Annual Report 2023

de

Topics Filter

Results

Three people running during the sunset (Photo)

Risk and Opportunity Report

In order to remain competitive and ensure sustainable success, adidas consciously takes risks and continuously explores and develops opportunities. Our risk and opportunity management principles and system provide the framework for our company to conduct business in a well-controlled environment.

Risk and opportunity management principles

The key objective of the risk and opportunity management is to support business success and protect the company as a going concern through an opportunity-focused but risk-aware decision-making framework. Our Enterprise Risk Management Policy outlines the principles, processes, tools, risk areas, key responsibilities, reporting requirements, and communication timelines within our company. Risk and opportunity management is a company-wide activity that utilizes key insights from the members of the Executive Board as well as from global and local business units and functions. We define risk as the potential occurrence of an external or internal event (or series of events) that may negatively impact our ability to achieve the company’s business objectives or financial goals. Opportunity is defined as the potential occurrence of an external or internal event (or series of events) that can positively impact the company’s ability to achieve its business objectives or financial goals.

Risk and opportunity management system

The Executive Board has overall responsibility for establishing a risk and opportunity management system that ensures comprehensive and consistent management of all relevant risks and opportunities. The Enterprise Risk Management department governs, operates, and develops the company’s risk and opportunity management system and is the owner of the centrally managed risk and opportunity management process on behalf of the Executive Board. The Supervisory Board is responsible for monitoring the effectiveness of the risk management system. These duties are undertaken by the Supervisory Board’s Audit Committee. Working independently of all other functions of the organization, the Internal Audit department provides objective assurance to the Executive Board and the Audit Committee regarding the adequacy and effectiveness of the company’s risk and opportunity management system on a regular basis. In addition, the Internal Audit department includes an assessment of the effectiveness of risk management processes and compliance with the company’s Enterprise Risk Management Policy as part of its regular auditing activities with selected adidas subsidiaries or functions each year.

Our risk and opportunity management system is based on frameworks for enterprise risk management and internal controls developed and published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Additionally, we have adapted our risk and opportunity management system to more appropriately reflect the structure as well as the culture of the company. This system focuses on the identification, evaluation, handling, systematic reporting, and monitoring of risks and opportunities. Furthermore, we use a quantitative concept for risk capacity and risk appetite. Risk capacity is a liquidity-based measure and represents the maximum level of risk adidas AG can take before being threatened with insolvency. Risk appetite refers to the maximum level of risk the company is willing to take and is linked to the company’s liquidity targets.

Risk and opportunity management system

Risk and opportunity management system (Graphic)

Our risk and opportunity management process comprises the following steps:

  • Risk and opportunity identification: adidas continuously monitors the macroeconomic environment and developments in the sporting goods industry as well as internal processes to identify risks and opportunities as early as possible. On a semi-annual basis, the Enterprise Risk Management department conducts a survey among senior management and selected middle management to ensure an effective bottom-up identification of risks and opportunities. Enterprise Risk Management has also defined 25 categories to help identify risks and opportunities in a systematic way. In addition, adidas uses various instruments in the risk and opportunity identification process, such as primary qualitative and quantitative research including trend scouting and consumer surveys as well as feedback from our business partners. These efforts are supported by global market research and competitor analysis. Through this process, we seek to identify the markets, categories, consumer target groups, and product styles that show the most potential for future growth at a local and global level. Equally, our analysis focuses on those areas that are at risk of saturation or exposed to increased competition or changing consumer tastes. Furthermore, we consider topics related to environmental, social, and governance aspects in our overall identification process as well as in the following process steps. Our risk and opportunity identification process is however not only limited to external risk factors or opportunities; it also includes an internal perspective that considers company culture, processes, projects, human resources, and compliance aspects.
  • Risk and opportunity evaluation: We assess identified risks and opportunities individually according to a systematic evaluation methodology, which allows adequate prioritization as well as allocation of resources. Risk and opportunity evaluation is part of the responsibility of the Enterprise Risk Management department supported by subject matter experts as well as internal and external data. The Enterprise Risk Management department also conducts assessments with the Executive Board members and senior leaders to validate the evaluation of most relevant risks and opportunities.

