The Risk Management Process
Risk identification Risk assessment
Risk control Risk monitoring &
risk reporting
Successful risk management at the TOM TAILOR GROUP in- volves four phases: risk identification, risk assessment, risk control and risk monitoring. Identifying all risks is the most important phase in the risk management process because this step forms the basis for all downstream phases. A set proce- dure is used and all relevant sources of risk are analysed in or- der to ensure maximum success. During risk inventories, the relevant risk owners are required to identify any new sources of risk and to reassess existing sources of risk if necessary. The risks identified are then assessed in the next step using the data recorded during risk identification. Risks are first record- ed in accordance with the “gross principle”, i. e. without taking into account measures that minimises risk. The risk man- agement process is designed to ensure that the quantitative aspects of relevant risks are evaluated as fully as possible to establish potential losses and probability of occurrence, and
are prioritised in line with this as low, medium, or high risk. The net risk therefore is the remaining risk to which the TOM TAILOR GROUP is exposed after successful implementation of suitable and effective countermeasures. The following tables explain how the TOM TAILOR GROUP’s risks are classified.
Risk Classification: Probability of Occurrence
As at 31 December 2014
Very low up to 5%
Low from 5% to 25%
Medium from 25% to 60%
High from 60% to 100%
Risk Classification: Potential Loss
As at 31 December 2014
Low Limited negative effects on business activities, financial position, results of opera- tions and cash flows; effect on EBITDA <= EUR 1 mn
Moderate Some negative effects on business activi- ties, financial position, results of operations and cash flows; effect on EBITDA between EUR 1 mn and EUR 5 mn
Material Significant negative effects on business activities, financial position, results of operations and cash flows; effect on EBITDA between EUR 5 mn and EUR 15 mn Severe Damaging negative effects on business
activities, financial position, results of operations and cash flows; effect on EBITDA > EUR 15 mn
Using a fictitious example, the following table shows how the effects of risks as well as their probability of occurrence can be minimised by implementing countermeasures.
Schematic Presentation of Gross and Net Potential Loss
Gross risk
Effect of countermeasures
Calculation:
Gross risk minus Effect of countermeasures Net risk
Probability of occurrence 40% 10% 40% – 10% = 30% 30%
Risks are classified as “low”, “medium” or “high” depending on their probability of occurrence and their effects on the fi- nancial position and results of operations. They are shown in the risk assessment matrix below. At the first risk level, risk owners and the risk manager manage all operational risks in the Company’s day-to-day business. Risks classified as medium and high and their potential and actual effects are additionally discussed in the second risk level every month. Discussions concerning high-level risks and the potential and actual countermeasures taken are also always on the agenda of the highest-level risk management body, the Risk Com- mittee. In this way, the TOM TAILOR GROUP prioritises its exposures according to potential risk to the Company and manages them effectively.
Assessment Matrix for Risks
Probability of occurrence
High M H H H
Medium M M H H
Low L M M H
Very low L L M M
Small Moderate Material Severe Effect L M H Low risk Medium risk High risk
Risk control encompasses all measures that influence the risk situation by reducing either the probability of occurrence and/or the extent of the losses. This phase of the process aims to avoid unacceptable risks and to reduce or transfer unavoidable risks. Optimal risk control therefore improves the Company’s risk profile and thus contributes to increas-
— Avoiding risks by not doing the business in question; — Mitigating risk by taking suitable countermeasures; or — Transferring operational risk to third parties, e. g.
suppliers or insurers. This largely neutralises the financial consequences of insurable risks such as property damage, business interruptions or bad debt losses.
The success of risk management depends to a great extent on whether a planned measure for improvement is actually implemented and checked for effectiveness. After all, only effectively implemented measures that are also appropriate from a cost perspective contribute to increasing the enter- prise value. Risk monitoring is responsible for this in the final step of the process. The aim here is for new risks to be rec- ognised during risk monitoring and incorporated into the risk management process. Risks are also subject to change over the course of time. Their momentum and the overall frame- work can also change and, along with them, the associated losses and probability of occurrence. In all of these cases, renewed identification and assessment is crucial and is con- ducted continually at the operational level. Risk reporting, another element of the risk management system, ensures comprehensive presentation of the results of the preced- ing phases of the risk management process in a way that is relevant to the Company. Reports are issued quarterly and give the Company’s management an overview of all risks to the Company and of specific risks in the individual areas of responsibility.
In the risk monitoring phase, the risk management cycle constantly starts over again so as to take into account the changes to the overall framework at all times. This compre- hensive risk management system is designed particularly to enable the Company to identify developments that threaten the continued existence of the Company at an early stage and to allow the Management Board to manage these by taking appropriate measures.
risks
The following describes the risks that could have material negative effects on the objectives and reputation of the TOM TAILOR GROUP. The classification is based on the same risk
categories as those used in the internal risk management system, in summarized form. The order in which the risks are presented within the five categories reflects the current assessment of the relative degree of risk for the TOM TAILOR GROUP, and hence provides an indication of the significance of these risks. Unless specified otherwise, all risks relate to all of the TOM TAILOR GROUP’s segments.
Summary of Risks
Probability of
occurrence Extent Risk category
External Risks
Economic Development low material medium
Weather Risks medium moderate medium
Risks of Competition medium moderate medium
Country Risks low moderate medium
Risks Arising from the Ukraine Crisis low moderate medium
Force Majeure Risks very low low low
Strategic Risks
Trendspotting and Pricing low material medium
Long-term Positioning and Brand Image low material medium
Investment and Cost Risks (miscellaneous) medium
Financial Risks
Liquidity Risks very low severe medium
Currency Risks (miscellaneous) medium
Credit Risks low material medium
Interest Rate Risks very low moderate low
Operational Risks
Risks Arising from the Company’s Organisation high material high
Logistics Risk (miscellaneous) high/medium
Quality Risks and Social/Environmental Risks low material medium
Sales and Inventory Risks medium moderate medium
Production Risks low low low
Company-Related Risks
Compliance Risks low severe high
Personnel Risks medium moderate medium
IT Risks (miscellaneous) medium
Integration Risks very low moderate low
The TOM TAILOR GROUP divides relevant risks into five catego- ries: external, strategic, financial, operational and Company- related risks. Although the occurrence of risks is estimated as realistically as possible by following the detailed process de- scribed, negative effects on the net assets, financial position and results of operations of the TOM TAILOR GROUP cannot be ruled out completely.