Proactive risk management, as it has been understood by and practiced in the voestalpine Group for many years, serves both to ensure the existence of the Group as a going concern in the long term and boost its value and thus is key to the success of the voestalpine Group on the whole.
The voestalpine Group has had a comprehensive risk management system since the business year 2000/01, which is rooted in a general policy that applies throughout the Group and has been updated and expanded repeatedly since then.
In accordance with the Austrian Company Law Amendment Act of 2008 (Unternehmensrechts-Änderungsgesetz) and the associated increased importance of the internal control system (ICS) and the risk management system, an Audit Committee has been set up at voestalpine AG which, among other things, addresses questions related to risk management and the internal control system as well as the monitoring thereof on an ongoing basis. Both the risk management and the internal control systems are integral components of the existing management systems within the voestalpine Group. The Internal Auditing department monitors the operational and business processes as well as the ICS and, as an independent, in-house department, also has full discretion with respect to the appraisal of the audit results.
The systematic risk management process assists management in recognizing risks early on and initiating appropriate action to avert or prevent dangers. As is proper in shareholder value management, risk management is an integral part of the business processes; it covers both the strategic and the operational levels and thus is a material element of the Group’s sustainable success.
Strategic risk management serves to evaluate and safeguard the strategic planning for the future. The strategy is reviewed as to its conformity with the Group’s system of objectives in order to ensure value-added growth by way of an optimum allocation of resources.
Operational risk management is based on a revolving procedure (“identify and analyze, assess, manage, document, and monitor”) that is run at least once a year uniformly across the entire Group. Identified risks are appraised using a nine-field assessment matrix that evaluates possible losses and the probability of their occurring. In the main, it documents operational, environmental, market, procurement, technological, financial, compliance, and IT risks. This process is supported by a special Web-based IT system.
The preventive measures for the main risk areas presented in last year’s Annual Report are still valid.
Availability of raw materials
In order to ensure the supply of raw materials and energy in the required quantities and quality in the long term, the voestalpine Group has for some years pursued a diversified procurement strategy appropriate to the heightened political and economic risks of this globalized market. Long-term relationships with suppliers, the expansion of the supplier portfolio as well as the development of the Group’s self-sufficiency are the core elements of this strategy, which are becoming increasingly important in view of the present volatility on the raw materials markets. (For more details, please refer to the “” chapter of this Annual Report).
Guideline for hedging raw materials price risk
An internal guideline defines objectives, principles and responsibilities, in addition to methodology, processes, and decision-making processes for how raw materials risks are handled. Based thereon and taking into account individual specificities of the business model of the respective Group company, prices are hedged by means of delivery contracts containing fixed price agreements or by means of derivative financial instruments. Financial derivatives are deployed to hedge raw materials procurement contracts.
Failure of IT systems
At the majority of the Group’s sites, business and production processes, which are largely based on complex IT systems, are serviced by voestalpine group-IT GmbH, a company that specializes in IT and that is wholly owned by the Group holding company voestalpine AG. Due to the importance of IT security and in order to minimize possible IT breakdown and security risks, minimum security standards for IT have been developed. These minimum standards are regularly revised and adapted to new circumstances; compliance with these new standards is reviewed annually by way of an audit. Additional periodic penetration tests are carried out in order to further reduce the risk of unauthorized access to IT systems and applications. In the business year just ended, broad online campaigns were carried out to further sensitize our employees to issues of IT security; the topic of cyber security was also addressed at length.
Failure of production facilities
In order to minimize the risk of breakdowns of critical facilities, ongoing targeted and comprehensive investments are made in the technical optimization of sensitive units. Supplementary measures encompass consistent preventive maintenance, risk-oriented storage of spare parts as well as appropriate employee training.
In order to sustainably safeguard the Group’s knowledge and especially to prevent the loss of know-how, previously initiated complex projects are consistently maintained. Available knowledge is permanently documented on an ongoing basis, while new findings from key projects as well as lessons learned as the result of unplanned events are incorporated accordingly. Detailed process documentation, especially in IT-supported areas, also contributes to securing the available knowledge.