According to our methodology, risks and opportunities are evaluated by looking at two dimensions: the potential impact and the likelihood that this impact materializes. Based on this evaluation, we classify risks and opportunities into three categories: minor, moderate, and major.

The potential impact is evaluated using five categories: marginal, low, medium, high, and significant. These categories represent financial or equivalent non-financial measurements. The financial measurements are based on the potential effect on the company’s net income and cash flow. Non-financial measurements used are the degree to which the company’s reputation, brand image, and employer value proposition are affected. Moreover, the degree of damage to people’s health and safety and the degree of legal and judicial consequences at a corporate and personal level can be considered. Likelihood represents the possibility that a given risk or opportunity may materialize with the specific impact. The likelihood of individual risks and opportunities is evaluated on a percentage scale divided into five categories.

Risk evaluation categories

1 Based on net income and cash flow.

When evaluating risks and opportunities, we also consider the speed of materialization (velocity). In this respect, we differentiate in which financial year risks and opportunities could occur. We consider both gross and net risk in our risk assessments. While the gross risk reflects the inherent risk before any mitigating action, the net risk reflects the residual risk after all mitigating action. On the one hand, this approach allows for a good understanding of the impact of mitigating action taken; on the other hand, it provides the basis for scenario analysis. Our assessment of risks presented in this report only reflects the net risk perspective. We measure the actual financial impact of selected risks and opportunities that materialized against the original assessment on a yearly basis (‘back-testing’). In this way, we ensure continuous monitoring of the accuracy of risk and opportunity evaluations across the company, which enables us to continuously improve evaluation methodology based on our findings.

In assessing the potential effect from opportunities, each opportunity is appraised with respect to viability, commerciality, and potential risks. This approach is not only applied to longer-term strategic prospects but also to shorter-term tactical and opportunistic initiatives at the corporate level as well as at the market and brand level. In contrast to the risk evaluation, only the net perspective exists for assessing opportunities.

We aggregate risks and opportunities using a stochastic simulation (Monte Carlo simulation) to determine the company’s risk and opportunity portfolio (i.e., the company’s aggregated risk position), considering interdependencies of individual risks and opportunities. To identify a potential threat to the company as a going concern, we compare the 2024 risk and opportunity portfolio to the company’s defined risk capacity and determine the likelihood that the aggregated risk exceeds the risk capacity; to identify a potential threat to the company’s rating, we compare the 2024 risk and opportunity portfolio to the defined risk appetite and determine the likelihood that the aggregated risk exceeds the risk appetite.

  • Risk and opportunity handling: Risks and opportunities are treated in accordance with the company’s risk and opportunity management principles as described in the Enterprise Risk Management Policy. Risk Owners are in charge of developing and implementing appropriate risk-mitigating action within their area of responsibility. In addition, the Risk Owners need to determine a general risk-handling strategy for the identified risks, which is either risk avoidance, risk reduction with the objective to lower impact or likelihood, risk transfer to a third party or risk acceptance. The decision on the implementation of the respective risk-handling strategy also takes into account the costs in relation to the benefit of any planned mitigating action if applicable. The Enterprise Risk Management department works closely with the Risk Owners to monitor the continuous progress of planned mitigating action and assess the viability of already implemented mitigating action. Depending on the risk class determined by the risk and opportunity evaluation, the authority to make decisions to accept risks resides with the Executive Board, leaders reporting directly to an Executive Board member and the operational management on the next hierarchical level. The decision to accept major risks without taking additional mitigating action can only be made by the entire Executive Board. In its decision-making process, the Executive Board takes into account the risk profile, i.e., the relationship between risk and opportunity portfolio (i.e., the company’s aggregated risk position) and risk appetite, as well as risk capacity. To support the Executive Board, the Enterprise Risk Management department defined clear thresholds for the likelihood that the company’s aggregated risk exceeds the defined risk appetite and risk capacity. The company’s risk appetite must not be exceeded with a likelihood of at least 95%; the company’s risk capacity must not be exceeded with a likelihood of at least 99%.
  • Risk and opportunity monitoring and reporting: Our risk and opportunity management system aims to increase the transparency of risks and opportunities. As both risks and opportunities are subject to constant change, Risk Owners not only monitor developments but also the adequacy and effectiveness of the current risk-handling strategy on an ongoing basis.

