ANNUAL REPORT 2017

risk assessment

Feintool conducts a comprehensive risk assessment within the Group every year. This is based on the following pillars:

  • Quality and crisis management, based on ISO 9001 and IAFT 16949
  • Environmental management, based on ISO 14001
  • Insurance management
  • Internal control system
  • Risk analysis management
  • Business continuity management
  • The way in which each business unit is structured, the nature of the periodic procedures undertaken, and the manner in which these procedures are audited and reported are defined in writing. Control over each business unit is exercised by one or more bodies. In addition, each business unit also has persons responsible for it.

    Insurance management is organized centrally by Feintool. Annual meetings are held with the Group insurance broker. At these meetings, the insurance coverage for risks in relation to third-party liability, the supply of goods and services and transportation is tailored to the Group's insurable risks. The insurance coverage is adjusted in the event of any changes.

    Feintool introduced its internal control system (ICS) worldwide in 2007 and 2008 to comply with regulations and avert any damage that might be caused by staff or malicious third parties. The following processes are subject to the ICS:

  • Sales/purchasing
  • Logistics/warehousing/scrap
  • Work in progress and long-term construction contracts (POC)
  • Property, plant and equipment
  • Salaries and wages
  • Finance and leasing
  • Information technology
  • Annual financial statements
  • A flow chart for each process shows where the various loss risks can arise. These risks are summarized in a risk control inventory and assigned to one or more manual or automatic checks. Feintool's internal audit unit periodically examines the effectiveness of the ICS within the Group companies.

    Feintool sees risk analysis management as the periodic analysis of risks that jeopardize the Group's success or its ability to achieve its targets. Feintool bases this as far as possible on the ISO 31000 process. Every year, each Group company defines – on the basis of a predefined risk matrix – which of these risks could be significant for the company. The individual risks are then assessed in accordance with their probability of occurrence and the extent of loss. Risk mitigation strategies, corresponding actions and the person responsible are determined for each of the top five risks.

    Business continuity management involves designing procedural scenarios for the occurrence of loss or damage, the aim being to ensure the continuation of production or deliveries to (key) customers. The following areas are covered:

  • Loss of key employees
  • Occupational and plant security
  • Procedure in the event of loss/damage to goods or buildings
  • Loss of key suppliers, machines, tools and IT applications/hardware
  • Loss of infrastructure incl. IT (or parts thereof)
  • Significant customer complaints and recalls
  • Corresponding documentation in relation to all these areas exists within the Group companies and is reviewed at least once every year.

    Feintool Group's risk manager produces an annual risk report concerning insurance management, the internal control system, risk analysis management and business continuity management for submission to the Group Management and Board of Directors. They make the key decisions on any risk-minimizing measures to be implemented. The ISO-based business units are subject to separate reporting.

    For financial risks please also consider the Notes to the Financial Statements section 31 on page 69.