervals. This information is passed on to Corporate Risk Management, which processes the information and provides it to the Board of Management and the Supervisory Board as well as to the Group Risk Management Committee (GRMC). In order to ensure the complete presentation and assessment not only of material risks and risks threatening the existence of the Group, but also of the control and risk process with regard to the corporate accounting process, Daimler has established the Group Risk Management Committee. It is composed of representatives of the areas of Finance & Controlling, Accounting, Legal Affairs and Compliance, and is chaired by the Board of Management Member for Finance & Controlling and Daimler Financial Services. The Internal Auditing department contributes material findings on the internal control and risk management system. In addition to fundamental issues, the committee has the following tasks:

  • The GRMC defines and shapes the framework conditions with regard to the organization, methods, processes and systems that are needed to ensure a functioning, Group-wide, and thorough control and risk management system.
  • The GRMC regularly reviews the effectiveness and functionality of the installed control and risk management processes. Minimum requirements can be laid down in terms of the design of the control processes and of risk management and corrective measures can be initiated as necessary or appropriate to eliminate any system failings or weaknesses exposed.

However, responsibility for operational risk management for risks threatening the existence of the Group and for the control and risk management processes with regard to the corporate accounting process remains directly with the divisions, corporate functions and legal entities. The measures taken by the GRMC ensure that relevant risks and any existing process weaknesses in the corporate accounting process are identified and eliminated as early as possible.

In the Board of Management and the Audit Committee of the Supervisory Board of Daimler AG, regular reports are given regarding the current risk situation and the effectiveness, functions and appropriateness of the internal control and risk management system. Furthermore, the responsible managers regularly discuss the risks of business operations with the Board of Management.

The Audit Committee of the Supervisory Board is responsible for monitoring the internal control and risk management system. The Internal Auditing department monitors whether the statutory conditions and the Group’s internal guidelines are adhered to in the Group’s entire monitoring and risk management system. If required, measures are then initiated in cooperation with the relevant management. The external auditors audit the system for the early identification of risks that is integrated in the risk management system for its fundamental suitability to identify risks threatening the existence of the Group; in addition, they report to the Supervisory Board on any significant weaknesses that have been discovered in the internal control and risk management system.

Your position