Risk and Opportunity Report
In order to remain competitive and ensure sustainable success, adidas consciously takes risks and continuously explores and develops opportunities. Our risk and opportunity management principles and system provide the framework for our company to conduct business in a well-controlled environment.
RISK AND OPPORTUNITY MANAGEMENT PRINCIPLES
The key objective of the risk and opportunity management is to support business success and protect the company as a going concern through an opportunity-focused but risk-aware decision-making framework. Our Risk Management Policy outlines the principles, processes, tools, risk areas, key responsibilities, reporting requirements, and communication timelines within our company. Risk and opportunity management is a company-wide activity that utilizes key insights from the members of the Executive Board as well as from global and local business units and functions. We define risk as the potential occurrence of an external or internal event (or series of events) that may negatively impact our ability to achieve the company’s business objectives or financial goals. Opportunity is defined as the potential occurrence of an external or internal event (or series of events) that can positively impact the company’s ability to achieve its business objectives or financial goals.
RISK AND OPPORTUNITY MANAGEMENT SYSTEM
The Executive Board has overall responsibility for establishing a risk and opportunity management system that ensures comprehensive and consistent management of all material risks and opportunities. The Risk Management department governs, operates, and develops the company’s risk and opportunity management system and is the owner of the centrally managed risk and opportunity management process on behalf of the Executive Board. The Supervisory Board is responsible for monitoring the effectiveness of the risk management system. These duties are undertaken by the Supervisory Board’s Audit Committee. Working independently of all other functions of the organization, the Internal Audit department provides objective assurance to the Executive Board and the Audit Committee regarding the adequacy and effectiveness of the company’s risk and opportunity management system on a regular basis. In addition, the Internal Audit department includes an assessment of the effectiveness of risk management processes and compliance with the company’s Risk Management Policy as part of its regular auditing activities with selected adidas subsidiaries or functions each year.
Our risk and opportunity management system is based on frameworks for enterprise risk management and internal controls developed and published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Additionally, we have adapted our risk and opportunity management system to more appropriately reflect the structure as well as the culture of the company. This system focuses on the identification, evaluation, handling, systematic reporting, and monitoring of risks and opportunities. In 2021, we evolved our risk and opportunity management system by introducing a quantitative concept for risk capacity and risk appetite. Risk capacity is a liquidity-based measure and represents the maximum level of risk adidas AG can take before being threatened with insolvency. Risk appetite refers to the maximum level of risk the company is willing to take and is linked to the company’s liquidity targets.
Our risk and opportunity management process comprises the following steps:
- Risk and opportunity identification: adidas continuously monitors the macroeconomic environment and developments in the sporting goods industry as well as internal processes to identify risks and opportunities as early as possible. On a semi-annual basis, the Risk Management department conducts a survey with all members of the ‘Core Leadership Group’ (‘CLG’), ‘Extended Leadership Group’ (‘ELG’), and ‘Global High Potential Group’ (‘GHIPO’) to ensure an effective bottom-up identification of risks and opportunities. Risk Management has also defined 25 categories to help identify risks and opportunities in a systematic way. In addition, adidas uses various instruments in the risk and opportunity identification process, such as primary qualitative and quantitative research including trend scouting and consumer surveys as well as feedback from our business partners. These efforts are supported by global market research and competitor analysis. Through this process, we seek to identify the markets, categories, consumer target groups, and product styles that show the most potential for future growth at a local and global level. Equally, our analysis focuses on those areas that are at risk of saturation or exposed to increased competition or changing consumer tastes. Furthermore, as part of our identification process and following the ‘Task Force on Climate-related Financial Disclosures’ (‘TCFD’) framework, we monitor physical risks related to climate change as well as risks and opportunities resulting from the transition to a low-carbon economy. Our risk and opportunity identification process is however not only limited to external risk factors or opportunities; it also includes an internal perspective that considers company culture, processes, projects, human resources, and compliance aspects.
- Risk and opportunity evaluation: We assess identified risks and opportunities individually according to a systematic evaluation methodology, which allows adequate prioritization as well as allocation of resources. Risk and opportunity evaluation is part of the responsibility of the Risk Management department supported by subject matter experts as well as internal and external data. The Risk Management department also conducts assessments with the Executive Board members and senior leaders to validate the evaluation of risks and opportunities.
According to our methodology, risks and opportunities are evaluated by looking at two dimensions: the potential impact and the likelihood that this impact materializes. Based on this evaluation, we classify risks and opportunities into three categories: minor, moderate, and major.
The potential impact is evaluated using five categories: marginal, low, medium, high, and significant. These categories represent financial or equivalent non-financial measurements. The financial measurements are based on the potential effect on the company’s net income and cash flow. Non-financial measurements used are the degree to which the company’s reputation, brand image, and employer value proposition are affected. Moreover, the degree of damage to people’s health and safety and the degree of legal and judicial consequences at a corporate and personal level can be considered. Likelihood represents the possibility that a given risk or opportunity may materialize with the specific impact. The likelihood of individual risks and opportunities is evaluated on a percentage scale divided into five categories.
