Description of material fields of risk

      Pandemic, COVID-19 crisis

      The global COVID-19 crisis and the resulting medi­cal, economic, and social state of emergency as well as its ramifications continued to dominate the business year 2020/21. As part of Group-wide crisis management, crisis teams have been in place on three decision-making levels (Group, divi­sions, companies) since the onset of the pandemic; they are tasked with ensuring rapid and coordinated action at all of the Group’s facilities during this continued difficult time.

      Hygienic and protective measures designed to ensure employees’ safety and to support them and their families as best as possible; working from home (teleworking) if possible, with the requi­site infrastructure being put in place on short notice; and consideration for employees’ potential caregiving duties are some of the rapidly insti­tuted measures that helped us during the business year 2020/21 to maintain our operations as best as possible and ensure the organization’s stability. Dealing with the crisis also required supplementary steps such as safeguarding liquidity; short time work; reduction of time credits; early annual plant/office closings; adjustment and limi­tation of production activities in line with existing supply chain constraints all the way to regular exchanges of information with key customers and suppliers.

      Thanks to this approach, the voestalpine Group adapted well to the completely new environment. Emergency and crisis plans that were imple­mented along with additional measures continue to be evaluated at regular intervals and are adjusted and/or expanded as necessary in the light of new information.

      The material fields of risk and associated preventive measures that were presented in last year’s Consolidated Management Report remain valid.

      AVAILABILITY OF RAW MATERIALS AND ENERGY SUPPLIES

      To ensure the supply of raw materials and energy in the required quantities and quality over the long term, the voestalpine Group has for some years already pursued a diversified procurement strategy appropriate to the heightened political and economic risks of this glob­alized market. The core elements of this strategy—maintaining long-term supply relationships, expanding the supplier portfolio, and developing the Group’s self-sufficiency—have become ever more important, given the ongoing volatility of the raw materials markets (for details, see the “Raw Materials” chapter of this Annual Report). Generally speaking, the pandemic can still disrupt global supply chains. This may trigger limitations that are imposed by suppliers or customers or that arise from disruptions in transportation routes. Focusing on less vulnerable supply chains while at the same time expanding logistical options substantially boosted the reliability of raw materials deliv­eries during the business year ended.

      As far as energy supplies are concerned, the Group is continually reviewing and pushing alter­native energy resources.

      GUIDELINE FOR HEDGING RAW MATERIALS PRICE RISK

      An internal guideline defines objectives, principles, and responsibilities as well as methodo­logies, procedures, and decision-making processes in connection with the management of raw materials risks. Based thereon and taking into account the individual specificities of the respective Group company’s business model, prices are hedged by means of delivery contracts containing fixed price agreements or by means of derivative financial instruments. Iron ore, coke, coking coal, zinc, nickel, CO2, and all sources of energy are subject to raw materials risk management.

      CO2

      Risks associated with CO2 and decarbonization are covered separately in the “Environment” chapter of this Annual Report.

      FAILURE OF PRODUCTION FACILITIES

      Continual targeted and comprehensive investments that optimize sensitive units technologically serve to minimize the risk of critical facilities breaking down. Supplementary measures encompass consistent preventive maintenance, risk-oriented storage of spare parts as well as appropriate employee training.

      FAILURE OF IT SYSTEMS

      At most of the Group’s facilities, business and production processes that are largely based on complex information technology (IT) systems are serviced by voestalpine group-IT GmbH, a wholly-owned subsidiary of voestalpine AG ­specialized in IT. Given the importance of IT security and in order to continue minimizing possible IT breakdown and security risks, we previously developed minimum security standards that also encompass guidance on business continuity management. These minimum stand­ards are regularly adapted to new circum­stances, and compliance with them is evalu­ated annually by way of audits. Additional periodic penetration tests are carried out to further reduce the risk of unauthorized access to IT systems and applications. Broad online campaigns aimed at further sensitizing our employees to security issues were carried out yet again in the business year just ended. Increasingly, these online campaigns are also focusing on the ­topic of cyber security. In the past business year, potential risks associated with the fact that people are working from home (teleworking) were addressed as well. Evidence of cyber fraud attacks (such as social engineering, CEO fraud, and man-in-the-middle attacks related to payments and deliveries) is compiled by a working group, preventive measures are developed, and exist­ent measures are reviewed and adjusted as necessary. In addition, extensive online campaigns are carried out and special e-learning programs initiated to both prevent potential cyber fraud attacks and further sensitize our employees to these risks.

      KNOWLEDGE MANAGEMENT/ PROJECT MANAGEMENT

      Complex projects initiated in the past are consistently and continually refined in order to sustainably safeguard the Group’s knowledge—in particular, to prevent the loss of its know-how. Besides permanently documenting all available knowledge, new findings from key projects as well as lessons learned as the result of unplanned events are incorporated as appropriate. Detailed process documentation, especially in IT-supported areas, also contributes to securing the available knowledge. A diverse range of project management tools and suitable project monitoring are used to counteract any project risks (e.g., the project business and investments). In particular, this also concerns any risks associated with ramp-ups and/or cost increases. Insights gained from earlier activities are also compiled in the sense of lessons learned and form the basis of ongoing enhancements of already available tools to ensure that they are consistently applied in future projects.