Risks in the financial sector
Financial risk management is organized centrally with respect to policy-making power, strategy determination, and target definition. The existing policies include targets, principles, duties, and responsibilities for both the Group Treasury and the financial departments of the individual Group companies. Financial risks are monitored continuously and hedged where feasible. In particular, this strategy aims to bring about natural hedges and to reduce the fluctuations in both the cash flow and the income. Market risks are largely secured through derivative financial instruments that are used exclusively in connection with an underlying transaction.
Specifically, financing risks are hedged using the following measures:
Liquidity risks generally consist of a company being potentially unable to raise the funds necessary to meet its financial obligations. Existing liquidity reserves enable the Company to meet its obligations even in times of crisis. The primary instrument for controlling liquidity risk, furthermore, is a precise financial plan that is prepared on a revolving, quarterly basis. The need for financing and bank credit lines is determined centrally by Group Treasury based on the consolidated operating results.
Credit risk refers to financial losses that may arise from the non-fulfillment of contractual obligations by individual business partners. The credit risk of the underlying transactions is minimized to a large degree through credit insurance and bankable securities (guarantees, letters of credit). The default risk for the Group’s remaining own risk is managed by way of defined credit assessment, risk evaluation, risk classification, and credit monitoring processes. As of March 31, 2018, 79% of the trade receivables were covered by credit insurance. Counterparty credit risk in financial contracts is managed by way of daily monitoring of the ratings and any changes in the counterparties’ credit default swap (CDS) levels.
The primary objective of foreign currency risk management is to create a natural hedge (cross-currency netting) within the Group by bundling the cash flows. In this connection, hedges are implemented centrally by Group Treasury based on derivative hedging instruments. voestalpine AG hedges the budgeted foreign currency payments (net) for the next twelve months. Longer-term hedging is carried out only in connection with contracted project business. The hedging ratio is between 25% and 100% of the budgeted cash flows within the next twelve months.
Interest rate risk
voestalpine AG conducts the interest rate risk assessment centrally for the entire Group. In particular, this entails managing the cash flow risk (the risk that interest expenses or interest income may undergo an adverse change). As of the March 31, 2018, reporting date, any increase in the interest rate by one percentage point would result in an increase of the net interest expense by EUR 8.8 million in the next business year. However, this is a reporting date assessment that may be subject to significant fluctuations over time. Interest-bearing investments have also been made, because voestalpine AG maintains a liquidity reserve to ensure the availability of liquidity. In order to avoid any resulting interest rate risk, the interest rate exposure on the asset side, which is expressed by way of the modified duration, is linked to the interest rate exposure on the liability side (asset/liability management).
voestalpine AG also assesses price risk, primarily using scenario analyses for the purpose of quantifying interest and currency risks.
Compliance violations, e.g. antitrust and corruption violations, represent a significant risk and may have adverse effects, with respect to both financial losses and damage to the Group’s reputation. In particular, we address antitrust and corruption violations by way of the Group-wide Compliance management system, but they cannot be excluded. Regarding antitrust proceedings and allegations, see in the Notes.
Uncertainties stemming from legislation
Energy tax rebate in Austria
It must be noted with respect to the Austrian energy tax rebate that the Austrian Federal Finance Court (Bundesfinanzgericht) has directed a request for a preliminary ruling to the European Court of Justice (ECJ) (BFG 10/31/2014, RE/5100001/2014). The amendment of the Austrian Energy Tax Rebate Act (Energieabgabenvergütungsgesetz) by means of the 2011 Austrian Budget Accompanying Act (Budgetbegleitgesetz – BBG 2011), which applies to periods after December 31, 2010, limited the energy tax rebate to manufacturing companies. Subsequently, the question as to whether this restriction, which may be deemed state aid, violated European Union law was submitted to the ECJ for a preliminary ruling; the highest court has by now answered the question in the affirmative (ECJ 07/21/2016, docket no. C-493/14, Dilly’s Wellnesshotel GmbH). This means that the restrictions envisioned in the BBG 2011 have not taken effect. Therefore, service providers, in particular, can retroactively apply for the energy tax rebate with respect to periods after February 1, 2011. In its subsequent ruling, the Austrian Federal Finance Court declared that the restriction to manufacturing companies did not enter into effect. The Austrian fiscal authorities appealed this decision to the Austrian Higher Administrative Court (Verwaltungsgerichtshof), which in September 2017 (Decision dated 09/14/2017, EU 2017/0005 and 0006-1) again sought recourse with the ECJ. No adverse impact is anticipated for the voestalpine Group.