- When evaluating risks and opportunities, we also consider the speed of materialization (velocity). In this respect, we differentiate in which financial year risks and opportunities could occur. We consider both gross and net risk in our risk assessments. While the gross risk reflects the inherent risk before any mitigating action, the net risk reflects the residual risk after all mitigating action. On the one hand, this approach allows for a good understanding of the impact of mitigating action taken; on the other hand, it provides the basis for scenario analysis. Our assessment of risks presented in this report only reflects the net risk perspective. We measure the actual financial impact of the most relevant risks and opportunities that materialized against the original assessment on a yearly basis (‘back-testing’). In this way, we ensure continuous monitoring of the accuracy of risk and opportunity evaluations across the company, which enables us to continuously improve evaluation methodology based on our findings.
In assessing the potential effect from opportunities, each opportunity is appraised with respect to viability, commerciality and potential risks. This approach is not only applied to longer-term strategic prospects but also to shorter-term tactical and opportunistic initiatives at the corporate level as well as at the market and brand level. In contrast to the risk evaluation, only the net perspective exists for assessing opportunities.
We aggregate risks and opportunities using a stochastic simulation (Monte Carlo simulation) to determine the company’s risk and opportunity profile (i.e., the company’s aggregated risk position), considering interdependencies of individual risks and opportunities. To identify a potential threat to the company as a going concern, we compare the risk and opportunity profile to the company’s defined risk capacity and determine the likelihood that the aggregated risk exceeds the risk capacity; to identify a potential threat to the company’s rating, we compare the risk and opportunity profile to the defined risk appetite and determine the likelihood that the aggregated risk exceeds the risk appetite. - Risk and opportunity handling: Risks and opportunities are treated in accordance with the company’s risk and opportunity management principles as described in the Risk Management Policy. Risk Owners are in charge of developing and implementing appropriate risk-mitigating action within their area of responsibility. In addition, the Risk Owners need to determine a general risk-handling strategy for the identified risks, which is either risk avoidance, risk reduction with the objective to lower impact or likelihood, risk transfer to a third party or risk acceptance. The decision on the implementation of the respective risk-handling strategy also takes into account the costs in relation to the benefit of any planned mitigating action if applicable. The Risk Management department works closely with the Risk Owners to monitor the continuous progress of planned mitigating action and assess the viability of already implemented mitigating action. Depending on the risk class determined by the risk and opportunity evaluation, the authority to make decisions to accept risks resides with the Executive Board, leaders reporting directly to an Executive Board member and the operational management on the next hierarchical level. The decision to accept material risks without taking additional mitigating action can only be made by the entire Executive Board. In its decision-making process, the Executive Board takes into account the relationship between risk and opportunity profile (i.e., the company’s aggregated risk position) and risk appetite as well as risk capacity. To support the Executive Board, the Risk Management department defined clear thresholds for the likelihood that the company’s aggregated risk exceeds the defined risk appetite and risk capacity. The company’s risk appetite must not be exceeded with a likelihood of at least 95%; the company’s risk capacity must not be exceeded with a likelihood of at least 99%.
- Risk and opportunity monitoring and reporting: Our risk and opportunity management system aims to increase the transparency of risks and opportunities. As both risks and opportunities are subject to constant change, Risk Owners not only monitor developments but also the adequacy and effectiveness of the current risk-handling strategy on an ongoing basis.
Regular risk reporting takes place half-yearly and consists of a five-step reporting stream:
- Risk Management identifies risks and opportunities (with a potential effect on net income and cash flow higher than € 1 million) by conducting a survey of ‘CLG,’ ‘ELG,’ and ‘GHIPO’ members as well as utilizing available information concerning the internal and external environment of the company. Risk Management evaluates, consolidates, and aggregates the identified risks and opportunities (‘bottom-up assessment’).
- Risk Management discusses the assessment of substantial risks and opportunities with the members of the Executive Board and leaders directly reporting to them. The Executive Board members and their direct reports validate the assessment of risks and opportunities in their respective area of responsibility (‘top-down assessment’).
- Risk Management provides a consolidated report to the Executive Board summarizing the results of both bottom-up and top-down assessment as well as the risk and opportunity aggregation to highlight a threat to the company’s rating and going concern. The Executive Board reviews the report, jointly agrees on a company assessment of risks and opportunities and decides if Risk Owners are required to take further action.
- Based on the Executive Board’s decision, Risk Management creates the final risk and opportunity report that is also shared with the ‘CLG.’
