Risk management

Fresenius risk management system

Risk management is a continuous process. Identifying, controlling, and managing risks are key tools of solid corporate governance. The Fresenius risk management system is closely linked to its corporate strategy. Opportunities are not recorded in the risk management system.

Markets are kept under constant observation and close contact is maintained with customers, suppliers, and insti­tutions. These policies allow us to swiftly identify and react to changes in our business environment.

Using standardized processes, risk situations are eva­luated regularly and compared with specified requirements. If relevant changes in the risk profile and new risks arise between the regular reporting cycles, these are assessed and reported as part of ad hoc reporting process. If negative developments emerge, responses can be initiated at an early stage.

Responsibilities for processes flow and process control have been assigned as follows:

  • The business segments and their operational business units are responsible for identifying, assessing, and managing risks.
  • The managers responsible are required to report any relevant changes in the risk profile to the Management Board without delay.
  • The Management Board of the Fresenius Group has overall responsibility for effective risk management and regularly discusses the current risk situation.
  • The Audit Committee of the Supervisory Board monitors the quality and effectiveness of the risk management system every six months.

The risk management system is supported both at Group and business segment level by our risk controlling and our management information system. Detailed monthly and quarterly reports are used to identify and analyze deviations of actual versus planned business performance. In addition, the risk management system includes a control system consisting of organizational security measures as well as internal controls and audits. These measures help us identify significant risks at an early stage so that we can take countermeasures.

The functionality and effectiveness of our risk management system is reviewed regularly by the Audit Committee of the Supervisory Board, the Management Board, and the Internal Audit department of the Group. Conclusions arising from the audits are taken into account in the ongoing refinement of the system, in order to allow prompt reaction to changes in our environment. This system has thus far proved effective. The control system is also regularly reviewed by the Management Board and the Internal Audit department. Moreover, the auditing firm reviews whether the control system set up by the Management Board is suitable for the early identification of risks that would put the going concern of the Company in danger. The insights gained from the audit regarding the internal financial reporting controls and the early risk detection system are also taken into account in the continued development of the system.

Fresenius has ensured that the organizational structure and systems for identifying, assessing, and controlling risks, and for developing countermeasures, are designed appropriately and that they are properly functional. However, there can be no absolute certainty that this will enable us to fully identify and manage all risks.

Internal financial reporting controls

Fresenius employs a variety of measures and internal controls to ensure the reliability of its accounting processes and the accuracy of its financial reporting. This includes the preparation of annual financial statements and con­solidated financial statements in accordance with regulations, as well as a management report and group management report. Our four-tier reporting process especially promotes intensive discussion and ensures control of the financial results. At each reporting level, i.e.,

  • the local entity,
  • the region,
  • the business segment and
  • the Group,

financial data and key performance indicators are reported, discussed, and compared with the prior-year figures, budget, and latest forecast on a monthly basis. In addition, all parameters, assumptions, and estimates that are of relevance for the externally reported Group and segment results are discussed intensively with the department responsible for preparing the Group’s consolidated financial statements. These matters are also reviewed and discussed quarterly by the Supervisory Board’s Audit Committee.

Control mechanisms, such as automated and manual reconciliation procedures, are further precautions put in place to assure that financial reporting is reliable and that transactions are correctly accounted for. All consolidated entities report according to Group-wide standards, which are determined at the head office. These are regularly adjusted to allow for changes made to the accounting regulations. The consolidation proposals are supported by the IT system. In this context, reference is made to the comprehensive consolidation of internal Group balances. To prevent abuse, we take care to maintain a strict separation of functions. Management control and evaluations also help to ensure that risks with a direct impact on financial reporting are identified and that controls are in place to minimize them. Moreover, changes in accounting principles are closely monitored and employees involved in financial reporting are instructed regularly and comprehensively. External experts and specialists are engaged, if necessary. The Treasury, Tax, Controlling, and Legal departments are involved in supporting the preparation of the financial statements. Finally, the information provided is verified once more by the department responsible for preparing the consolidated financial statements.

Fresenius Medical Care is moreover subject to the controls of Section 404 of the Sarbanes-Oxley Act.

Opportunities management

Risk areas