At Bilfinger, the identification of risks and opportunities is not an isolated process running parallel to corporate activities, but an integral part of the process management of all our units, both operationally and administratively. We define risks as negative deviations from our plans and opportunities as positive deviations.
The Group-wide risk management system based on the COSO approach (COSO: Committee of Sponsoring Organizations of the Treadway Commission) serves to identify, evaluate and systematically control significant risks. It aims to achieve the corporate goals within the framework of the strategy developed for the Group. The alignment of the risk management system follows the fundamental approach of the Three Lines of Defense model. This includes a breakdown into operational, technical supervision at Group headquarters and Corporate Internal Audit & Controls.
Risk identification is carried out continuously as part of daily business processes. It comprises the regular, systematic analysis of internal and external developments and events that could lead to negative deviations from the underlying plans.
The general risk evaluation is carried out as part of the annual risk assessment workshops of the individual regions and is updated quarterly as part of risk reporting as well as validated for quality assurance in the Bilfinger Risk Committee. In doing so, the respective risk characteristics (net) are determined taking into account the currently implemented mitigation measures. Each risk is evaluated in five defined levels based on the parameters of effect and likelihood.
Based on the identified risks and their corresponding evaluation, additional risk management measures are taken where appropriate and necessary. Depending on their scope and significance, this is done in coordination with the persons responsible defined in the risk management process or in accordance with the line functions.