Risk management system
Risk management is part of our integrated management information system and is based on Groupwide controlling as well as an internal monitoring system. The latter’s function is to identify, assess and aggregate industry- and market-related risks in the individual regions, and to communicate them to Group level. Twice a year, the responsible risk managers present aggregated status reports to the Management Board. These reports include qualitative and quantitative appraisals of the likelihood of risks arising that have been identified as potentially harmful to the Company, as well as the potential extent of damage. In the case of newly identified, significant risks, the Management Board is also informed directly and immediately; for our risk reporting, see chart 2.8.1. Furthermore, the Audit and Corporate Governance Committee of the Supervisory Board regularly deals with risk management and the status report in its meetings. More information is available in the “Report of the Supervisory Board”.
In addition to risk reporting, traditional reporting to management is also an important tool for managing and controlling risk as well as for taking preventive measures in a timely manner. Therefore, the Management Board of Fresenius Medical Care receives information on a monthly and quarterly basis about the state of the healthcare industry, our operating and non-operating business, as well as on analyses of our assets, financial and earnings position.
Our risk management system is also backed by our internal audit department. The department works according to the internationally accepted standards of the Institute of Internal Auditors (IIA) and acts across regions as a global unit. The worldwide audit assignments are chosen on a yearly basis using a selection model that takes different risks into consideration. The audit plan is reviewed by the Management Board and finally approved by the Audit and Corporate Governance Committee of the Supervisory Board. This plan includes financial audits of individual units, as well as full audits of all business processes of a subsidiary or business unit. All audit reports from the audit plan are presented to the Management Board and to the external auditors. The internal audit department also monitors the implementation of measures documented in the reports. The Management Board is regularly informed about the implementation status. In addition, the Audit and Corporate Governance Committee of the Supervisory Board is informed of the audit results. A total of 33 audits were carried out in 2010. These also included full-scope audits – reviews of all business processes – at our sites in Argentina and China, among others.
Fresenius Medical Care has defined the scope and focus of the organization and systems for identifying and evaluating risks so that they function properly. Company-specific procedures are in place to develop countermeasures and avoid risks. The existing system is able to identify at an early stage any developments that may jeopardize the existence of the Company. Nevertheless, there can be no absolute certainty that this will enable all risks to be fully identified and controlled.