Risk report
The risk management system makes sure of a transparent and systematic approach towards risk
The success of HUGO BOSS is based on the systematic use of opportunities within the framework of the corporate strategy. The Group is exposed to a variety of risks. The Company’s risk management system includes all measures of a systematic and transparent approach towards risk. It aims to identify risks at the first possible opportunity, evaluate them adequately, handle them using suitable measures, monitor them and document them. Risks are defined here as possible future developments or events which may lead to negative deviations from the planned operating result. All types of risk are divided into the five categories: external, strategic, financial, operative and organizational.
Risk management system
Clear definition of responsibilities
The Managing Board of HUGO BOSS AG has overall responsibility for an effective risk management system. The central risk management’s job is to coordinate the implementation and ongoing development of the risk management system. It is responsible for the centrally managed risk management process, and is in close contact with the respective divisions and Group companies. There, the relevant defined risk experts and those responsible for risks (“risk owners”) are responsible for identifying and evaluating risk and implementing effective risk mitigation measures. Monitoring the effectiveness of the risk management system is the task of the Supervisory Board of HUGO BOSS AG. This responsibility is exercised by the Audit Committee of the Supervisory Board, also with the involvement of the Group auditor. The risk management system is also reviewed at regular intervals by the internal audit department to ensure its proper functioning and appropriateness.
Consistent standards and modern software form the basis of an efficient risk management system
Group-wide standards for systematically handling risks form the basis of an efficient risk management system. These are set by the Managing Board and documented in a risk manual that is applicable across the whole of the Group. This is available for all employees to read online. All employees of the HUGO BOSS Group are obliged to be aware of risks in their behavior, especially regarding those risks that may threaten the existence of the Group. The use of modern risk management software makes it possible to record and evaluate all identified risks as well as the associated measures in a uniform way across the Group. The risk management system of HUGO BOSS is designed in accordance with the recommendations of the international standard ISO 31000.
The risk management process used at HUGO BOSS is made up of the four steps of risk identification, risk evaluation, risk handling and risk monitoring and reporting.
Risk identification
Risks should be identified at the earliest possible stage
To ensure that risks are identified at the earliest possible stage, the Group continuously monitors the overall economic environment, the competitive environment in the premium and luxury goods industry, and all internal processes. The central risk management supports the risk owners across the Group with the regular identification and efficient categorization of risks using a risk catalog as well as the risk manual that is available across the Group.
Risk evaluation
The risk owners delegate the regular assessment of identified risks to the risk experts and give their assessment after a thorough examination. The risk experts are supported in their job by the central risk management.
Likelihood of occurrence |
|
Extent of financial impact |
|
|||
unlikely |
≤ 20% |
low |
≤ 2,5% of planned EBIT |
|||
possible |
> 20-40% |
moderate |
> 2,5-5% of planned EBIT |
|||
likely |
> 40-60% |
significant |
> 5-15% of planned EBIT |
|||
very likely |
> 60% |
high |
> 15% of planned EBIT |
Evaluating the Likelihood of occurrence and financial impact
Individual risks are evaluated by assessing their likelihood of occurrence on one hand and systematically analyzing their possible impact on the operating result (EBIT) on the other hand. Interest rate risks and tax risks however are evaluated based on their impact on cash flow. The likelihood of occurrence for individual risks is assessed as a percentage and is categorized into one of the four categories of unlikely, possible, likely and very likely. The extent of any financial impact is evaluated using four loss amounts of low, moderate, significant and high.
The risk presentation follows a net view
The valuation criteria likelihood of occurrence and loss amount together form the criteria which make up the risk matrix. This creates transparency regarding the current risk situation in the Company and so supports Management in prioritizing risk. Any net risk as an actual risk potential is defined as the gross risk reduced by the impact of measures taken to mitigate the risk identified.
Risks are evaluated using scenario analyses
The potential effects of identified risks are analyzed using different risk scenarios for the best, medium and worst case. This permits the inclusion of the potentially substantial effects from extreme scenarios that are unlikely to occur but which could have a severe impact on the Group’s ability to achieve its goals. The average impact of a risk occurring is calculated using individual weightings of the three scenarios. In addition to the quantification of risk based on a 12-month planning period, a medium-term risk trend is also determined in order to be able to initiate the development of adequate countermeasures for growing risks promptly. For certain risks a medium and long-term risk assessment is also incorporated.
