Active risk management, as it has been understood and consistently practiced in the voestalpine Group, serves to ensure both the continued long-term existence of the Group and an increase in its value, thus representing a key factor in the success of the Group as a whole.
Since the business year 2000/01, the voestalpine Group has had a comprehensive risk management system in place that was established based on a general, Group-wide policy; this policy has been updated and expanded on an ongoing basis.
In accordance with the Austrian Company Law Amendment Act of 2008 (Unternehmensrechts-Änderungsgesetz) and the associated increased importance of an internal control system (ICS) and a risk management system, an Audit Committee has been set up at voestalpine AG, which addresses questions related to risk management and the internal control system (ICS) on an ongoing basis as well as the monitoring thereof. Both the risk management and the internal control systems are integral components of the existing management systems within the voestalpine Group. The Internal Auditing department independently monitors operational and business processes and the ICS and, as an independent, in-house department, also has full discretion when reporting and assessing audit results.
The systematic risk management process is an integral part of all essential business processes within the Group; it assists the management in recognizing potential risks early on and initiating appropriate action to avert or prevent dangers, Risk management covers both the strategic and the operational levels and is therefore a major element in the sustainable success of the Group.
Strategic risk management serves to evaluate and safeguard strategic planning for the future. Strategies are reviewed to ensure conformity with the Group’s system of objectives in order to ensure value-adding growth by way of an optimum allocation of resources.
Operational risk management is based on a revolving procedure (“identify and analyze, assess, manage, document and monitor”) that is run several times a year uniformly across the entire Group. The evaluation of identified risks is implemented using an evaluation matrix comprising nine fields that assesses possible losses and the probability of occurrence. The main risks being documented are operational, environmental, market, procurement, technological, financial, and IT risks. This process is aided by a special web-based IT system.
The preventive measures for the main risk areas presented in last year’s Annual Report are still valid:
Availability of raw materials
In order to ensure the long-term supply of the required quantity and quality of raw materials and energy, the voestalpine Group has for some years maintained an appropriately diversified procurement strategy that reflects the increased risks. Long-term relationships with suppliers, the expansion of the supplier portfolio, and the development of its self-sufficiency are the core elements of this strategy, which is becoming increasingly important in view of the present volatility on the raw materials markets. (For more details, please refer to the “” chapter of this Annual Report).
Guidelines for hedging raw materials price risk
An internal guideline defines objectives, principles and responsibilities, in addition to methodology, processes, and decision-making processes for how raw materials risks are handled. Based on the acquired information and taking the individual distinctive characteristics of each raw material into consideration, price risks for the raw materials are hedged by executing delivery contracts containing fixed price agreements or by utilizing derivative financial instruments. Financial derivatives are primarily deployed to hedge fixed price agreements on the sales side and variable price agreements on the purchasing side.
Failure of IT systems
At the majority of the Group’s sites, business and production processes, which are largely based on complex IT systems, are serviced by voestalpine group-IT GmbH, a company that specializes in IT and that is wholly owned by the Group holding company voestalpine AG. Due to the importance of IT security and in order to minimize possible IT breakdown and security risks, minimum security standards for IT have been developed. These minimum standards are regularly revised and adapted to new circumstances; compliance with these new standards is reviewed annually by way of an audit. In order to reduce the risk of unauthorized access to IT systems and applications to the greatest possible extent, additional periodic penetration tests are carried out. Additionally, in the past business year, an online campaign was again conducted to raise employees’ awareness with regard to issues relating to IT security.
Failure of production facilities
In order to minimize the risk of breakdowns of critical facilities, ongoing targeted and comprehensive investments are made in the technical optimization of sensitive units. Consistent preventive maintenance, risk-oriented storage of spare parts, and appropriate employee training are additional measures that are being taken.
In order to sustainably safeguard knowledge, and especially to prevent the loss of know-how, complex projects have already been initiated and are consistently maintained. Available knowledge is permanently documented on an ongoing basis, while new findings from key projects as well as lessons learned as the result of unplanned events are incorporated accordingly. Detailed process documentation, especially in IT-supported areas, also contributes to secure knowledge management.
