risk management
Sanitas has taken measures to ensure an appropriate risk management strategy is in place with regard to all material risks, and has documented this strategy accordingly.
Risk management includes the methods and processes that are used to identify, assess, implement risk strategies and risk management measures, monitor and report on risks. These measures are implemented based on Art. 22 of VAG/ISA and Art. 96 and 97 of AVO/ISO. In accordance with the regulations governing Sanitas Beteiligungen AG, the board of directors is responsible for risk management policy. The executive board issues the necessary directives.
In strategic terms, risk management helps improve the company’s corporate value by ensuring an appropriate balance between risk and profit, which in turn guarantees long-term financial stability.
With this in mind, integrated risk management:
Integrated risk management is therefore a fundamental part of corporate governance.
Integrated risk management comprises the following elements:
Sanitas’ risk management process is aligned with the ISO 31000 standard and is divided into the following four methodical phases (risk management control system):
01
The systematic process of identifying risks and documenting their characteristics. This is the first phase of risk management (risk management control system). Level 1 and 2 risk drivers are also identified for each risk as part of the Sanitas Group’s integrated risk management process in order to identify the cause and effect of risks and any cross-sectional risks.
02
involves the analysis and classification of risks in order to quantify the probability of occurrence and the extent of a potential loss. The probability of occurrence is determined for a period of three years (planning period of strategic corporate goals) and the extent of a potential loss with regard to the impact on the Sanitas Group’s invested capital.
03
This includes the definition of risk navigation measures. These are measures to accept, avoid, control and transfer specific risks and risk segments.
04
in addition to compulsory regulatory guidelines, a bottom-up reporting structure should be implemented to form the basis for the enactment of top-down directives (board of directors) and objectives in line with the Sanitas Group’s risk appetite. As part of the risk reporting process, an early warning system should also be implemented to enable the Sanitas Group to make risk information available promptly in an appropriate form where necessary (adverse event reports).