Risk management system

The risk management system with regard to material risks and existence-threatening risks is integrated into the value-based management and planning system of the Daimler Group. It is an integral part of the overall planning, management and reporting process in the relevant legal entities, divisions and corporate functions. The risk management system is intended to systematically identify, assess, control, monitor and document material risks and risks threatening Daimler’s existence, in order to secure the achievement of corporate goals and to enhance risk awareness at the Group. Risk assessment principally takes place for a two-year planning period, although Daimler also identifies and monitors risks related to a longer period in the discussions for the derivation of medium-term and strategic goals. Reporting in the Management Report is with reference to one year.

In the context of the two-year operational planning – with the use of defined risk categories – risks are identified and assessed for the divisions and operating units, the major joint ventures and associated companies and the corporate departments. The risk consolidated group mirrors the consolidated group of the consolidated financial statements and goes even further if necessary.

Risk assessment takes place on the basis of the probability of occurrence and possible impact of the risk according to the categories low, medium and high. When assessing the impact of a risk, the effect before countermeasures in relation to EBIT is considered. At the Daimler Group, risks below €500 million are categorized as low, between €500 million and €1 billion as medium and above €1 billion as high. Assessment of the dimensions of the probability of occurrence and possible impact is based on the categories shown in table. (See table C.50)

C.50

Assessment of probability of occurence and possible impact
Category Probability of occurrence  
       
Low 0% ≤ Probability of occurrence ≤ 33%
Medium 34% ≤ Probability of occurrence ≤ 66%
High   Probability of occurrence ≥ 67%
       
Category Possible impact  
Low €0 ≤ Impact < €500 million
Medium €500 million ≤ Impact < €1 billion
High   Impact ≥ €1 billion

Quantification of each aggregated risk category in the Management Report summarizes the individual risks reported for each category. To the extent not otherwise presented, even in the case of simultaneous occurrence of all individual risks in a risk category, the Group does not expect any effect in this category of more than €3 billion.

Risk controlling at the Daimler Group takes place at the level of the divisions based on individual risks. If the impact of an individual risk exceeds the amount of €2 billion, this risk is described separately.

The tasks of a person responsible for a risk include, in addition to identifying and assessing the risks, developing measures and initiating them if appropriate so that risks are avoided, reduced or counteracted. All reported risks of the individual entities and of the related countermeasures that have been initiated are monitored locally. Corporate risk management at headquarters regularly reports on the identified risks to the Board of Management and the Supervisory Board. As well as the regular reporting, there is also an internal reporting obligation within the Group for risks arising unexpectedly.

The principle of completeness also applies to risk management. This means that at the level of the individual entities, all specific risks must flow into the risk management process. Such a risk exists if the probability of occurrence of the risk exceeds a uniform threshold defined for the whole Group. Latent risks that are below this threshold are monitored in the internal control system (ICS). Compliance risks are thoroughly identified by the Group. Regular courses of training aim to reduce the number of compliance risks.

The internal control and risk management system with regard to the accounting process has the goal of ensuring the correctness and effectiveness of accounting and financial reporting. It is designed in line with the internationally recognized framework for internal control systems of the Committee of Sponsoring Organizations of the Treadway Commission (COSO Internal Control – Integrated Framework), is continually further developed and is an integral part of the accounting and financial reporting process in all relevant legal entities and corporate functions. The system includes principles and procedures as well as preventive and detective controls. Among other things, we regularly check that

  • the Group’s uniform financial reporting, valuation and accounting guidelines are continually updated and regularly trained and adhered to;
  • transactions within the Group are fully accounted for and properly eliminated;
  • issues relevant for financial reporting and disclosure from agreements entered into are recognized and appropriately presented;
  • processes exist to guarantee the completeness of financial reporting;
  • processes exist for the segregation of duties and for the “four-eyes principle” in the context of preparing financial statements, and authorization and access rules exist for relevant IT accounting systems.

We systematically assess the effectiveness of the internal control system with regard to the corporate accounting process. The first step consists of risk analysis and definition of control. Significant risks are identified relating to the process of corporate accounting and financial reporting in the main legal entities and corporate functions. The controls required are then defined and documented in accordance with Group-wide guidelines. Regular random tests are carried out to assess the effectiveness of the controls. Those tests constitute the basis for self-assessment of the appropriate magnitude and effectiveness of the controls. The results of this self-assessment are documented and reported in a global IT system. Any weaknesses recognized are eliminated with consideration of their potential effects. At the end of the annual cycle, the selected legal entities and corporate functions confirm the effectiveness of the internal control and risk management system with regard to the corporate accounting process. The Board of Management and the Audit Committee of the Supervisory Board are regularly informed about the main control weaknesses and about the effectiveness of the control mechanisms installed. However, the internal control and risk management system for the accounting process cannot ensure with absolute certainty that material false statements are avoided in accounting.

The organizational embedding and monitoring of risk management takes place through the risk management organization established at the Group. As previously described in the “Risk management system” section with regard to material risks and risks threatening Daimler’s existence, the divisions, corporate functions and legal entities inquire about the specific risks at regular intervals. This information is passed on to Corporate Risk Management, which processes the information and provides it to the Board of Management and Supervisory Board as well as to the Group Risk Management Committee (GRMC). In order to ensure the complete presentation and assessment not only of material risks and risks threatening the existence of the Group, but also of the control and risk process with regard to the corporate accounting process, Daimler has established the Group Risk Management Committee. It is composed of representatives of the areas of Finance & Controlling, Accounting, Legal Affairs and Group Compliance, and is chaired by the Board of Management Member for Finance (CFO). The Internal Auditing department contributes material statements on the internal control and risk management system. In addition to fundamental issues, the committee has the following tasks:

  • The GRMC defines and shapes the framework conditions with regard to the organization, methods, processes and systems that are needed to ensure a functioning, Group-wide and thorough control and risk management system.
  • The GRMC regularly reviews the effectiveness and functionality of the installed control and risk management processes. Minimum requirements can be laid down in terms of the design of the control processes and of risk management and corrective measures can be commissioned as necessary or appropriate to eliminate any system failings or weaknesses exposed.

However, responsibility for operational risk management for risks threatening the existence of the Group and for the control and risk management processes with regard to the corporate accounting process remains directly with the divisions, corporate functions and legal entities. The measures taken by the GRMC ensure that relevant risks and any existing process weaknesses in the corporate accounting process are identified and eliminated as early as possible.

In the Board of Management and the Audit Committee of the Supervisory Board of Daimler AG, regular reports are given regarding the current risk situation and the effectiveness, functions and appropriateness of the internal control and risk management system. Furthermore, the responsible managers regularly discuss the risks of business operations with the Board of Management.

The Audit Committee of the Supervisory Board is responsible for monitoring the internal control and risk management system. The Internal Auditing department monitors whether the statutory conditions and the Group’s internal guidelines are adhered to in the Group’s entire monitoring and risk management system. If required, measures are then initiated in cooperation with the relevant management. The external auditors audit the system for the early identification of risks that is integrated in the risk management system for its fundamental suitability to identify risks threatening the existence of the Group; in addition, they report to the Supervisory Board on any significant weaknesses that have been discovered in the internal control and risk management system.