Risk handling
Coordinated implementation of risk mitigation measures
Preparing and implementing suitable risk mitigation measures is the job of the risk owners. Generally, risks are handled in four ways: risk avoidance, risk reduction, risk transfer to third parties and risk acceptance. An integral part of the risk management is therefore also the transfer of risk to the insurer, whereby the financial consequences of insurable risks are largely neutralized. The costs of the measures in question in relation to their effectiveness are also taken into consideration when deciding on how to implement the respective risk management strategy. By working closely together with the risk owners, the central risk management monitors the progress and effectiveness of risk mitigation measures which are in the planning stages as well as those which have already been implemented.
Risk monitoring and reporting
Continuous monitoring of the risk situation
The current status of all identified risks is assessed at least once a year, however depending on their extent up to a frequency of once a month. As part of the risk monitoring, insights into the latest trends are documented and the risk evaluation and risk handling measures are revised if necessary. The continuous monitoring of early warning indicators also enables the Group to identify possible deviations from the budget at an early stage. Reporting chains and the adoption of appropriate countermeasures defined in advance ensure a timely response in the event of a risk occurring. Group Management
Regular risk reporting to the Managing Board and Audit Committee
As part of the regular risk reporting, the risk owners report the risks they have identified, including the respective likelihoods of occurrence, the potential impacts as well as the risk mitigation measures to the central risk management. They aggregate the information reported and regularly present a consolidated report to the Managing Board and to the Audit Committee. Significant individual risks and aggregated risk categories are given particular emphasis here. When critical or urgent issues arise, the regular reporting process is also supplemented by an ad-hoc report.
Aggregation of individual risks to the total risk position in two ways
The individual risks are aggregated using two methods to obtain the most accurate possible picture of the HUGO BOSS Group’s total risk position. On one hand, the expected loss values of all assessed risks within the five risk categories are added together. On the other hand, the probability distributions of all identified risks are aggregated to form a single probability distribution for a possible total loss by means of a Monte Carlo simulation and so determine maximum annual loss values. The result of this simulation in fiscal year 2017 shows that the Group’s equity is in excess of all simulated risk-dependent loss values, even within the tightest confidence intervals.
Assessment of the risk situation by the Managing Board
No risks exist that may jeopardize the existence of the Company
The risk management system implemented forms the basis of the assessment of the risk situation by the Managing Board and is regularly monitored by the same. Significant risks faced by the Company are regularly discussed and evaluated by the Management Board. At the time this report was prepared, the Managing Board cannot recognize any individual or aggregated risks which may jeopardize the viability of the Company as a going concern. In fiscal year 2017 the total risk position has only slightly decreased.
Illustration of material risks
Residual risks remain despite a modern risk management system
The risks considered to be material in terms of the HUGO BOSS Group achieving its targets in fiscal year 2018 are explained below. This refers to those risks that have been evaluated in the risk management process as having a higher than “low” potential impact. In general, it is possible that additional latent risks or risks that are currently estimated as immaterial may adversely affect the Group’s development in the future to more than the stated extent. Irrespective of the measures introduced to manage the identified risks, entrepreneurial activity is always exposed to residual risks that cannot be entirely avoided even by a modern risk management system such as that implemented in the HUGO BOSS Group.
External risks |
Strategic risks |
Financial risks |
Operative risks |
Organizational risks |
||||||
|
||||||||||
Overall economy |
Collection and industry |
Financing and liquidity |
Suppliers and sourcing markets |
IT |
||||||
Politics and society |
Brand and corporate image |
Changes in interest rates |
Quality |
Personnel |
||||||
Product piracy |
Investments |
Currencies |
Logistics |
Facilities |
||||||
Environment and health |
Vision and direction |
Counterparties |
Sales and distribution |
Legal |
||||||
Competitive environment |
|
Taxes |
|
Governance and compliance |
||||||
|
|
Pensions |
|
Health and safety |
||||||
Risks with a low potential impact are not explained in more detail
The risks assessed as only having a low potential impact are not explained in more detail. This includes risks in connection with product piracy, risks from the competitive environment, the Company’s vision and direction, financing and liquidity risks, interest rate risks, counterparty risks and pension risks. This also includes organizational risks from the operation of own facilities as well as in connection with occupational health and safety, as well as legal risks for which sufficient provisions were recognized for current litigation and legal consultation costs.