Audited

Risk and Opportunity Management

All commercial activities inevitably entail both opportunities and risks. HHLA believes that the effective management of opportunities and risks is a significant success factor for the sustainable enhancement of enterprise value.

Managing opportunities and risks is a key component of the HHLA Group’s management strategy. The planning and controlling process, the committees of the Group’s affiliates and reporting are all cornerstones of this opportunity and risk management system. At regular business development meetings, HHLA’s Executive Board discusses strategy, targets and control measures, with due consideration of the opportunity and risk profile.

Opportunity management is comparable to the risk management process. Opportunities are systematically identified and measures are developed in an annual planning process. When opportunities are identified, there is no requirement for them to be quantified. Opportunity management focuses on the monitoring and analysis of individual markets and on the early recognition and identification of trends as a means of identifying opportunities.

This includes developments affecting the overall economy or individual sectors as well as regional and local trends. The affiliates’ responsibilities include identifying strategic opportunities in their core markets. HHLA’s Executive Board defines the strategic framework for this objective. In addition, opportunity-oriented projects which affect more than one affiliate are centrally coordinated. HHLA’s Corporate Development department assists the Executive Board with planning, controlling and monitoring multi-segment projects relating to the long-term development of the HHLA Group. Through its role as a link to the Executive Board, Corporate Development also helps central units and affiliates with strategic issues, such as market and competition analyses, business plans, product portfolio alignment and project management.

HHLA’s risk management system fosters a keen awareness of dealing with corporate risks. It aims to identify risks in good time and take steps to manage or avert them, thus exploiting opportunities but preventing situations which could jeopardise the continued existence of the HHLA Group. An important element of the system is the promotion of entrepreneurial thinking and independent, responsible action.

In order to enable proactive steps to be taken to deal with the risk and opportunity profile, the risk management system comprises the necessary organisational rules and procedures for identifying risks at an early stage. To this end, HHLA has created a system based on risk policies covering economic and ecological activities as well as its dealings with society. Risk management is carried out according to systematic principles and is subject to a continual improvement process.

The Executive Board, Internal Audit and Controlling have worked together closely to establish clear lines of responsibility for the identification, assessment, control, monitoring and reporting of risks, as a key element of the risk management system. The Executive Board of HHLA bears overall responsibility for the risk management system of the HHLA Group. The risk consolidation group includes all of the majority shareholdings as well as all companies consolidated using the equity method.

Risks are catalogued regularly in the course of the annual planning process. All identified risks are described clearly, classified according to defined risk areas and assigned to a risk manager.

Risks are categorised by the likelihood of their occurrence and the amount by which such an occurrence would reduce the operating result or cash flow before taxes.

When assessing a risk, the level of loss or damage plus the anticipated probability must be stated. A distinction is made here between the gross risk (excluding reduction and management measures) and the net risk (including reduction and management measures). Risks are assessed in the context of the existing circumstances or a realistic projection. In addition to estimates and economic or mathematical/statistical inferences, sensitivities derived from planning can be used as a basis for assessment.

To ensure that risks of the same kind are portrayed uniformly, staff work together at Group level when assessing identified risks to establish and calculate the likelihood of the risks arising and the associated potential loss or damage.

After identifying and assessing the risk, the company then defines control measures aimed at reducing the likelihood of its occurrence and/or the loss or damage. Risks are monitored continuously and any significant changes are reported and documented on a quarterly basis. Additional ad hoc reports are issued whenever significant risks emerge, cease to apply, or change. Risks are reported using standard Group-wide reporting formats in order to ensure a consistent overall picture of current risks.

The most important elements of the risk management system and risk reporting are described in a corporate guideline. The system remains largely unchanged from the previous year. The Internal Audit department is responsible for auditing the risk management system. HHLA’s Supervisory Board monitors the effectiveness of the risk management system. The external auditors assess the risk management system on behalf of the Supervisory Board as part of their audit of the Annual Financial Statements.

Structure of the Internal Control System

HHLA’s internal control system is designed to ensure that the (financial) reporting processes used throughout the company are consistent, transparent and reliable. Furthermore, it makes sure they comply with legal standards and the company’s own guidelines. It comprises principles, procedures and methods designed to reduce risk and ensure the effectiveness and propriety of HHLA’s processes.

The internal control system is regularly monitored and assessed according to documented processes, risks and controls. It therefore ensures transparency with regard to its structure and functionality for the purposes of internal and external reporting.

HHLA’s internal accounting control and risk management system is based on the criteria laid out in the “Internal Control – Integrated Framework” working paper published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Accounting processes are assessed to determine whether there is a risk posed to the existence, completeness, accuracy, valuation, ownership and reporting of transactions. The company also conducts a risk assessment regarding the possibility of fraud. Concluding unusual or complex transactions can lead to specific accounting risks. There is also a latent risk of error when processing non-routine transactions. Employees are by necessity given a certain amount of leeway when recognising and measuring balance sheet items, which can give rise to further risks.

Internal Control System and Management of Accounting Risks

Organisation of Risk Management (diagramm)Organisation of Risk Management (diagramm)

Internal controls are intended to reduce accounting risks and make sure that transactions are documented, recorded, processed and assessed correctly in the balance sheet, as well as being quickly and correctly adopted in financial reporting. Controls are in place for all accounting processes.

The Internal Audit department is responsible for monitoring HHLA’s internal accounting control and risk management systems. The external auditor also assesses the effectiveness of the accounting-related internal control system, primarily by carrying out spot checks.

The internal accounting control and risk management systems will always have certain limitations, regardless of how carefully they are designed. For this reason, it is impossible to fully guarantee that accounting standards will always be met or that every incorrect statement will always be avoided or identified.

Significant Regulations and Controls

Accounting tasks and functions are clearly defined within the Group. There is a clear functional demarcation between accounts payable and accounts receivable as well as the preparation of Separate Financial Statements and the preparation of Consolidated Financial Statements. There is also a clear demarcation between these departments and the respective segment accounting. Separating execution, settlement and authorisation functions and giving these responsibilities to different members of staff reduces the risk of fraud. Multi-stage approval and authorisation thresholds for ordering, payment transactions and accounting are employed across the Group. These include using the double-checking principle. There is a single accounting manual which covers the consistent application and documentation of accounting rules for the entire Group. Other accounting guidelines are also in place. Like the accounting manual, they are reviewed regularly and updated if necessary.

Most bookkeeping procedures are recorded using accounting systems developed by SAP. For the purpose of preparing HHLA’s Consolidated Financial Statements, affiliates add more information to their Separate Financial Statements to form standardised report packages, which are then fed into the SAP ECCS consolidation module for all Group companies.

Measures are in place to protect the IT systems from unauthorised access. Access rights are granted in line with each user’s role. Only those departments responsible for mapping transactions are given write access. Departments responsible for processing information use read access. The principles of function-related authorisations are defined in a set of SAP authorisation guidelines. IT security guidelines also cover access to IT systems in general.

External service providers are used for pension reports, fiscal issues and for other reports and projects if necessary.

The specific formal requirements for the consolidation process pertaining to the Consolidated Financial Statements are clearly defined. In addition to a definition of the consolidated group, there are also detailed rules requiring affiliates to use a standardised and complete report package. There are also specific provisions regarding the recording and handling of Group clearing transactions and subsequent balance reconciliations, or the determination of the fair value of shareholdings. As part of the consolidation process, the Group accounting team analyses the Separate Financial Statements submitted by affiliates and corrects them if necessary. Incorrect information is identified and corrected as necessary using control mechanisms already present in the SAP ECCS system or using system-based plausibility checks.