The GfK Group’s integrated opportunity and risk management system forms the basis on which all opportunities and risks are identified and managed. The risk management process is carried out using a “bottom-up” approach across a number of aggregation levels. This process allows for the identification and evaluation of risks at individual GfK subsidiary level, and this extends to also include opportunities at regional, sector and Group level. The general aim is the early recognition of developments that could influence the GfK Group significantly. The monitoring of opportunities and risks is safeguarded through continuous internal risk reporting as well as annual risk inventory. In addition, the opportunity and risk management system is regularly reviewed by Internal Audit, thereby ensuring the system is functioning properly.
GfK’s group-wide opportunity and risk management system is essentially based on a management-oriented enterprise risk management (ERM) approach. It is fully integrated into the Group’s organization and is structured according to the internationally recognized framework concept of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In line with this concept, the opportunity and risk management system with its defined processes is linked with internal risk reporting and constitutes a cornerstone of the internal control system. The integrated system is enshrined in a corporate guideline and regulates all the principles of risk policy and the responsibilities associated with the opportunity and risk management system, the opportunity and risk management process, and the related reporting. The guideline can be accessed by every employee on the GfK intranet.
Principles of risk policy
To ensure the GfK Group’s continuing success in the market, opportunities must be consistently exploited, while at the same time taking on risk in a manner that is acceptable from both a business and moral perspective. To this end, risk policy principles have been defined and form the basis of the GfK Group’s entire opportunity and risk management system. The key principles which are integrated into the structures and business processes of the GfK Group are as follows:
> Entrepreneurial action requires the conscious management of risks.
> No actions are permitted where the inherent risks could endanger the survival of the GfK Group.
> Risk management is the obligation of each and every employee.
> Risks must be systematically identified, assessed and managed.
Risk Management Committee: As part of its overall responsibility for the opportunity and risk management system, the Management Board has established a Risk Management Committee, which is tasked with the central coordination and continuous further development of the risk management system. The standing members of this committee are the CFO as Chairperson, the CEO, the Head of Group Controlling and an employee from the Group Controlling Department with responsibility for Risk Management. The committee informs the Management Board and Supervisory Board about current developments and changes in the Group’s risk position.
Risk management coordinators: The direct responsibility for early identification, management and communication of risks at local level lies with the operational management of the individual GfK companies. Local risk management coordinators promote risk awareness and ensure that the prescribed Group principles are implemented by the respective organizations.
Risk owners: For each risk identified, a risk owner is nominated (at every level of the risk inventory process 2016 shown in the following diagram) in whose remit the risk lies. The risk owner is tasked with actively managing the risk and taking appropriate countermeasures to prevent the occurrence of risks that are harmful to business or to mitigate any potential damage. The risk owner can be an individual employee or a group of employees at management level.
Opportunity and risk management process
The opportunity and risk management process comprises continuous identification, assessment and management, complemented by the process-related steps of reporting and monitoring.
Every employee in the GfK Group is responsible for identifying risks within their remit. This is carried out within the respective local GfK companies, at a regional level by the regional management and at sector level by the sector management team. Where a risk affects the whole GfK Group, this is carried out at Management Board level. Subsequently, each risk is systematically assessed using the criteria “probability of occurrence,” “potential extent of damage” and “time horizon.”
Four categories are used to assess the probability of occurrence: “very unlikely” (less than 10 percent), “unlikely” (between 10 and less than 40 percent), “likely” (between 40 and less than 70 percent) and “very likely” (more than 70 percent).
The potential extent of damage is assessed using different categories of impact on the adjusted operating income or consolidated total income, which range from “low” (less than €3 million) and “moderate” (between €3 million and less than €6 million) through to “high” (between €6 million and less than €10 million) and “very high,” which in turn is subdivided into three levels (between €10 million and less than €20 million, between €20 million and less than €30 million and more than €30 million).
With regard to the time horizon, there will be no breakdown into direct risks (risk could potentially have an impact as early as financial year 2017) and indirect risks (risk could potentially have an impact for the first time from the following financial year onwards), since most of the potential risks could occur in the next financial year. Deviations relating to the time horizon are noted in the respective risk.
As part of risk management, measures are defined and implemented for material risks (depending on the assessment regarding potential extent of damage and probability of occurrence) to prevent the risks occurring or significantly reduce the potential extent of damage in the event of occurrence. Similarly, the risk catalog referred to here only relates to material risks for the GfK Group.
