ACCELL GROUP ANNUAL REPORT 2019 | 5.3 Risk management

5.3
Risk management

In the execution of its business activities, Accell Group is faced with inherent risks. Risks in the area of meeting its strategic, operational, and financial objectives, as well as financial reporting and the application of laws and regulations. The extent to which the company is willing to run these risks, i.e. its risk acceptance, has been determined per risk category.

Accell Group has a relatively balanced risk acceptance with respect to innovation, development and marketing. At the same time, the risk acceptance for product safety is none. Risk mitigation has been realised by transferring risk to an insurance company, as well as through other mitigating measures. Accell Group has opted for a proactive risk management approach, anchored in operating processes throughout the organisation.

Risk Management Framework

To safeguard the quality of the company’s financial reporting and operational controls, Accell Group works with a clearly defined administrative organisation and extensive system of internal controls. The internal control system is largely embedded in the company’s information systems.

We are aiming for greater automation of our internal controls at group level. And we want to embed our entire administrative organisation more strongly in this internal control system. In 2020, the risk management framework and internal control framework will be further developed and adjusted based upon the new structure and more centralised processes.

This risk management framework comprises the following components:

Identifying and weighing the risks associated with the various strategic alternatives and formulating realistic objectives and related control mechanisms;
Identifying and evaluating the main strategic, operational, financial and compliance risks and the potential impact on the company;
Developing a coherent system of measures to control, limit, avoid or transfer risks. The risk management system is tailored to the size and structure of the company.

Accell Group employs a risk management approach that identifies and mitigates risks at all levels of the organisation. The Board of Management determines the risk acceptance and decides on risk mitigation.

Accell Group’s risk management framework does not provide absolute certainty that all risks can be prevented/mitigated. The purpose is to provide a reasonable level of assurance with regard to the effectiveness of internal controls pertaining to financial and operational risks that may affect the organisation’s objectives.

Risk awareness and culture

Employees are expected to be aware of and feel responsible for the risks while carrying out their work. They must abide by the applicable general code of conduct and comply with applicable laws and regulations and policies.

Employee risk awareness is continuously enhanced through targeted communication and training. The responsibility for implementing control measures is delegated to employees with responsibility for risk management in a specific area (for example, a process, system, asset or information). Accell Group stimulates a culture in which weak areas in its risk management programmes or control measures can be transparently reported and effectively dealt with.

Governance (lines of defence)

The Board of Management has final responsibility for effectively controlling risks. To support the Board of Management, the responsibilities for risk management are delegated in accordance with the three lines of defence model (see table).

To be able to evaluate the effectiveness of measures, the central departments (second line) regularly inform the Board of Management about the progress and outcomes of the various risk management programmes. Internal Audit independently reports to the Board of Management and to the Audit Committee about the effectiveness of the risk management and internal control framework, policies and procedures. The Audit Committee informs the Supervisory Board of the Company. The role of the Audit Committee is described in section 5.5 of this Annual Report.

Key risks from all regions and key central functions are reviewed by the Board of Management. Based on the risk analysis, the Board of Management implements and maintains internal risk management and control systems. Where relevant, these systems are integrated in Accell Group’s operating processes and we ensure that employees are conversant with these systems. The Board of Management monitors the operation of the systems. This monitoring covers all material control measures related to our key risks. The Board of Management discusses the risk management outcome with the Audit Committee at least twice each year.

Market and operational risk management is organised at regional level, while the organisation of the supply chain and HRM is increasingly managed at group level. Management and control measures related to acquisitions, treasury, financial reporting, HR, tax and legal issues are organised at group level.

As part of the refined strategy, management is now more centralised, a new region structure has been put in place with a new strategic brand portfolio and the bicycle parts and accessories business is now organised under a single management. This creates more consistency and direction for innovation, marketing and distribution.

The internal audit team carries out its tasks on the basis of a detailed internal audit plan and an internal control framework. This framework outlines the inherent risks per process and the associated internal control measures. The Audit Committee defines the responsibility and scope of the internal audit function and approves the internal audit plan.