Regular risk reporting takes place half-yearly and consists of a five-step reporting stream:

  • Enterprise Risk Management identifies risks and opportunities (with a potential effect on net income and cash flow higher than € 1 million) by conducting a survey among senior management and selected middle management as well as utilizing available information concerning the internal and external environment of the company. Enterprise Risk Management evaluates, consolidates, and aggregates the identified risks and opportunities (‘bottom-up assessment’).
  • Enterprise Risk Management discusses the assessment of most relevant risks and opportunities with the members of the Executive Board and leaders directly reporting to them. The Executive Board members and senior leaders validate the assessment of risks and opportunities in their respective area of responsibility (‘top-down assessment’).
  • Enterprise Risk Management provides a consolidated report to the Executive Board summarizing the results of both bottom-up and top-down assessment as well as the risk and opportunity profile to highlight a potential threat to the company’s rating and going concern. The Executive Board reviews the report, jointly agrees on a company assessment of risks and opportunities and decides if Risk Owners are required to take further action.
  • Based on the Executive Board’s decision, Enterprise Risk Management creates the final risk and opportunity report that is also shared with the Core Leadership Group’ (‘CLG’).
  • The Executive Board presents in collaboration with Enterprise Risk Management the final risk and opportunity assessment results to the Audit Committee of the Supervisory Board.

Material changes in previously reported risks and opportunities or newly identified substantial risks and opportunities are also reported outside the regular half-yearly reporting stream on an ad hoc basis to the Executive Board. To further improve the risk culture at adidas, we are also offering a risk management training to all our employees through our company intranet.

Compliance management system (adidas Fair Play)

 

We consider compliance with the law as well as with external and internal regulations to be imperative. The Executive Board sets the tone from the top, and every employee is required to act ethically and in compliance with the law as well as with internal and other external regulations while executing the company’s business. We believe adidas Fair Play will prevent a majority of potential compliance issues. For that reason, we have specific measures to detect and respond to any concerns. We realize, however, that no compliance system can eliminate all violations.

The adidas Chief Compliance Officer oversees the company’s Compliance Management System (CMS). We see compliance as all-encompassing, spanning all business functions throughout the entire value chain. Our central Compliance team works closely with Regional Compliance Managers and Local Compliance Officers to conduct a systematic assessment of key compliance risks on a yearly basis.

The company’s CMS is based on the OECD Principles of Corporate Governance. It refers to the OECD Guidelines for Multinational Enterprises and is designed to:

  • support the achievement of qualitative and sustainable growth through good corporate governance,
  • reduce and mitigate the risk of financial losses or damage caused by non-compliant conduct,
  • protect and further enhance the value and reputation of the company and its brand through compliant conduct, and
  • support ‘Diversity, Equity, and Inclusion’ (‘DEI’) initiatives by fighting harassment and discrimination.

The adidas Fair Play Code of Conduct is accessible on our website, includes guidelines for employee behavior in everyday work, and is applicable globally for all business areas. ADIDAS-GROUP.COM/S/CODE-OF-CONDUCT

 
 

The Fair Play Code of Conduct and our CMS are organized around three pillars: prevent, detect, and respond.