- The Executive Board presents in collaboration with Risk Management the final risk and opportunity assessment results to the Audit Committee of the Supervisory Board.
Material changes in previously reported risks and opportunities or newly identified material risks and opportunities as well as any issues identified that, due to their material nature, require immediate reporting, are also reported outside the regular half-yearly reporting stream on an ad hoc basis to the Executive Board.
COMPLIANCE MANAGEMENT SYSTEM (ADIDAS FAIR PLAY)
We consider compliance with the law as well as with external and internal regulations to be imperative. The Executive Board sets the tone from the top. Every employee is required to act ethically and in compliance with the law as well as with internal and other external regulations while executing the company’s business. We believe adidas Fair Play will prevent the majority of potential compliance issues. For that reason, we have specific measures to detect and respond to any concerns. We realize, however, that no compliance system can eliminate all violations.
The adidas Chief Compliance Officer oversees the company’s Compliance Management System (CMS). We see compliance as all-encompassing, spanning all business functions throughout the entire value chain. Our central Compliance team works closely with Regional Compliance Managers and Local Compliance Officers to conduct a systematic assessment of key compliance risks on a yearly basis. In addition, the central Compliance team regularly conducts compliance reviews within selected entities. Due to widespread pandemic-related travel restrictions in 2021, the reviews have been postponed to 2022.
The company’s CMS is based on the OECD Principles of Corporate Governance. It refers to the OECD Guidelines for Multinational Enterprises and is designed to:
- support the achievement of qualitative and sustainable growth through good corporate governance,
- reduce and mitigate the risk of financial losses or damage caused by non-compliant conduct,
- protect and further enhance the value and reputation of the company and its brand through compliant conduct, and
- preserve diversity by fighting harassment and discrimination.
The adidas Fair Play Code of Conduct is accessible on our website, includes guidelines for employee behavior in everyday work, and is applicable globally for all business areas. In 2020, we revised the Code of Conduct to ensure it remains up to date and reflects our business environment. -group.com/s/code-of-conduct
The Fair Play Code of Conduct and our CMS are organized around three pillars: prevent, detect, and respond.
- Prevention: The Compliance team regularly reviews and updates the CMS as necessary. In addition to the revised Fair Play Code of Conduct mentioned above, we also introduced an Anti-Harassment and Anti-Discrimination Policy in September 2020, emphasizing adidas’ renewed initiative to prevent and fight harassment and discrimination in the workplace. Management also shares compliance-related communication, and the Compliance department provides mandatory training to all employees globally during onboarding and in regular, repeated cycles. The Compliance team and partners also provide targeted in-person compliance training as appropriate with senior management and newly promoted or hired senior executives across the globe in order to further enhance the compliance ‘tone from the top,’ as well as the ‘tone from the middle.’ We closely monitor the completion rates for these training measures and continuously update our web-based training. Also in 2021, the company launched trainings on several topics, including information security; procurement, and ‘Diversity, Equity, and Inclusion’ (‘DEI’). We also focused on strengthening cooperation between the Compliance team and the Internal Audit, the Group Policies and Internal Controls, and the Risk Management departments.
- Detection: adidas has whistleblowing procedures in place to ensure timely detection of potential infringements of statutory regulations or internal guidelines. Employees can report compliance concerns internally to their supervisor, the Chief Compliance Officer, Regional Compliance Managers or Local Compliance Officers, the relevant HR Manager, or, where applicable, the Works Council. Employees can also report externally via the independent, confidential Fair Play hotline and website, which also allow for anonymous complaints. The Fair Play hotline and website are available at all times worldwide, including the services of interpreters, if required. They are promoted digitally and with posters to reach all our locations around the world. The company’s continuous work to identify potential compliance violations accelerated in 2021 through several initiatives related to the Global ‘Diversity, Equity, and Inclusion’ (‘DEI’) Program.
- Response: Appropriate and timely response to compliance violations is essential. The Chief Compliance Officer leads all investigations in cooperation with an established team of Regional Compliance Managers and a global network of Local Compliance Officers. We track, monitor, and report potential incidents of non-compliance worldwide. In 2021, we recorded 485 potential compliance violations (2020: 414). Most importantly, insights gained from the investigation of past violations are used to continuously improve the CMS. Where necessary, we react promptly to confirmed compliance violations, through appropriate and effective sanctions ranging from warnings to termination of employment contracts. In addition, in 2021, the Compliance team strengthened its relationship with the HR organization, a key partner in many compliance matters, especially those related to harassment and discrimination.
|
|
2021 |
||||
---|---|---|---|---|---|---|
Financial, including theft |
|
51 |
||||
Malfeasance, including conflicts of interest and corruption |
|
21 |
||||
Competition |
|
0 |
||||
Behavioral |
|
294 |
||||
Other1 |
|
119 |
||||
|
|
|
2021 |
---|---|---|
Anonymous contact to hotline |
|
47% |
Named contact to hotline |
|
30% |
Compliance Officer and other |
|
23% |
The company’s Chief Compliance Officer regularly reports to the Executive Board on the further development of the compliance program and on major compliance cases. In addition, the Chief Compliance Officer reports to the Audit Committee on a regular basis. In 2021, the Chief Compliance Officer attended four meetings of the Audit Committee of the Supervisory Board to report on the further development of the compliance program, major compliance cases, and other relevant compliance topics. The Compliance department has revised its process for detecting compliance risks and included new risks, as well as captured some risk areas (e.g., e-commerce) more clearly. In addition, the description of the CMS has been sharpened.
