Risk management is considered as part of our day-to-day activities, and throughout the Group actions, procedures and guidelines exist to control one or more specific risk areas. Examples include our internal planning and control procedures, our reporting guidelines and systems, our defined organisational structure with appropriate delegation of authority and our general terms of reference that specify required authorisations.
To maintain an adequate internal control environment and a balanced risk management approach which is aligned with our risk appetite we see risk management as an integral part of our organisation, where people have taken this responsibility as part of doing business. Our approach to risk management aims to provide reasonable assurance on the achievement of our business objectives and compliance with applicable internal and external laws and legislation.
In 2006, we renewed our risk management process based on the experiences of the risk management reviews of 2004 and 2005. A pragmatic risk management methodology is used which supports management in further increasing risk awareness and risk transparency throughout our organisation. Our approach is not intended to eliminate all possible risks but to result in a positive risk/reward trade-off.
In 2007, we will further enhance and integrate this risk management approach into our business. This will be done by further increasing risk awareness within our Group, by focusing on compliance assessments and specific topics that are identified as key risk areas.
A Risk Management Function has been established by the Board of Management to facilitate the risk management process. The function is overseen by the Corporate Risk Manager and the Financial Risk Controller. The first is responsible for the strategic, operational and financial risk management as well as the compliance risk management approach and reports directly to the Chief Executive and the Audit Committee. The Financial Risk Controller is responsible for the financial reporting risk management approach, reporting directly to the Chief Financial Officer. The Audit Committee is informed each quarter on risks identified and actions taken. Roles and responsibilities of the Risk Management Function are recorded in our risk management charter which is published on the corporate website, www.vedior.com.
In addition, a Risk Advisory Committee has been established in 2006 to assist the Board of Management in evaluating the internal controls and in identifying key risks. This Risk Advisory Committee is comprised of corporate officers who advise the Board of Management proactively with regard to identified risks and recommend actions to mitigate these risks and maintain or strengthen the internal control environment.
The main risks revealed by our risk management process have been evaluated, analysed and where appropriate translated into management action(s). The results have been communicated to the Audit Committee and the External Auditors.
Although our current control environment, the people, the established processes and procedures and our risk management approach all contribute to reducing uncertainties or unexpected losses that could affect the achievement of our business objectives, it does not intend to provide absolute assurance against the failure to achieve our business objectives. Risk management cannot provide absolute assurance against material misstatements, losses, fraud, human error, poor judgment in decision-making and violations of legislation and regulations.
In addition there may be other significant risks which have not yet been identified or which have been assessed as not having a significant potential impact on Vedior’s business but could become significant subsequently.
The Vedior risk management approach consists of strategic, operational and financial risk management, compliance risk management and financial reporting risk management, as discussed below.
1. Strategic, operational and financial risk management During 2006, the company-wide strategic, operational and financial risk management approach has been further enhanced to include the establishment of a common risk management policy, risk language, risk mapping and a risk identification framework based on the Enterprise Risk Management Framework as developed by the Committee of Sponsoring Organisations of the Treadway Commission (COSO-ERM Framework).
The approach is focussed on identifying the strategic, operational and financial risks that are managed well (risks managed to a level that provides reasonable assurance that we can achieve our business objectives) and the top three risks that require action (risks that require action to manage those risks at a level that provides reasonable assurance that we can achieve our business objectives).
Prioritisation of risks is undertaken during management workshops by mapping the likelihood of occurrence and the impact on business objectives in the event the risk would occur. A large number of operating companies were assessed during 2006 covering 71% of Group sales.
Risks are mapped in terms of impact and likelihood
Control procedures identified for the top risks managed well are established as best practices so that they can be shared among our operating companies to increase their overall competitive advantage. Vedior actively encourages discussion on the risk perception and controls among its operating companies.
For the top risks that require action, risk mitigating plans are drafted and implemented. Monitoring of actions is integrated into our monthly business review cycle. After a top risk is managed to an acceptable level, the next top risk is identified and risk mitigating actions are taken. This ongoing risk management process is carried out at Board of Management, corporate and operating company level.
Top strategic, operational and financial risks that are managed well include
Legal and regulatory risks
Our business is subject to many complex and different laws and regulations worldwide. Non compliance with existing and new laws and regulations could negatively impact our results and reputation.
Controls include the use of high level in-house or external legal expertise, adequate training programmes in law and legislation for staff, monitoring of compliance with corporate policies and guidelines and reviews by local legal counsel and external advisors.
Quality Services risks The delivery of a quality service to customers and the ability to understand what our customers and the market expect from us, is essential. Customer needs are determined through frequent client contact, strong relationships, satisfaction surveys, workshops with our clients and by market investigations. Also our decentralised business model and local brand focus assists companies to satisfy the specific needs of our customers.
Client Credit Management risks At year-end 2006, we had €1,578 million of trade receivables due from clients and this could imply a significant credit risk. While a majority of our operating companies consider the risk for doubtful accounts as a key risk, they believe that it is managed to an acceptable level. This view is supported by the limited amount of bad debts that occur.
Strict acceptance criteria, payment conditions and follow-up procedures limit this risk.
Currency fluctuation risks Fluctuations in foreign currency exchange rates, particularly between the Euro and the USD and the Euro and the GBP, may have an impact on the Group’s operating results. In 2006, 56% of our operating income was in Euro, 18% in GBP and 14% in USD.
As our operating companies are operated and financed locally, we do not hedge revenues and cash flow in foreign currencies. Our external borrowings are denominated in Euro, USD and GBP in approximately the same proportion as our operating income in these currencies.
If the exchange rate of the Euro against the USD and the GBP respectively would have fluctuated by 10%, this would have had approximately a 3% impact on the 2006 net income.
Capital availability risks The Group has €1,009 million of committed credit facilities and €293 million of uncommitted short term credit facilities (see
this page). Our main bank facility is an €800 million multicurrency revolving credit facility which contains a number of affirmative, negative and financial covenants.
The Company’s failure to maintain these covenants would constitute an event of default under the facility, entitling the lenders to accelerate the repayment obligations. Further details on Vedior’s financial covenants are provided on this page .
The borrowing requirements fluctuate significantly throughout the year, impacted by the seasonality of our business and fluctuating working capital requirements of our operating companies. The Group has cash flow forecast reports that enable the Board of Management to assess the financial headroom under its credit facilities and respond in good time, if required.