  • Prevention: The Compliance team regularly reviews and updates the CMS as necessary. In addition to the revised Fair Play Code of Conduct mentioned above, we also support all initiatives to prevent and fight harassment and discrimination in the workplace. Management also shares compliance-related communication, and the Compliance department provides mandatory training to all employees globally during onboarding and in regular, repeated cycles. The Compliance team and partners also provide targeted in-person compliance training as appropriate with senior management and newly promoted or hired senior executives across the globe in order to further enhance the compliance ‘tone from the top,’ as well as the ‘tone from the middle.’ We closely monitor the completion rates for these training measures. We also focused on further enhancing cooperation between the Compliance team and the Internal Audit, the Group Policies and Internal Controls, and the Enterprise Risk Management department.
  • Detection: adidas has whistleblowing procedures in place to ensure timely detection of potential infringements of statutory regulations or internal guidelines. Employees can report compliance concerns internally to their supervisor, the Chief Compliance Officer, Regional Compliance Managers or Local Compliance Officers, the relevant HR Manager, or, where applicable, the Works Council. Employees can also report externally via the independent, confidential Fair Play hotline and website, which also allow for anonymous complaints. The Fair Play hotline and website are available at all times worldwide, including the services of interpreters, if required. They are promoted digitally and with posters to reach all our locations around the world. The company’s work to identify potential compliance violations continued in 2023.
  • Response: Appropriate and timely response to compliance violations is essential. The Chief Compliance Officer leads all investigations in cooperation with an established team of Regional Compliance Managers and a global network of Local Compliance Officers. We track, monitor, and report potential incidents of non-compliance worldwide. In 2023, we recorded 590 potential compliance violations (2022: 521). Most importantly, insights gained from the investigation of past violations are used to continuously improve the CMS. Where necessary, we react promptly to confirmed compliance violations, through appropriate and effective sanctions ranging from warnings to termination of employment contracts. In 2023, the Compliance team further strengthened its relationship with the Employee Relations (ER) organization, a key partner in many compliance matters, especially those related to harassment and discrimination. In November 2023, a new case management tool was implemented allowing both Compliance and ER to effectively document and process cases as well as report on specific developments in more detail.
Potential compliance violations

 

 

2023

 

2022

Financial, including theft

 

51

 

48

Malfeasance, including conflicts of interest and corruption

 

17

 

19

Competition

 

0

 

1

Behavioral

 

387

 

326

Other1

 

135

 

127

1

Includes payroll issues, intellectual property, and leaks of confidential information, amongst others.

Reporting of potential compliance violations in %

 

 

2023

 

2022

Anonymous contact to hotline

 

53

 

55

Named contact to hotline

 

23

 

26

Compliance Officer and other

 

24

 

18

The company’s Chief Compliance Officer regularly reports to the Executive Board on the further development of the compliance program and on major compliance cases. In addition, the Chief Compliance Officer reports to the Audit Committee on a regular basis. In 2023, the Chief Compliance Officer attended four meetings of the Audit Committee of the Supervisory Board to report on the further development of the compliance program, major compliance cases, and other relevant compliance topics. The Compliance department has revised its process for detecting compliance risks and included new risks, as well as captured some risk areas (e.g., e-commerce) more clearly. In addition, the description of the CMS has been sharpened.

 

Description of the main features of the internal control and risk management system process pursuant to § 315 section 4 German Commercial Code (Handelsgesetzbuch – HGB)

The accounting-related internal control and risk management system of the company represents a process embedded within the company-wide corporate governance system. It aims to provide reasonable assurance regarding the reliability of the company’s external financial reporting by ensuring company-wide compliance with statutory accounting regulations, in particular the International Financial Reporting Standards (IFRS) and internal consolidated financial reporting policies (Finance Manual). We regard the internal control and risk management system as a process based on the principle of segregation of duties, encompassing various sub-processes in the areas of Accounting, Controlling, Taxes, Treasury, Planning, Reporting, and Legal, focusing on the identification, assessment, mitigation, monitoring, and reporting of financial reporting risks. Clearly defined responsibilities are assigned to each distinct sub-process. In a first step, the internal control and risk management system serves to identify, assess, limit, and control risks identified in the consolidated financial reporting process that might result in the consolidated financial statements not being compliant with internal and external regulations.

Internal Control over Financial Reporting (ICoFR) serves to provide reasonable assurance regarding the reliability of financial reporting and compliance with applicable laws and regulations. To monitor the effectiveness of ICoFR, the Corporate Internal Audit department, which includes both the Internal Audit and Global Internal Controls functions, regularly reviews accounting-related processes. Additionally, as part of the year-end audit, the external auditor assesses the effectiveness of selected internal controls, including IT controls. The Audit Committee of the Supervisory Board also monitors the effectiveness of ICoFR.