Potential opportunities that could have a positive impact on the adjusted operating income or consolidated total income are also analyzed within the Group. Opportunity and risk management additionally involves actively dealing with individual risks or identified opportunities in order to be able to react promptly to any potential changes. As part of opportunity and risk monitoring, the entire portfolio of opportunities and risks as well as the business environment are monitored on a continuous basis so changes can be identified in good time.
Opportunity and risk reporting is carried out on a monthly and annual basis in a global risk inventory, and in ad hoc reports at any time. The annual risk inventory provides a comprehensive assessment of the GfK Group’s opportunity and risk position.
In principle, all GfK companies are obliged to conduct an annual risk inventory. GfK companies with forecast external sales for the current financial year of more than €9 million and those that are of strategic interest for the GfK Group are integrated in risk inventory reporting. The reported risks are summarized and validated in regional and sector-specific opportunity and risk workshops with the aim of identifying material risks and opportunities across all of the companies. This ensures that opportunity and risk management is anchored in the respective regional and sector strategy, and ultimately in the strategy of the Group. As a result of this bottom-up approach, individual risks can be leveled out and risks which are aggregated at regional and sector level can be reassessed.
The opportunities and risks of the GfK Group are summarized on this basis and presented to the Management Board. The opportunities and risks identified and assessed in this way are subsequently collated in an opportunity and risk report and reported to the Supervisory Board.
Changes in the risk position of the individual GfK companies during the year are covered by monthly risk reporting as part of regular financial reporting or recorded in ad hoc reports and reported at Management Board level. Every GfK company is obliged to report new risks and changes in existing material risks on a monthly basis. The Risk Management Committee must be informed directly if the potential extent of damage relating to new risks arising during the year is significant and action at sector or Group level is required.
As a result of its business activities, GfK must consciously take certain risks in order to exploit opportunities and successfully exist in the market. This affects a broad spectrum of opportunity and risk areas. The opportunity and risk assessment refers to the evaluation after suitable countermeasures have been implemented.
Economic risks: Repercussions for GfK’s business operations can be expected if global economic growth in the current financial year falls significantly short of the current forecasts of the International Monetary Fund (IMF), or if there is a threat to the stability of individual currencies that are important for the global economy. The GfK Group is a global organization with a high degree of geographical diversification and should therefore be able to appropriately counter an economic slowdown in individual countries. The continued development of innovative products and services, focus on client relationships and the action taken in the form of restructuring and cost-reduction measures as well as greater risk awareness will help minimize risk. Risk assessment after countermeasures – probability of occurrence: likely; potential extent of damage: very high I.
Risks in connection with portfolio valuation: The fair value of acquisitions and the resulting assets depends on the profitability of cash generating units. If current developments in the business operations of the acquired subsidiaries fail to match expectations, or if growth rates are lower than forecast, an impairment loss risk may occur. Among other factors, budget values from the Group’s internal reporting are used for valuation purposes. Risks arising from the probability of occurrence and changes in market circumstances may result in an impairment loss that needs to be recognized in the income statement but is not a cash item. Countermeasures such as strict monitoring and management of budget compliance and sensitivity analyses carried out during the year make it possible to monitor this risk. Based on the half-year result and taking account of future growth rates, goodwill impairments had already been recognized in the half-year financial statements. This measure means the risk assessment for the risk was unchanged on the previous year. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: very high III.
Risk from reputation-damaging events: As one of the world’s largest market researchers, the trust and confidence of our clients and other external stakeholders is of prime importance. Our conduct as a supplier, client and employer must be impeccable at all times and meet the requirements of our own Code of Conduct. Should events such as contraventions of the law or guidelines by individual GfK employees or other events with a PR impact occur and become known, this will result in more than just direct pecuniary damage for GfK. Reputational damage can have wide-ranging repercussions for the Group’s global activities, even if the misconduct should relate only to one isolated event or one specific region. Consequently, in the past financial year this risk was included as an individual risk for the first time. General countermeasures to raise awareness of compliance issues among the employees are explained in the corresponding section. If these measures are not able to prevent the occurrence of a reputation-damaging event, the extent of the damage is reduced by prompt additional measures, such as increased communication with the clients concerned, swift settlement of possible litigation and the involvement of external specialists where necessary. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: low.