      COMPLIANCE RISKS

      Compliance violations (e.g., antitrust and corruption violations) represent a significant risk and may have adverse effects in that they may trigger financial losses and damage the Group’s reputation. A Group-wide Compliance management system is designed especially to counteract antitrust and corruption violations.

      RISKS OF NONCOMPLIANCE WITH DATA PROTECTION REQUIREMENTS

      Violations of requirements under data ­protection laws may have adverse financial effects and lead to reputational damage. A data protec­tion unit was established pursuant to the data protection requirements that apply throughout the Group. It helps Group company managers carry out their responsibilities regarding compliance with statutory and intra-Group data protection requirements.

      RISK FROM NATURAL DISASTERS

      Risks from natural disasters and the like are counteracted through appropriate preventive measures such as fire alarms, sprinkler systems, flood protection, regular safety drills and inspections as well as risk surveys conducted with insurance companies. The Group’s existing insurance policies for natural disasters and other risks are regularly reviewed as to their current appropriateness in cooperation with voest­alpine Insurance Services GmbH (the Group’s internal insurer).

      SUSTAINABILITY RISKS

      Risks pertaining to sustainability and ­associated topics (including the ramifications thereof)—e.g., climate change mitigation and environmental protection, social and personnel issues, respect for human rights, and the fight against corruption—are taken into account at all levels. Issues of sustainability are also addressed in a separate report, specifically, the Group’s Corporate Responsibility (CR) Report.

      RISKS FROM THE FINANCIAL SECTOR

      Financial risk management is organized centrally with respect to policy-making power, strategy determination, and target definition. The existing policies include targets, principles, duties, and responsibilities that apply to both Group Treasury and the finance departments of individual Group companies. Financial risks are monitored continuously and hedged where feasible. Our strategy for managing foreign currency risks is aimed, in particular, at creating natural hedges; the management of other risks (interest rates and raw materials) serves to reduce fluctuations in both cash flows and income and to safeguard contribution margins. Market risks are largely hedged through derivative finan­cial instruments that are used exclusively in connection with an underlying transaction.

      Specifically, financing risks are hedged using the following measures:

      Liquidity risk

      Liquidity risks generally arise when a company is potentially unable to raise the funds necessary to meet its financial obligations. Existing liquidity reserves enable the company to meet its obligations when due, even in times of crisis. Over and above the liquidity reserve, a precise financial plan that is prepared on a revolving, quarterly basis is the Group’s primary instrument for controlling liquidity risk. Group Treasury centrally determines the need for new funding and credit lines based on the consolidated operating results. This is intended to ensure that the liquidity reserve covers the Group’s planned liquidity needs for the next 12 months. As far as banking policies are concerned, care is taken to avoid cluster risks. Given the additional risks arising from the COVID-19 crisis, in the business year 2020/21 particular attention was paid to boosting the company’s internal funding capacity.

      Credit risk

      Credit risk refers to financial losses that may ­occur due to non-fulfillment of contractual obligations by individual business partners. The credit risk of the underlying transactions is mini­mized through a large number of credit insurance policies and bankable securities (guarantees, letters of credit). The default risk related to the Group’s remaining own risk is managed by way of defined credit assessment, risk evaluation, risk classification, and credit monitoring processes. The pandemic did not cause loan insurers to significantly tighten credit limits in customer segments, nor did it lead to greater receivable charge-offs. Counterparty credit risk in financial contracts is managed through ­daily monitoring of the counterparties’ ratings and any changes in their credit default swap (CDS) levels. Investment limits weighted by the probability of default (PD) are allocated on that basis.

      Foreign currency risk

      Foreign currency risk management aims primarily to create a natural hedge (cross-currency netting) within the Group by combining the cash flows. In this connection, hedges are imple­mented centrally by Group Treasury based on derivative hedging instruments. voestalpine AG hedges the budgeted (net) foreign currency payments for the next 12 months. Longer-term hedging is carried out only in connection with contracted project business. The hedging ratio is between 25% and 100% of the budgeted cash flows for the next 12 months.

      Interest rate risk

      voestalpine AG conducts interest rate risk assessments centrally for the entire Group. In particular, this entails managing cash flow risks (i.e., the risk that interest expense or interest income may undergo an adverse change). As of the March 31, 2021, reporting date, any increase in the interest rate by one percentage point would increase the net interest expense in the subsequent business year by EUR 3.0 million. However, this is a reporting date assessment that may be subject to fluctuations over time.

      Price risk

      voestalpine AG also assesses price risk. Mainly scenario analyses are used to quantify interest and currency risks.

      Cash flow
      • From investing activities: outflow/inflow of liquid assets from investments/disinvestments;
      • From operating activities: outflow/inflow of liquid assets not affected by investment, disinvestment, or financing activities.
      • From financing activities: outflow/inflow of liquid assets from capital expenditures and capital contributions.
      Rating
      An evaluation of the credit quality of a company recognized on international capital markets.
      Volatility
      The degree of fluctuation in stock prices and currency exchange rates or in prices of consumer goods in comparison to the market.