All adidas companies are required to comply with the consolidated financial reporting policies (Finance Manual), which are available to all employees involved in the financial reporting process through the company-wide intranet. We update the Finance Manual on a regular basis, dependent on regulatory changes and internal developments. Changes to the Finance Manual are promptly communicated to all adidas companies. Clear policies serve to limit employees’ scope of discretion with regard to recognition and valuation of assets and liabilities, thus reducing the risk of inconsistent accounting practices within the company. We aim to ensure compliance with the Finance Manual through continuous adherence to the four-eyes principle in accounting-related processes. In addition, the local manager responsible for the accounting-related process within the respective company and the respective local Managing Director confirm adherence to the Finance Manual and to IFRS in a signed representation letter to the Accounting department semi-annually.

The accounting for adidas companies is conducted either locally or by our Global Business Services. Virtually all the IT Enterprise Resource Planning (ERP) systems used are based on a company-wide standardized SAP system. Following approval by the Finance Director of the respective adidas company, the local financial statements are transferred to a central consolidation system based on SAP Group Reporting. At the corporate level, the regularity and reliability of the financial statements prepared by adidas companies are reviewed by the Accounting and Controlling departments. These reviews include automated validations in the system as well as the creation of reports and analyses to ensure data integrity and adherence to the reporting logic. In addition, differences between current-year and prior-year financial data as well as budget figures are analyzed on a market level. If necessary, adidas seeks the opinion of independent experts to review business transactions that occur infrequently and on a non-routine basis. After ensuring data plausibility, the centrally coordinated and monitored consolidation process begins, running automatically on SAP Group Reporting. Controls within the individual consolidation steps, such as those relating to the consolidation of debt or of income and expenses, are conducted both manually and system-based, using automatically created consolidation logs. Any inadequacies are remedied manually by systematically processing the individual errors as well as differences and are reported back to the adidas companies. After finalization of all consolidation steps, all items in the consolidated income statement and in the consolidated statement of financial position are analyzed with respect to trends and variances. Unless already otherwise clarified, the adidas companies are asked to explain any identified material deviations.

All financial systems used are protected against malpractice by means of appropriate authorization concepts, approval concepts, and access restrictions. Access authorizations are reviewed on a regular basis and updated if required. The risk of data loss or outage of accounting-related IT systems is minimized through central control and monitoring of virtually all IT systems, centralized management of change processes, and regular data backups.

Furthermore, the adidas internal control and risk management system includes non-accounting-related controls which serve to provide reasonable assurance regarding the effectiveness and efficiency of operations, reliability of non-financial reporting, and compliance with applicable laws and regulations. The internal control and risk management system regarding the non-accounting-related activities focuses also on the identification, assessment, mitigation, monitoring, and reporting of relevant risks. It is as well embedded within the company-wide corporate governance system and encompasses various sub-processes in the areas of Brands, Operations (including Procurement and IT), Sales, or Human Resources.

All adidas companies are also required to comply with the non-accounting-related policies (‘Policy Manual’), which are available to all employees involved in the various processes through the company-wide intranet and are updated and communicated on a regular basis.

The effectiveness of the non-accounting-related controls is also regularly monitored by the Corporate Internal Audit department and the Global and Market Internal Controls teams. The reporting of internal control testing results to the Audit Committee of the Supervisory Board includes the effectiveness of non-accounting-related controls as well.

Nothing came to our attention that would cause us to doubt the adequacy and effectiveness of the entire internal control and risk management system. However, due to the limitations of any internal control and risk management system, absolute certainty about the appropriateness and effectiveness of these systems cannot be guaranteed.1

1 The statement in relation to German Corporate Governance Code A5 was not audited in terms of content as part of the audit of this Group Management Report.

Reference
This Group Management Report is a combined management report. It contains the Group Management Report of the adidas Group and the Management Report of adidas AG.
The Declaration on Corporate Governance is part of the Annual Report.
Declaration on Corporate Governance