Risk management and risk policy
Risk management provides important support in protecting and securing future potential. The general risk awareness of the management team and employees is increased by annual risk assessments. The HOCHDORF Group has a risk management system for all Group companies.
HOCHDORF carries out a risk assessment of all business activities and balance sheet items based on a standardised process. Each identified risk is evaluated in terms of the possible level of damage that could be expected should the loss event occur. As a result we set objectives and take effective measures from this to counteract the respective risk. The results from the risk process are summarised in a report to the Board of Directors and the Group Management. The risk management of the Group is documented continuously and reviewed to ensure its suitability for purpose.
Major projects of a strategic nature are managed within the HOCHDORF Group within the scope of project management. Part of the project management involves the ongoing recognition, monitoring and proactive reduction of risks. Responsibility for strategic projects and therefore also for risk management always lies with a member of Group Management.
Risk assessment
Regulatory and political environment: The HOCHDORF Group is dependent upon the regulatory and political environment. Changes could have a negative impact on business activities, the financial situation and/or the profitability of the HOCHDORF Group (e.g. negotiations with the World Trade Organization or negotiations with the European Union in connection with the agricultural free trade agreement). They could result in high price and volume volatility on the procurement and sales markets. HOCHDORF monitors economic and political developments in the individual countries to keep the procurement and sales risks to a minimum.
Quality monitoring: The continuously rising demands of our customers and increasing regulation are constantly presenting new challenges for quality assurance, which is why HOCHDORF has developed appropriate systems and testing standards. Quality assurance is carried out in close cooperation with customers, suppliers and our in-house procurement and production departments. Deviations and defects detected during quality checks are continuously analysed, documented and discussed with the parties concerned. These measures serve to minimise quality-related risks from the outset.
IT security: Unauthorised access to data, misuse of data or system failures can cause considerable disruption to the operational process. To prevent this, technical measures such as access authorisation, virus scanners and firewall and backup systems are used. Moreover, the operation of systems has been outsourced to an external data centre, enabling our systems to be continuously assessed and adjusted to current requirements. There is a contingency concept involving daily backup copies and mirroring of data. Internal guidelines regulate the handling of hardware and software.
Financial risks: The HOCHDORF Group is exposed to various financial risks in the course of its international activities. These include exchange rate and interest rate risks as well as credit, liquidity and capital risks. The individual risks are minimised by means of continuous checks and controls. Coordinating and managing financial needs as well as ensuring financial independence are a top priority for reducing financial risks. The objective is optimal capital procurement as well as a liquidity position oriented towards payment obligations.
Ultimately the risk policy of the HOCHDORF Group includes hedging risks by means of comprehensive and efficient insurance cover. An international insurance programme in the areas of liability, property insurance and transport serves to achieve this.
Internal control system
The internal control system (ICS) is expanded and improved continuously. Its role is to continually optimise business activities and to ensure the necessary processes and instruments for identifying and controlling risks. The system complies with the statutory requirements in Switzerland and is satisfactory for the needs of a company the size of HOCHDORF. The ICS for the HOCHDORF Group was developed on the basis of the COSO framework. Besides the controls related to complying with the strategic and operating objectives and compliance with the rules, the ICS was primarily designed for risks related to financial reporting in all Group companies. The compliance and effectiveness of the ICS is regularly checked in the internal audit. Furthermore, the external auditors undertake adequate audit procedures in order to assess whether there is an ICS. They confirm this in their audit report.
Internal audit
The internal audit of the HOCHDORF Group is outsourced and carried out by PricewaterhouseCoopers with the support of experts from the finance and accounting departments. The internal audit supports the Board of Directors in the handling of its monitoring and controlling tasks, particularly at the subsidiaries. The internal audit provides an independent and objective audit and advisory service that is focused on generated added value and improving business processes. It helps the company to achieve its goals by assessing the effectiveness of the risk management, the controls and the management and monitoring processes with a systematic and targeted approach and by improving them.
The internal audit, in cooperation with the Audit Committee, prepares a strategic audit plan at regular intervals, which is presented to the Board of Directors for approval in each case. On the basis of the multi-year plan, an operational audit plan is established by the internal audit detailing the planned audits over the next year. This is presented to the Audit Committee for approval. In addition, the Board of Directors may assign special projects to the internal audit.
A written audit report is produced by the internal audit after each completed audit. It contains the findings and recommendations of the internal audit, as well as the statement by Management containing the planned measures and the time required for the completion of these measures. Group Management checks the implementation of the defined measures and keeps the Audit Committee continually informed.
In the reporting year, the internal auditors did not take part in any meeting of the Board of Directors and did take part in one Audit Committee meeting. The external auditors receive information on the audit plan and the audit activities of the internal auditors as well as the audit reports. The internal auditors have access to the reports of the external auditors.