DESCRIPTION OF THE MAIN FEATURES OF THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM PROCESS PURSUANT TO § 315 SECTION 4 GERMAN COMMERCIAL CODE (HANDELSGESETZBUCH – HGB)
The internal control and risk management system relating to the consolidated financial reporting process of the company represents a process embedded within the company-wide corporate governance system. It aims to provide reasonable assurance regarding the reliability of the company’s external financial reporting by ensuring company-wide compliance with statutory accounting regulations, in particular the International Financial Reporting Standards (IFRS) and internal consolidated financial reporting policies (Finance Manual). We regard the internal control and risk management system as a process based on the principle of segregation of duties, encompassing various sub-processes in the areas of Accounting, Controlling, Taxes, Treasury, Planning, Reporting and Legal, focusing on the identification, assessment, mitigation, monitoring, and reporting of financial reporting risks. Clearly defined responsibilities are assigned to each distinct sub-process. In a first step, the internal control and risk management system serves to identify, assess, limit and control risks identified in the consolidated financial reporting process that might result in the consolidated financial statements not being compliant with internal and external regulations.
Internal Control over Financial Reporting (ICoFR) serves to provide reasonable assurance regarding the reliability of financial reporting and compliance with applicable laws and regulations. To monitor the effectiveness of IcoFR, the Group Policies and Internal Controls department and the Internal Audit department regularly review accounting-related processes. Additionally, as part of the year-end audit, the external auditor assesses the effectiveness of selected internal controls, including IT controls. The Audit Committee of the Supervisory Board also monitors the effectiveness of IcoFR. However, due to the limitations of IcoFR, even with appropriate and functional systems absolute certainty about the effectiveness of IcoFR cannot be guaranteed.
All adidas companies are required to comply with the consolidated financial reporting policies (Finance Manual), which are available to all employees involved in the financial reporting process through the company-wide intranet. We update the Finance Manual on a regular basis, dependent on regulatory changes and internal developments. Changes to the Finance Manual are promptly communicated to all adidas companies. Clear policies serve to limit employees’ scope of discretion with regard to recognition and valuation of assets and liabilities, thus reducing the risk of inconsistent accounting practices within the company. We aim to ensure compliance with the Finance Manual through continuous adherence to the four-eyes principle in accounting-related processes. In addition, the local manager responsible for the accounting process within the respective company and the respective local Managing Director confirm adherence to the Finance Manual and to IFRS in a signed representation letter to the Accounting department semi-annually.
The accounting for adidas companies is conducted either locally or by our Global Business Services. Virtually all the IT Enterprise Resource Planning (ERP) systems used are based on a company-wide standardized SAP system. Following approval by the Finance Director of the respective adidas company, the local financial statements are transferred to a central consolidation system based on SAP SEM-BCS. At the corporate level, the regularity and reliability of the financial statements prepared by adidas companies are reviewed by the Accounting and Controlling departments. These reviews include automated validations in the system as well as the creation of reports and analyses to ensure data integrity and adherence to the reporting logic. In addition, differences between current-year and prior-year financial data as well as budget figures are analyzed on a market level. If necessary, adidas seeks the opinion of independent experts to review business transactions that occur infrequently and on a non-routine basis. After ensuring data plausibility, the centrally coordinated and monitored consolidation process begins, running automatically on SAP SEM-BCS. Controls within the individual consolidation steps, such as those relating to the consolidation of debt or of income and expenses, are conducted both manually and system-based, using automatically created consolidation logs. Any inadequacies are remedied manually by systematically processing the individual errors as well as differences and are reported back to the adidas companies. After finalization of all consolidation steps, all items in the consolidated income statement and in the consolidated statement of financial position are analyzed with respect to trends and variances. Unless already otherwise clarified, the adidas companies are asked to explain any identified material deviations.
All financial systems used are protected against malpractice by means of appropriate authorization concepts, approval concepts and access restrictions. Access authorizations are reviewed on a regular basis and updated if required. The risk of data loss or outage of accounting-related IT systems is minimized through central control and monitoring of virtually all IT systems, centralized management of change processes and regular data backups.