Risks in connection with portfolio activities: GfK’s success is contingent on achieving its strategic goals. To this end, in addition to acquisitions, consideration is also given to restructuring as well as disposals in order to optimize the Group portfolio. A range of risks can arise during projects to achieve the strategic aims. In addition to risks in connection with integration activities, financial risks can also arise if the proceeds expected from the acquisition on the basis of the underlying business plans are not realized. Ongoing financial commitments relating to a business that has been sold, such as obligations arising from property rights, warranties, indemnification or other financial obligations, may also jeopardize the achievement of strategic aims. As a result of its experienced Corporate Development team and Legal team, as well as the assistance of external experts, GfK is able to identify potential risks early and adopt appropriate measures. These measures primarily include comprehensive due diligence processes, post-merger integration, and monitoring of thresholds, both for acquisitions and for disposals. The extent of damage therefore remains stable versus the previous year. Risk assessment after countermeasures – probability of occurrence: likely; potential extent of damage: low.
Liquidity risks: Liquidity risks for the GfK Group comprise potentially being unable to meet its financial obligations, for example the repayment of financial debt or the ongoing capital requirements of its operating business. Cash and cash equivalents amounting to € 174 million, on the reporting date unutilized credit lines of € 282 million and a balanced maturity structure of loans minimize the liquidity risk (see note 27: interest-bearing financial liabilities). The € 200 million syndicated credit line, unused at reporting date, and a secondary credit line, were extended ahead of schedule to 2021. The covenants agreed in the syndicated credit facility and promissory note loan were all met in every reporting period in 2016. To identify and minimize potential liquidity risks, a Group-wide counterparty risk management system was introduced by Group Treasury and currency-differentiated liquidity planning was significantly optimized.
Financial risks: Refinancing on the capital market constitutes an important tool for GfK SE but also entails risks. The company complies with the regulations pertaining to the Prohibition on Insider Trading as well as the various disclosure and reporting obligations in order to avoid general reputational damage and therefore prevent a possible deterioration in the share price. This also includes efficient communications tailored to the interests of investors and analysts with the aim of promoting the trust of investors, in particular through sustained transparency. In addition, the risk of dependency (funding risk) on one group of investors is minimized through diversification of financing instruments. Furthermore, in the past financial year, credit agreements were negotiated at improved terms and conditions. As of December 31, 2016, alongside the majority shareholder, GfK’s investors comprise a large number of national and international banks (banking syndicate) as well as a large number of borrower’s note investors that do not form part of the banking sector (for example, insurance companies and pension funds).
Interest rate risks: Interest rate risks in the GfK Group mainly relate to financial liabilities. As of the reporting date, GfK SE had financial bank liabilities amounting to € 449 million, of which € 301 million are fixed-rate liabilities and € 148 million variable-rate liabilities. Of the variable-rate financial liabilities, € 15 million were hedged through an interest rate swap. In addition, a cross-currency interest rate swap was concluded in 2014 to hedge the interest rate and currency risks of an intragroup currency loan in US dollars. The combined risk assessment of the above risks after the countermeasures described is unchanged versus the previous year in terms of the extent of damage – probability of occurrence: unlikely; potential extent of damage: moderate.
Currency risks: As a global company, the GfK Group is exposed to currency risks. Unlike the previous year, the two currency risks/opportunities (translation-related/transaction-related) were assessed together.
Translation-related risks and opportunities result from converting the balance sheets and income statements of GfK companies outside the eurozone into euros, the reporting currency of the GfK Group. Translation-related effects are not hedged and are posted under other income in the consolidated financial statements. Carrying amounts of participations are currently covered only to a small extent by natural hedges. In order to limit volatility in the income statement resulting from the reporting date valuation of currency liabilities and receivables, where possible, GfK uses hedge accounting in accordance with the applicable regulations.
Transaction-related risks result from the sale and purchase of goods and services that are not invoiced in the local currency of the respective GfK company. Due to the high share of value-adding activities at local level, all GfK operating companies generate most of their income and expenses in their local currency, and the currency risk in the GfK Group is therefore limited. However, because of internal cross-accounting of international contracts, some currency effects may arise which can only be partly hedged. As a rule, GfK provides intragroup financing for its subsidiaries in their local currency. Group Treasury hedges some of the resulting currency risks centrally, when economically practical, by using financial instruments. The offsetting effects of the underlying transaction and the currency hedge are recognized in the income statement.
The risk assessment after countermeasures for the overall currency risk is unchanged versus last financial year – probability of occurrence: likely: potential extent of damage: moderate.
