HHLA’s risk management system fosters a keen awareness of dealing with corporate risks. It aims to identify risks in good time and take steps to manage or avert them, thereby preventing situations which could jeopardize the con tinued existence of the HHLA Group. An important element of the system is its compliance with the principles of promoting entrepreneurial thinking and independent, responsible action. 

HHLA defines risk in this case as the possibility of any negative deviation from its operational or strategic plans and current forecasts. In order to manage such risks, the company has established a risk management system comprising the necessary organizational rules and procedures for identifying risks at an early stage, and taking proactive steps to deal with the risks and potential rewards inherent in all commercial activity. To this end, HHLA has created a methodical system covering all its business operations and based on risk policies established by the Executive Board. Risk management is carried out according to systematic principles and is subject to a continual improvement process.

The main elements of the risk management system were determined in close cooperation between the Executive Board, Internal Audit and Group Controlling, and establish clear lines of responsibility for the identifi cation, assessment, control, monitoring and reporting of risks.

Risks are catalogued regularly in the course of the annual planning process. All identifi ed risks are described clearly, classifi ed according to defined risk areas and assigned to a risk manager.

Risks are categorized by the likelihood of their occurrence and the amount by which such an occurrence would reduce the operating result or cash flow before taxes.

When assessing a risk, the level of loss or damage plus the anticipated probability must be stated. A distinction is made here between the gross risk (excluding reduction by management measures) and the net risk (including reduction by management measures). Risks are assessed in the context of the existing circumstances or a realistic projection. In addition to estimates and economic or mathematical/statistical inferences, sensitivities derived from the planning processes can also be used as a basis for assessment.

To ensure that risks of the same kind are recorded uniformly throughout the Group, staff liaise with the central Risk Management unit when assessing identifi ed risks, to establish and calculate the likelihood of the risks arising and the associated potential loss or damage.

After identifying and assessing the risk, the company then defi nes control measures aimed at reducing the likelihood of its occurrence and/or the loss or damage. Risks are monitored continuously and any signifi cant changes are reported and documented on a quarterly basis. Additional ad hoc reports must be issued whenever significant risks emerge, cease to apply, or change.

Risks are reported using standard Group-wide reporting formats in order to ensure a consistent overall picture of current risks.

The most important elements of the risk management and risk reporting systems are described in a corporate guideline. The Internal Audit department is responsible for auditing the risk management system. The external auditors also assess the early detection system as part of their audit of the annual financial statements.