Since the business year 2000/01, the voestalpine Group has implemented a comprehensive risk management system that was established based on a general, Group-wide policy; in the meantime, it has been updated and expanded on an ongoing basis.
Risk management, as it is understood and practiced in the voestalpine Group, serves to ensure both the continued long-term existence of the Group and an increase in its value, thus representing a key factor in its success.
In accordance with the Austrian Company Law Amendment Act of 2008 (Unternehmensrechts-Änderungsgesetz) and the associated increased importance of an internal control system (ICS) and a risk management system, an Audit Committee has been set up at voestalpine AG, which addresses questions related to risk management and the internal control system (ICS) on an ongoing basis as well as the monitoring thereof.
Both the risk management and the internal control systems are integral components of the existing management systems within the voestalpine Group. The Internal Auditing department independently monitors operational and business processes and the ICS and, as an independent, in-house department, has full discretion when reporting and assessing audit results.
The systematic risk management process is an integral part of the business processes within the Group; it serves to recognize potential risks early on and initiate appropriate action to avert them. Risk management covers both the strategic and the operational levels and is therefore a major element in the sustainable success of the Group.
- Strategic risk management serves to evaluate and safeguard strategic planning for the future. Strategies are reviewed to ensure conformity with the Group’s system of objectives in order to ensure value-adding growth by way of an optimum allocation of resources.
- Operational risk management is based on a revolving procedure that is run at least once a year across the entire Group. The evaluation of identified risks is implemented using an evaluation matrix that assesses possible losses and the probability of occurrence. The main risks being documented are operational, environmental, market, procurement, technological, financial, and IT risks. This process is aided by a special web-based IT system.
The preventive measures for the main risk areas presented in last year’s Annual Report are still valid:
Availability of raw materials
In order to ensure the supply of the required quantity and quality of raw materials and energy, the voestalpine Group has for some years maintained a diversified procurement strategy that reflects the increased risks. Long-term, close relationships with suppliers, the expansion of the supplier portfolio, and the development of the Group’s self-sufficiency are the core elements of this strategy that is becoming increasingly important in view of the trend toward higher volatility on the raw materials markets (for more details, please refer to the “Raw Materials” chapter of this Annual Report).
Guidelines for hedging raw materials price risk
Management of raw materials price risk determines the effects that fluctuations on the raw materials market have on profit from operations (EBIT). Based on the acquired information and taking the individual distinctive characteristics of each raw material into consideration, price risks for raw materials are hedged by executing delivery contracts containing fixed price agreements or by utilizing derivative financial instruments. An internal guideline regulates the details of the relevant procedure Group-wide.
Risks associated with CO2 are covered separately in the “Environment” chapter of this Annual Report.
Failure of IT systems
The servicing of business and production processes that are largely based on complex IT systems is handled by voestalpine group-IT GmbH, a company that specializes in IT and that is wholly owned by the Group holding company voestalpine AG.
Due to the importance of IT security and in order to minimize possible IT security risks, minimum security standards for IT have been developed, and compliance with these standards is reviewed annually by way of an audit. In order to reduce the risk of unauthorized access to IT systems and applications even further, additional periodic penetration tests are carried out.
Failure of production facilities
In order to minimize the risk of breakdowns of critical production facilities, targeted and comprehensive investments in the technical optimization of sensitive units are undertaken. Consistent preventive maintenance, risk-oriented storage of spare parts, and comprehensive employee training are additional measures.
Extensive projects have already been undertaken in the past in order to sustainably secure knowledge and especially to prevent the loss of know-how; these projects are consistently maintained. Available knowledge is permanently documented on an ongoing basis, while new findings from key projects as well as lessons learned as the result of unplanned events are incorporated accordingly. Detailed process documentation, especially in IT-supported areas, also contributes to secure knowledge management.
Risks in the financial sector
Financial risk management is organized centrally with respect to policy-making power, strategy determination, and target definition. The existing rules and regulations include targets, principles, tasks, and responsibilities for both the Group Treasury and the financial department of each Group company. Financial risks are continuously monitored, quantified and—where this is feasible—hedged. The strategy aims to reduce fluctuations in cash flow and income. Market risks are largely secured through the use of derivative financial instruments that are used exclusively in connection with an underlying transaction.
Financing risks are hedged using the following measures:
Liquidity risks generally consist of a company being potentially unable to meet its financial obligations. Appropriate liquidity reserves enable the company to meet its obligations on schedule. The primary instrument for managing liquidity risk is a precise financial plan drawn up quarterly on a revolving basis. Required financing and bank credit lines are determined by the central Group Treasury based on the consolidated operating results.
Credit risk refers to financial losses that may occur through non-fulfillment of contractual obligations by individual business partners. The credit risk of the underlying transactions is minimized to the greatest degree possible through credit insurance and bankable securities (guarantees, letters of credit). The default risk for the Group’s own remaining risk is kept manageable by way of monitoring and close contact with our customers—and based on voestalpine’s experience during the crisis in recent years—is considered manageable. A high percentage of delivery transactions is covered by credit insurance. Bankable types of security, such as guarantees and letters of credit, are also provided. As of March 31, 2013, 76% of our trade receivables were covered by credit insurance. Counterparty credit risk in financial contracts is managed by way of daily monitoring of ratings and any changes in the CDS levels (credit default swap).
The Group implements a hedge centrally through the Group Treasury by means of derivative hedging instruments. voestalpine AG hedges budgeted (net) foreign currency payment flows for the next twelve months. Longer-term hedging is only carried out for contracted projects. The hedging ratios are between 50% and 100% of the budgeted payment flows for the next twelve months.
Interest rate risk
The interest rate risk assessment is made centrally for the entire Group by voestalpine AG by basically differentiating between cash flow risk (the risk that interest expenses or interest income will undergo an adverse change) for variable-interest financial instruments and present value risk for fixed-interest financial instruments. While taking the interest expense into consideration, this strategy aims to minimize the effects of interest rate volatility through the simultaneous management of interest rate risk and interest rate sensitivity. As of the reporting date of March 31, 2013, an increase of the interest rate by 1% will result in a reduction of the net interest expense amounting to EUR 8.2 million in the next business year. This is, however, an assessment of risk potential on the reporting date, and it can be subject to significant fluctuations over time. As voestalpine AG maintains a liquidity reserve to ensure availability of liquidity, it also has interest-bearing investments. In order to avoid interest rate risk stemming from these investments, interest rate exposure on the asset side, expressed by way of the modified duration, is coupled with interest rate exposure on the liability side (asset-liability management).
voestalpine AG also assesses price risk, primarily using scenario analyses to quantify interest and currency risk but also the value-at-risk concept. The maximum potential loss within the next business day and within a year is determined with 95% certainty. This process takes the correlations between the individual currencies into account. The present value basis point method is also applied in the interest management process.