Opportunities and risk management
Opportunity management process
For the highly dynamic global airline industry, opportunities can arise both externally – from new customer requirements, market structures, ongoing consolidation or changes in the regulatory environment – and internally – from new products, innovations, quality improvements and further competitive differentiation.
Employees and managers in the Lufthansa Group identify opportunities in the course of day-to-day processes and market observation. Opportunity management is also an integral part of the annual strategy and planning processes. Scenario analyses and accurate return calculations are used to precisely examine opportunities. Opportunities that, in an overall assessment, are considered advantageous for the development of the Lufthansa Group are pursued and exploited by means of defined steps.
They are managed by established planning and forecasting processes as well as by projects. Opportunities relevant for the Group are incorporated into the Group strategy. ↗ Group strategy. The individual business segments also identify their own specific opportunities. ↗ Business segments.
Objectives and strategy of the risk management system
Risk management at the Lufthansa Group aims to fully identify material risks, to present and compare them transparently and to assess and manage them. Risk owners are obliged to monitor and manage risks proactively and to include relevant information in the planning, management and control processes. The Group guidelines on risk management adopted by the Executive Board define all the binding methodological and organisational standards for dealing with opportunities and risks.
Structure of the risk management system
The scope of consideration covered by the Lufthansa Group’s risk management system comprises all of the airlines in the Lufthansa Group, including the Logistics and MRO segments, as well as Lufthansa Aviation Training, AirPlus, Miles & More, Lufthansa Global Business Services, the IT companies and the Delvag Group.
The chart ↗ G26 Risk management in the Lufthansa Group shows the different functions involved.
The Supervisory Board’s Audit Committee monitors the existence and effectiveness of the Lufthansa Group’s risk management.
The Risk Management Committee ensures, on behalf of the Executive Board, that processes, structures and rules are established to identify, manage and assess business risks at an early stage across all functions and processes. It is also responsible for improving the effectiveness and efficiency of risk management. Appointments to and the responsibilities of the committee are defined in internal regulations.
The Corporate Controlling department has functional responsibility for ensuring that the risk management system is standardised across the Group. The responsible unit head reports directly to the CFO. Group risk management is responsible for implementing uniform standards and methods, for coordinating and continuously refining the risk management process and for all risk management reporting in the Lufthansa Group.
The managing directors or management boards of all the companies covered by the risk management system also appoint risk managers. They are responsible for implementing the Group guidelines within their own companies and are in close, regular dialogue with the Lufthansa Group’s risk management function. In addition, they ensure that risk-relevant information is agreed with the planning and forecasting processes in their company (risk controlling).
Managers with budgetary and/or disciplinary responsibility are designated as risk owners. Their role is to implement risk management for their area. The identification, evaluation, monitoring and management of risks are therefore fundamental aspects of every management role. The “Principles of risk management” stipulate that the occurrence of material predictable risks that have not been reported in the past is considered to be a serious management error.
The Internal Audit department carries out internal, independent system audits focusing on the appropriateness, effectiveness, and economic viability of the risk management system practised in the Lufthansa Group. The last suitability test took place in 2022.
During its annual audit of the financial statements, the auditor examines the system for the early identification of risks in place at Deutsche Lufthansa AG with regard to statutory requirements. In the 2023 financial year, the audit outcome was that the statutory requirements of Section 91 Paragraph 2 AktG were met in full.
Stages of the risk management process
The closed and continuous risk management process, which is supported by IT, begins with the identification of current and future, existing and potential opportunities and risks from all material internal and external areas. The Lufthansa Group defines opportunities and risks as the possible positive or negative deviations from a forecast figure or a defined objective. The risks identified are checked for plausibility by the companies’ risk coordinators and gathered together in the Group’s risk portfolio. The risk portfolio documents the systematic entirety of all individual risks and constitutes the quality-assured result of the identification phase. As the risk landscape is dynamic and subject to change, the identification of risks is a continuous task for the risk owners.
Risk owners are obliged at least once a quarter to verify that the risks for which they are responsible are complete and up to date. They also evaluate the extent to which circumstances involving risk have already been included in the forecast results and to what extent there are additional opportunities or risks of achieving a better or worse result than the one forecast. They actively manage opportunities and risks by means of risk mitigation instruments and measures.
On this basis, the Executive Board is regularly informed about the current risk situation of the Lufthansa Group and its operating segments.
The Executive Board reports annually to the Audit Committee on the performance of the risk management system, the current risk situation of the Lufthansa Group and on significant individual risks and their management. In the event of significant changes to previously or recently identified top risks, mandatory ad hoc reporting processes have been defined in addition to these standard reports.