Tax risks: Naturally, intragroup transfer pricing and new business models result in tax audit risks for an international concern. A Group guideline is the basis towards an appropriate transfer pricing and documentation for all relevant business transactions in the respective countries. Additional measures adopted were the further development of a tax compliance organization and establishment of processes and controls. The probability of occurrence has risen slightly versus the previous year, particularly because the audit intensity of local tax authorities has increased, against the background of the measures against international tax avoidance of the OECD (BEPS – Base Erosion Profit Shifting Project). GfK is responding to this by stepping up its involvement in local internal audits and a regular review of the business models. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: moderate.
Risks in connection with product groups: In the past financial year, the aim once again was to further expand the Media Measurement business, which involves measuring TV, radio, print media, and cross-media audiences. Using innovative technology, Media Measurement offers information services on audiences, intensity and type of use of media and media products and services as well as comprehensive insights into media consumption in a dynamic media market, and information on their acceptance in different countries. Every new country in which a media measurement system is being set up presents different technical requirements and challenges. Moreover, political and economic developments are difficult to predict in some regions.TV audience measurement was successfully launched in Singapore. In contrast, the contract in Morocco was cancelled by GfK.
In Brazil and the Kingdom of Saudi Arabia, the qualitative goals for data collection were met in 2016 through strict project and resource management and consequently with a considerable time delay. The protracted setup phase and high quality standards required led to a delay in marketing. In Brazil, a syndicated approach was selected, which means GfK is responsible for the further marketing of data. In the Kingdom of Saudi Arabia on the other hand, there is an exclusive panel and decisions on further marketing are made by the client. Due to the increase in investment and lengthier setup phase, both in Brazil and in the Kingdom of Saudi Arabia, the risk was deemed to be considerably higher versus the prior year. This fact was recorded accordingly in the books. No sales have been recorded in the Brazil project since March 2016 and provisions were recognized accordingly. For the Kingdom of Saudi Arabia, we have carried out the corresponding valuation of the panel. In both cases, negotiations are currently underway on a contract amendment with the existing clients. Moreover, the focus will center on successful marketing and winning new clients in Brazil. The potential extent of damage if the projects were halted would be very high III for the project in Brazil and very high II for the project in the Kingdom of Saudi Arabia. The probability of occurrence has increased versus the previous year to likely.
Risks in connection with cross-sector initiatives: The success of new cross-sector initiatives, such as the expansion of the digital product and service portfolio, depends on successful cooperation at sector and regional level as well as on an efficient exchange and correct composition of skills within the GfK Group. In this way, the Group expects to achieve synergy effects while simultaneously expanding global cooperation within the GfK network. This also includes the launch of cross-sector products in the regions. Risks may arise here from the failure to achieve financial goals or deadlines, from an unsuitable composition of skills and expertise within GfK or due to technical framework conditions which are beyond GfK’s control, such as dependence on third party systems for data collection. To counteract this risk of failing to fulfill the stated potential or fully achieve the set aims, further action was taken to prevent or minimize risk. For instance, GfK continued to promote the successful cooperation behind the product GfK Crossmedia Link, which was developed on a cross-sector basis and serves as a benchmark for other projects and services. GfK Crossmedia Link is a platform which facilitates data enrichment, both internal and external, on the basis of a global single-source panel to meet the future requirements of the advertising industry. Consumer behavior, for instance, is measured across a range of media such as TV, PC, tablet and smartphone and enriched with information on consumption behavior. While the probability of occurrence remains unlikely, the potential extent of damage has increased versus the previous year to very high I.
Risks in connection with carrying out projects: Once again, GfK launched a number of different initiatives and projects in the past financial year in order to offer its clients even better and more up-to-date services. With these client projects, as with in-house development projects, risks can always arise during the course of the projects, along with challenges in terms of time, budget or quality. GfK counters these with the implementation of a global Project Management Standard, flanked by a Global Project Management Office (PMO). As a result of the large number of projects underway, GfK identified this risk as a significant individual risk for the first time in 2016. Probability of occurrence after countermeasures – unlikely; potential extent of damage: very high I.
Speed and success of innovation: In addition to specific project risks, GfK perceives a general risk with regard to existing products in terms of being unable to respond in time to market requirements or being unable to implement these requirements on time. This would jeopardize the success of GfK’s products in the market. Here too, GfK works continuously on growing even closer to existing and potential customers in order to better understand their needs and increase its ability to respond to these even more quickly. The internal processes and platforms for data processing are evaluated on an ongoing basis and improved where necessary. GfK invests a large amount for this purpose each year. Changing market situations mean that this risk is becoming increasingly significant for GfK and it has therefore been included in the risk catalog for the first time. Probability of occurrence: likely; potential extent of damage: very high I.