Risk management improvements

Various improvements were made to the risk management process over the course of 2019:

Accell Group revitalised its risk management programme, putting its new strategy at the centre. This programme includes both top-down and bottom-up analysis and assessment of the company’s risks. With an initial start in 2018, this programme continued in earnest in 2019. Accell Group established its standard risk register, with periodical assessments and monitoring of the likelihood and impact (i.e. risk) per strategic thrust;
Given the importance of the risk management framework, a dedicated Internal Control manager was appointed in 2019;
The central organisation and the regions are now responsible for delivering input to the risk management process;
In 2019, Accell Group installed a Code of Conduct committee. This committee handles incidents and complaints, and advises the Board of Management on any (disciplinary) measures to be taken. A policy Compliance Incidents Handling and Investigation Procedure has been implemented.

Risk Profile

Global developments in the area of trade and politics affect the markets in which the Accell Group operates. This may involve trade barriers in the form of protectionism or political and social tensions. In addition, laws and regulations are subject to constant change and complexity is constantly increasing.

Multi-jurisdictional legislation and regulations such as import duties, anti-dumping rules, the UK Bribery Act as well as Trade Sanctions and Export Controls have increased Accell's risk profile in recent years.

Key risks and mitigation of these risks

Accell Group is active in a significant number of countries. As a result, the Company is potentially exposed to a large number of risks and trends. For example, the results of Accell Group are affected by the general economic conditions and the economic outlook of the countries in which the Company is active. The conditions in the Group’s key purchasing markets also play a role.

Risks have been categorised in: strategic, operational, financial and compliance risks. Social and environmental risks have been integrated in these categories with a view to integrated reporting. The Board of Management has identified risks that can be considered the largest risks on the basis of probability of occurrence and/or impact. The following overview represents the key risks, including the mitigating measures, to which the company is exposed. Some risks may only be listed once, while they may fit into more than one risk category.

Improvements planned for 2020

Accell Group’s risk control system is embedded in the organisation and the company has continued to extend and improve the system in recent years. The company is planning the following actions and/or improvements for 2020:

Implementation of a speak-up line. On 7 October 2019, the European council adopted new rules on whistle-blower protection. The European Directive on Whistleblower Protection will soon be officially published (already adopted by all bodies). A high level of protection will be offered to those whistle-blowers who have the courage to speak up. A good internal reporting platform will be crucial to provide a low-threshold to report misconduct internally. Accell Group will in the first half of 2020 implement a speak-up line.
A speak-up line is an external system for handling reports of wrongdoing and to report code of conduct breaches. The advantage of such an external service provider is that employees are protected and able to report the code of conduct breach anonymously. Accell Group is in the process of requesting proposals from companies specialised in digital ethics and compliance solutions to provide a speak-up line. The whistle-blower regulation, which is available on our corporate website, will be updated accordingly.
Further embedding whistle-blower line and integrity committee.
A communication plan will be established (including tone at the top, cascading down), including dilemma training and e-learning courses. Part of this communication plan will also be the further roll-out of the Accell set of values.
Strengthening the local compliance officers network.
Annual sign-off of the certificate of compliance with respect to the code of conduct.
Establishing of the legal compliance house with up-to-date policies.
Compliance standard will be part of the internal audits.

Management statement

The Board of Management has final responsibility for controlling the risks associated with corporate goals and the reliability of external (financial) reporting. The Board of Management is also responsible for assessing the effectiveness of the controls aimed at preventing or mitigating such risks.

The Board of Management has assessed the performance of the internal management and control measures. Based on this assessment, the Board of Management concluded that:

The report provides sufficient insight into the shortcomings and functioning of the internal risk management and control systems;
The above-referenced systems provide a reasonable degree of certainty that the financial reporting does not contain any material misstatements as at the end of the financial year 2019;
In accordance with the current state of affairs, the financial reporting has been prepared on a going concern basis; and
The report includes a statement of the material risks and uncertainties that are relevant to the expected continuity of the Company for a period of twelve months following the preparation of the report.

The system of tasks for the internal risk management and control systems and the ensuing findings, recommendations and measures are discussed with the Audit Committee, the Supervisory Board and the external auditor.