Evaluation methodology in the risk management process
Once the risks have been identified, all the individual risks are measured according to uniform measurement principles. Risks are generally evaluated on a net basis, i.e. taking implemented and effective management and monitoring instruments into account. A methodological distinction is made between qualitative and quantitative risks. Regardless of the risk type, objective criteria or figures derived from past experience are used for the evaluation wherever possible. Risk measurement thus forms the basis for consolidating similar individual risks into an aggregate risk. Suitable instruments for risk management are defined with the aim of proactively limiting the risk position. Continuous risk monitoring identifies changes in individual risks and any required adjustments to risk management at an early stage. Steps necessary to manage and monitor risks are initiated as required. Steps, in this sense, mean clearly defined activities with a fixed duration, responsibility and time frame, which serve to develop control instruments.
Qualitative risks are mostly long-term developments with potentially adverse consequences for the Lufthansa Group. As concrete information is often not available, these risks cannot or cannot yet be quantified. In the context of qualitative risks, the risk management process involves a strategic approach to uncertainty. In order to evaluate such risks as systematically as possible in spite of this, estimates are made about their significance and their magnitude. Significance describes the potential impact of the individual risk – for example, on the Group’s reputation, business model or earnings. The estimate of magnitude assesses how pronounced or intense the (weak) signals are that indicate a potential risk to the Lufthansa Group or a specific company. Chart ↗ G27 Lufthansa risk evaluation for qualitative and quantitative risks shows the different categories used.
Quantitative risks are those whose potential effect on earnings can be estimated. A distinction is made between different probabilities of occurrence. The extent of loss is given as the potential monetary impact on the planned Adjusted EBIT. Depending on the type of risk, this may relate either to relatively infrequent event risks, such as an IT failure following a cyberattack, or to risks arising from deviations from planned business developments, due to fuel price volatility, for instance. Quantitative risks therefore form the basis for the overarching verification of potential deviations from plans and forecasts. The thresholds for classifying the monetary Adjusted EBIT effect are defined centrally for the Lufthansa Group and for the Group companies according to standardised criteria.
The individual qualitative and quantitative risks are divided into classes A, B, C, D and other risks to assess their materiality. In accordance with DRS 20, all quantitative A and B risks as well as all qualitative A and B risks that are at least of a “substantial” significance and a “high” magnitude count as material risks for the Lufthansa Group. ↗ G27 Lufthansa risk evaluation for qualitative and quantitative risks.
Risks for the Lufthansa Group that meet this materiality criterion are presented in a table in the order of their significance for the Lufthansa Group in the section ↗ Risks at an individual level and are described in detail below.In some cases, equivalent risks are shown here in a more aggregated form than that used for internal management purposes. Unless stated otherwise, all the operating segments in the Lufthansa Group are exposed to a greater or lesser degree to the risks described.
Description of risk-bearing capacity
The Lufthansa Group’s risk management system includes a concept for calculating its risk-bearing capacity. It entails comparing an indicator of risk-bearing capacity based on liquidity with the aggregated top risks in order to ensure that sufficient funds are available to cover the risk. The top quantitative risks are weighted and aggregated on the basis of the risk value. The top qualitative risks are also incorporated into the model and assessed on an aggregate basis. This presentation is part of the quarterly reporting to the Executive Board. This procedure meets the requirements of IDW PS340 as revised.
Inclusion of CSR Directive Implementation Act in risk management
In accordance with the CSR Directive Implementation Act (CSR-RUG), the Lufthansa Group’s risk management also covers aspects relevant to CSR (environmental, employee and social concerns, as well as human rights, anti-corruption measures, bribery and the supply chain) and their risks for external stakeholders. Risks are reported in the combined non-financial declaration in line with CSR-RUG if they would have a severely adverse impact on the Company and their occurrence is highly likely. In 2023, the CSR content was updated to include mitigating instruments and measures. As in the previous year, none of the CSR risks were so material that they were described at an individual level.
Internal control system for monitoring the risk management process
The risk management process in the Lufthansa Group is monitored by an internal control system (ICS). This entails systematically reviewing the effectiveness of control measures for material risks as part of the Lufthansa Group’s ICS. The relevant risks are selected annually. The review includes an assessment of the structure and the functionality of the ICS. Reporting on the results of the review forms part of the report to the supervisory boards of the individual companies on the effectiveness of the ICS, and to the Audit Committee of the Deutsche Lufthansa AG Supervisory Board on an overall basis.