Data acquisition risks: In order to be able to provide its clients all over the world with important insights concerning local markets in more than 100 countries, GfK continuously collects data from wholesalers and retailers as well as panel and sample respondents concerning their sales trends, buying decisions and radio and TV usage. As in the previous year, GfK sees an imminent risk that these data suppliers may no longer be prepared to provide data because of concerns about data protection, among other factors, and that GfK may not be able to adequately replace them. By using alternative recruitment channels (for instance, by cooperating with agencies for field surveys), continuously optimizing its recruitment of panel members, and researching new data collection techniques, GfK has developed appropriate contingency concepts. Despite the measures introduced, GfK deems the risk to be higher than in the previous year in terms of potential extent of damage, while the probability of occurrence remains unchanged. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: very high I.
Network and data security risks: GfK processes data and information within the GfK network that could be of interest to third parties with criminal intentions. As in the previous year, GfK gave top priority in financial year 2016 to maintaining and improving measures to protect information systems and the data stored in them. This includes continuous further development of the existing Information Security Management System (ISMS), which is based on ISO 27001, careful design of the IT system architecture, consistent risk management, regular tests and automatic monitoring of applications and systems in order to identify attacks at an early stage and achieve the highest possible level of data security and operational reliability. In the past financial year, more action was taken in particular to instruct employees in dealing with security procedures and identifying risks.
The EU General Data Protection Regulation (EU GDPR), which comes into force on May 25, 2018, stipulates particular requirements for the protection of personal data and necessitates comprehensive measures to adapt existing IT systems as well as the introduction of suitable organizational regulations. A project has been set up to implement suitable solutions and is being carried out at Group level.
Continuity of IT systems: Risks to the continuity of IT systems and the associated loss of sales stem from disruption as a result of hardware or software failures in the technical base systems or applications, from system transfer, from cyber attacks, the impact of catastrophic events (fire, water, attacks etc.) and unrecoverable data after the corresponding disruption. In the past financial year, a number of measures to minimize the above risks were successfully completed. Technical consolidation was carried out in central applications to reduce system complexity, numerous system components were replaced, system capacity was increased and overly large networking between systems was abolished to reduced undesirable dependencies and side effects in system operations. Protection against cyber-attacks was strengthened, especially with regard to DoS/DDoS attacks and penetration and vulnerability tests were expanded. A project was launched with the aim of bringing the computing center locations spread across Central Europe together in a new facility, which will comprise primary and contingency components to improve protection against the impact of catastrophic events.
Furthermore, a longstanding program was successfully concluded, enabling a standardized, modern back-up system to be rolled out worldwide, replacing the obsolete, individual regional solutions. In addition to creating a firmer technical foundation, this also significantly increased reliability in the organizational implementation of back-up and restore processes. This reduces the risk of data being irrecoverable following processing errors or system disruptions.
As a result of the above measures, the potential extent of damage is categorized as lower. Probability of occurrence: unlikely; potential extent of damage: very high I.
Adjustment of competence portfolio: Digitization and globalization mean change and new challenges for the market research industry. In order to react appropriately and take full advantage of the opportunities, GfK must build up and develop comprehensive skills and expertise among its staff. A corresponding successful adjustment of the underlying organizational structure is also necessary, particularly in management functions. The GfK Group counters this risk by defining and implementing globally integrated employee strategies. Through ongoing training and qualification programs, skills and expertise are continuously adapted to advancing technological progress and employees are familiarized with innovations. Particular value is attached to identifying, acquiring and appropriately fostering the right talent for all manner of new portfolio application areas. Attractive career paths are offered and the qualification and training programs on offer are being continuously expanded. However, if it is not possible to recruit the right number of staff, GfK may also consider entering into partnerships or working with external service providers. Risk assessment after countermeasures slightly higher than in the previous year – probability of occurrence: unlikely; potential extent of damage: high.
Data quality risks: GfK has many years of experience in the collection and analysis of data. Using innovative technology and scientific methods, GfK generates intelligent information out of large quantities of data in order to provide its clients with reliable and relevant market and consumer information. As well as interpreting data from one of the world’s largest retailer networks, it also analyzes the results of ad hoc studies and consumer panels. Despite taking the greatest care, it is impossible to completely rule out certain residual risks concerning data quality (resulting from technical or human error), particularly with regard to data acquisition, data processing and the evaluation and analysis of data. This may be caused by system errors, process changes or specific data configurations that would result in the provision of incorrect information and consultancy services. Therefore in order to prevent this, system-relevant checking algorithms are applied and automatic quality controls are carried out. Current quality measures and auditing processes are also continually improved. In addition, quality checks are carried out at suppliers’ premises and regional coding hubs are being expanded further. These risks will be proactively countered through training and improvements in data acquisition. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: moderate. No changes versus the prior year.