Risks in the financial sector
Financial risk management is organized centrally with respect to policy-making powers, strategy determination, and target definition. The existing rules and regulations include targets, principles, tasks, and responsibilities for both the Group Treasury and the financial department of each Group company. Financial risks are continuously monitored and – where this is feasible – hedged. In particular, the strategy aims to use natural hedges and to reduce fluctuations in cash flow and income. Market risks are largely secured through the use of derivative financial instruments that are used exclusively in connection with an underlying transaction.
Financing risks are hedged using the following measures:
Liquidity risks generally consist of a company being potentially unable to raise the funds necessary to meet its financial obligations. Existing liquidity reserves enable the company to meet its obligations within the prescribed period, also during crisis periods. The primary instrument for managing liquidity risk is a precise financial plan drawn up quarterly on a revolving basis. Required financing and bank credit lines are determined by the central Group Treasury based on the consolidated operating results.
Credit risk refers to financial losses that may occur through non-fulfillment of contractual obligations by individual business partners. The credit risk of the underlying transactions is minimized to a large degree through credit insurance and bankable securities (guarantees, letters of credit). The default risk for the Group’s own remaining risk is managed by way of defined processes of credit assessment, risk evaluation, risk classification, and credit monitoring. As of March 31, 2017, 78% of our trade receivables were covered by credit insurance. Counterparty credit risk in financial contracts is managed by way of daily monitoring of ratings and any changes in the CDS levels (credit default swap) of the Group’s counterparties.
The primary objective of foreign currency risk management is to create a natural hedge (cross-currency netting) within the Group by bundling cash flows. The Group implements hedges centrally by means of derivative hedging instruments through the Group Treasury. voestalpine AG hedges budgeted (net) foreign currency payment flows for the next twelve months. Longer-term hedging is only carried out for contracted projects. The hedging ratios are between 25% and 100% of the budgeted payment flows for the next twelve months.
Interest rate risk
voestalpine AG conducts the interest rate risk assessment centrally for the entire Group. This assessment specifically manages cash flow risk (the risk that interest expenses or interest income will undergo an adverse change). As of the reporting date of March 31, 2017, a hike of the interest rate by one percentage point will result in an increase of the net interest expense by EUR 13.1 million in the next business year. This is, however, an assessment of risk potential on the reporting date, and it can be subject to significant fluctuations over time. As voestalpine AG maintains a liquidity reserve to ensure availability of liquidity, it also has interest-bearing investments. In order to avoid interest rate risk stemming from these investments, interest rate exposure on the asset side – expressed by way of the modified duration – is coupled with interest rate exposure on the liability side (asset-liability management).
voestalpine AG also assesses price risk, primarily using scenario analyses to quantify interest and currency risk.
Compliance violations, e.g., antitrust and corruption violations, represent a significant risk and can have adverse effects, both with respect to financial damages and damage to the Group’s reputation. We address these risks, particularly antitrust and corruption violations, by way of our compliance management system, but they cannot be entirely excluded. Regarding antitrust proceedings and allegations, see .
Uncertainties stemming from legislation
Energy tax rebate in Austria
With regard to the Austrian energy tax rebate, the Austrian Federal Tax Court (Bundesfinanzgericht) has submitted a request for a preliminary ruling to the ECJ (Federal Tax Court 10/31/2014, RE/5100001/2014). As a result of the amendment of the Energy Tax Rebate Act (Energieabgabenvergütungsgesetz) with the Budget Accompanying Act 2011 (Bundesbegleitgesetz), which applies to periods after December 31, 2010, the energy tax rebate was restricted to manufacturing companies. Subsequently, the question of whether this restriction, which may be deemed to constitute state aid, violated EU law was submitted to the European Court of Justice for a preliminary ruling; this has now been confirmed by the highest court (ECJ 7/21/2016, case no. C-493/14, Dilly’s Wellnesshotel GmbH). Thus the restrictions pursued by the Budget Accompanying Act 2011 did not enter into force with legal effect and therefore, among others, service providers in particular can retroactively assert the energy tax rebate for periods after February 1, 2011. In its subsequent decision, the Austrian Federal Tax Court ruled that the restriction to manufacturing companies had not come into force. The Austrian Federal Tax is appealing this decision to the Austrian Supreme Administrative Court (Verwaltungsgerichtshof). No adverse impact is anticipated for the voestalpine Group.