Vacancy risks: GfK Group owns office buildings in various different locations, which will be brought together as far as it is possible. This will promote better cooperation between the departments and provide more attractive working environment. The risk was included for the first time in 2016 and relates to the possibility of buildings remaining vacant or a double rent obligation. Close cooperation and contractual agreements with project partners reduce the risk to unlikely; the potential extent of damage is categorized as low.
Competitive risks: These relate to a further increase in competition in the market research industry as a result of simplified handling of large quantities of data as well as easier and faster data acquisition. This is exacerbated by the advent of local market research companies and some specialized niche providers as well as increased price pressure. There is also persistent competition for the market research budgets of large global concerns. GfK has positioned itself as a high-quality global market research company that uses uniform methods. GfK therefore sees an opportunity to use its global network and further expansion of future-oriented innovation projects to offer its clients a very high level of added value, and thus to stand out clearly and successfully from the competition. Further improvement in data visualization and the expansion of contract management in the direction of framework contracts enable GfK to actively counter the risk.
Risks from advances in technology: Increasing digitization, the spread of the (mobile) Internet and the convergence of devices are changing user behavior and more buying decisions are now being made with the aid of mobile data or social networks. As before, companies need to understand their customers and new methods and techniques have to be developed in order to collect market research data in the digital age. Risks arise through the technical implementation of the corresponding products, both in terms of costs and a failure to adequately meet the changed market conditions. Potential risks from such projects are monitored through regular reporting and active project management. Moreover, employees receive training in project management and negotiating skills so they are able to offer GfK’s clients reliable and high-quality advice regarding innovative products and services as well as market research methods.
Risks in connection with the product and services portfolio: A global product and services portfolio harbors the risk for GfK that it will not be able to meet increased needs in terms of consulting and sales services to a sufficient extent or with the correct standard of commercial excellence, that it will not be able to implement marketing campaigns expediently or that it will not be able to offer suitable standard products that provide its clients with a comprehensive and optimum basis for their decision-making. It is therefore very important for GfK to pool its tasks within consulting projects and focus strategically on a targeted sales process. In this regard, employees continually receive training on innovations in the product and services portfolio in order to develop their skills and expertise. Improved sales planning means product launch projects can be managed and monitored on a transparent basis in order to be able to respond to any delays in good time. This also includes pooling tasks in global competence centers.
The combined market risk has increased in the past financial year and the probability of occurrence here is therefore deemed by GfK to be likely and despite intensive countermeasures the potential extent of damage is very high II.
Risks in connection with sales markets: The 10 biggest clients continue to account for a virtually unchanged share of total consolidated sales of around 15 percent, which means GfK’s dependence on individual key clients at Group level is still relatively low. However, this dependence does exist in some countries. Furthermore, the process of consolidation on the client side is expected to continue, which could result in some market research budgets being combined and the total volume reduced. In addition, due to the current uncertainty regarding macroeconomic conditions in key export markets, some clients are being forced to implement cost-saving programs and cut market research budgets. To counter this risk, in financial year 2016 GfK set up the ONE Industry Organization aimed at making greater use of growth opportunities, developing new target groups and driving forward the cross-product expansion of existing business relationships with strategic clients. GfK is also responding to this risk with a product and services portfolio tailored to the needs of the client in order to enhance the competitiveness of GfK clients. Tthe risk was assessed as having a higher potential extent of damage than in the previous year. Risk assessment after countermeasures – probability of occurrence: likely; potential extent of damage: very high II.
Legal and compliance risks
Legal risks in connection with contractual penalties and liability limits: This risk refers to the failure to fulfill client contracts in accordance with the contractual provisions and the resultant contractual penalties (for example, in the event of late performance) and liabilities for damage that could be incurred by the client as a result of faulty performance (for example, incorrect data acquisition and resultant incorrect assessment of market situation). There could be many different reasons for this. One countermeasure, for instance, is to negotiate low contractual penalties and appropriate liability limits in the respective contracts where possible. This can be facilitated in particular by using GfK’s own contract templates. The internal process prior to the conclusion of significant client contracts is regulated in an internal guideline. The risk after countermeasures is unchanged on the prior year – probability of occurrence: unlikely; potential extent of damage: very high III.
Legal risks in connection with data protection: Particularly because of discrepancies between the legal requirements of some countries, such as Russia and the USA (Safe Harbor and Privacy Shield as well as the new European General Data Protection Regulation), the risk arising from increased public awareness and sensitivity concerning data protection and data security is a top priority for GfK, just as it was in the previous year. In order to further raise awareness of issues relating to compliance and data protection, GfK provides a CEO webcast on its intranet, which is accessible to all staff and explains the “tone from the top” on these issues. It also implemented targeted in-house training measures (especially for executives, new joiners, healthcare, etc.) in the past financial year and a global e-learning module was prepared for launch in 2017. Other measures include defining the process for the use of cloud systems, continuously expanding the IT architecture and data management, consistently monitoring changes in the law and carrying out internal audits. In addition, by launching global projects, the requirements presented by new legal situations (Privacy Shield/European General Data Protection Regulation) are taken into account. Nevertheless, it is impossible to completely rule out a certain residual risk of possible infringements. The probability of occurrence remains stable versus the previous year, while the potential extent of damage has increased. Risk assessment after countermeasures – probability of occurrence: likely; potential extent of damage: very high I.
Compliance risks: As part of the established opportunity and risk management system and the internal control system, GfK carries out continuous monitoring to check whether additional risks have arisen for which countermeasures may be required. Although firmly enshrined corporate guidelines (Code of Conduct, corporate values) and internal guidelines are in place, there is still a certain residual risk that individual GfK employees will disregard these guidelines or not comply with them in full. Compliance risks may arise from breaches of corporate guidelines or criminal behavior. GfK is aware of this risk and has introduced and implemented various measures, such as continuous staff training and regular internal audits. The online training course relating to the Code of Conduct is mandatory for all employees and will be expanded to include key Group guidelines. In addition, compliance risks are identified early via the introduction of new processes and review and modification of existing ones. Thanks to the successful implementation of countermeasures, the potential extent of damage in this risk category was reduced versus the previous year. Risk assessment after countermeasures – probability of occurrence: unlikely; potential extent of damage: moderate.
Imminent or ongoing litigation, especially legal risks in connection with fictitious self-employment of freelancers and interviewers: As in the previous year, the issue of “fictitious self-employment” was discussed in the past financial year. This term refers to the risk that interviewers and other freelancers working for GfK will have to be classified as employees, which would result in additional employment expenses. GfK uses freelancers to conduct interviews for example. In recent years, social security authorities have increasingly started to check whether freelancers are in dependent employment. GfK continuously reviews its employment relationships and is careful to comply with legal requirements. In addition, for new projects involving freelancers, internal processes and contracts are tailored to the legal requirements in order to minimize any tax and social security risks that may potentially arise and to ensure compliance with social security legislation in the relevant countries. In addition, GfK is increasingly using service agencies. Despite the implementation of suitable measures, GfK deems the risk to be slightly higher than in the previous year. Probability of occurrence: unlikely; potential extent of damage: moderate.
Identified business opportunities
The following opportunities have been identified within the GfK Group. The identified opportunities and risks of future developments have been categorized and grouped. The potential impact on consolidated total income (taking into account the probability of occurrence) highlights the importance of individual opportunities and risks and is categorized into four levels: low, moderate, high, and very high (I–III). The individual opportunities and risks were categorized into six different areas.
Opportunities in connection with economic development: As a result of its global positioning and very high degree of diversification, GfK benefits from positive economic development in the markets it serves. Additional business opportunities arise if economic growth is stronger than expected since this points to increased demand. The opportunity assessment has declined slightly versus the previous year, standing just below moderate positive opportunity potential.
Opportunities in connection with portfolio measures: The market continues to be dominated by increasing digitization and the associated change in consumer purchase behavior. The faster availability of data also poses new challenges for the market research industry. GfK is countering this risk with targeted acquisitions. Should the acquisitions potentially outperform the underlying business plans, this would result in monetary opportunities for GfK. The opportunity assessment is rated cautiously with low potential.
Currency fluctuations and translation-related opportunities: As a global company, the GfK Group is exposed to currency fluctuations. The upward potential of the translation-related currency effects produces a potential opportunity for GfK. This results from the translation of the balance sheets and income statements of GfK companies outside the eurozone into euros, the reporting currency of the GfK Group. Opportunity assessment: Business opportunities with moderate positive opportunity potential.
Tax optimization: GfK continues to see potential for tax optimization, which is why opportunities to improve the tax situation in individual countries are reviewed and implemented on an ongoing basis. Opportunities are reviewed through continuous monitoring of the global and local legal environment, taking account of GfK’s circumstances. Opportunity assessment has increased versus the prior year: Business opportunities with high positive opportunity potential.
Expansion of business position and success potential from projects: GfK is investing heavily in new digital technologies and new methods to connect and enrich data. With the aid of newly developed methods and technologies, large data volumes from all kinds of sources can be analyzed. As in the previous year, GfK continues to see this as an opportunity to offer compelling products and services based on a comprehensive innovation offensive. The future potential arising from the new technical possibilities is to be consistently exploited through continuous expansion of data processing processes in the market as well as the use of a global network, which should enable GfK to clearly and successfully distinguish itself from its competitors and also strengthen client loyalty. The Group sees a direct opportunity to further expand its business position through the targeted expansion of business and a faster roll-out of products in promising growth regions.
Speed and success in innovation: The risk of being unable to respond promptly to changes in market requirements with the corresponding innovations was reported on separately for the first time in financial year 2016. One of the many countermeasures implemented by GfK is the increased pooling of competences in global service centers. This generates the opportunity to augment the expansion of expertise and consequently the ability to respond more quickly, more cost-effectively and more flexibly to changes in requirements, and consistently ensure excellent data quality at the same time.
Opportunities in connection with data acquisition: GfK delivers a unique combination of consumer, retail and media data, which are linked together using scientific methods and innovative technologies. Important findings on local markets regarding the use of radio and television as well as on sales trends and purchasing choices are continuously collected in over 100 countries around the world to deliver this data to clients. GfK believes the use of alternative recruitment channels, continued optimization of the recruitment of panel members and research into new techniques for data gathering provide a cost-saving opportunity.
Commercial excellence in terms of data quality: Due to long-standing experience in the collection and analysis of data, GfK is a trusted supplier of reliable, relevant and intelligent market and consumer information. By continuously optimizing and improving the internal processes for gathering reliable data, GfK sees an opportunity to continue positioning itself as a high quality global market research company that successfully stands out from the competition.
Opportunities in connection with IT systems: Numerous measures were successfully completed in financial year 2016 to improve the continuity of system operations. As a result, GfK not only successfully minimized the risk of an IT system failure, but also generated opportunities through the improved infrastructure. For instance, the main power supply was optimized to ensure even better reliability. Additional investment in data protection and data security strengthens the reputation of the company and GfK may possibly win additional contracts as a result.
As a result of the number of promising initiatives in both sectors, the opportunity assessment is higher than in the previous year: Business opportunity with very high positive opportunity potential.
The technological influence of data collection and processing is having an increasingly significant impact on business processes and corporate strategy. The use and expansion of digital methods to collect data and newly developed methods for processing data from a very wide range of data sources open up further opportunities within the market research industry: Low positive opportunity potential.
Legal and Compliance
Legal and strategic opportunities: With reliable and high-quality services, GfK has positioned itself among its clients and stakeholders as a global market research company. This positioning is fundamentally contingent on the values and standards espoused by GfK (the “Tone from the Top”) being actively brought to life by all employees in the GfK Group. This is the basic prerequisite for success in order to bring about the necessary and desired change in culture within the Group. Low positive opportunity potential.
The opportunity and risk management system described in 11.1 forms the basis for the assessment of the opportunity and risk position by the Management Board. Risks are identified and assessed at the level of the individual companies in the GfK Group, while both opportunities and risks are identified and assessed at regional, sector and Group level.
Compared with the previous year, the overall risk of the GfK Group has slightly increased. The new risks included in the risk assessment in financial year 2016 stem predominantly from the operational sector. Here, the main risks comprise the need to promptly adapt to changes in market conditions and the efficient execution of projects. The potential extent of damage relating to risks in connection with competition, sales market consolidation and risks relating to product groups has increased versus the prior year, while the implementation of countermeasures mean the probability of occurrence remains virtually unchanged. On the other hand the GfK Group will exploit the identified business opportunities.
To summarize, it can be concluded that at the time of publishing this Annual Report, the Management Board was not aware of any individual risks, interactions or accumulation of risks which might jeopardize the continued existence of GfK SE and the GfK Group.