Risk management regulates the handling of risks and opportunities within a process, project or other company activities. The aim of the risk management process is to support management in its corporate decision-making, to improve corporate management and to provide transparency and certainty to stakeholders. Performance-oriented risk management is geared towards implementing the corporate strategy and is an integral part of corporate management. Risk management includes all measures taken to identify, analyze, evaluate, monitor, and control risks. The primary objective is to identify and reduce risks and to identify opportunities and their subsequent use cases. All strategic business units or significant Group companies conduct risk management. Risk management with a focus on accounting and reporting is regulated in the Group Risk Policy, which falls under the remit of Group Controlling.
The Group companies employ a early detection system for risks to ensure that risks are identified at an early stage and countermeasures are initiated. The Group companies and the Risk Panel are responsible for setting up and monitoring the system at a higher level. It determines the risk-bearing capacity of the Zeppelin Group with the help of quarterly risk panel reports.
In addition to the Risk Management System (Group RMS), the Zeppelin Group also has other distinct governance, risk and compliance systems (GRC), which are used to evaluate risks in the central specialist divisions or sub-divisions. If significant risks are identified from these systems, these must be reported in the RMS. These include the GRC tool “OneTrust” (currently used for IT security and data protection), and the Tax Compliance Management System and the Tax Control Framework (TCF), through which the Group companies and the central divisions can identify, evaluate and deal with their risks. If significant risks are identified from these systems, these must be reported in the RMS. In addition, the Group Management Board, together with the Risk Panel, determines which central divisions of Zeppelin GmbH report additional risks to the Risk Panel. These include IT security, data protection, compliance and corporate social responsibility. A detailed overview of the risks and opportunities of the Zeppelin Group can be found on page 94 of the Annual Report 2022.
The procedure for determining risks and opportunities for processes and projects is contained in the “Risk Management” procedural instruction. The sponsor and/or the respective project manager are responsible for identifying risks and opportunities within a project. The process owner is responsible for identifying for his process the respective risks and opportunities, the persons involved, the necessary knowledge and the necessary tools, as well as other process-specific aspects. Identified opportunities and risks were assessed based on their probability of occurrence, failure rate or extent of damage. Risks and opportunities are assessed and taken into account in the decision-making process in all key decisions taken in the meetings of the Group Management Board and the Executive Board. Suitable measures for risk avoidance or mitigation and the use of identified opportunities are then defined. If the overall risk has decreased or is acceptable on account of the defined measures, key figures will be defined. If the overall risk has not decreased by the required amount, measures will be redefined. The effectiveness of the defined measures and KPIs is regularly reviewed as part of the ongoing improvement process and the management review process with the Group Management Board; changes are made as necessary.
Our business activities also have an impact on the environment and society. To be able to assess the resulting risks and opportunities in more concrete terms, a workshop was held in 2022 with the representatives of specialist units and CSR managers (for a more detailed description, see the Stakeholder and Materiality Analysis section). After close examination, no serious negative effects were identified. The following part of this report describes potential risks and opportunities of our corporate activities that could have a long-term impact on the environment and society, and explains which prevention and remedial measures are available in order to avoid potential risks, for each topic area.
Compliance & data protection
Environmentally and socially responsible corporate governance is not a direct legal requirement, but a matter of course anchored in Zeppelin’s corporate culture. Accordingly, Zeppelin’s Compliance Management System manages compliance risks. The focus in this regard is on risks from the areas of corruption, export controls, and data protection.
The cyber threat situation, which is rated as “very high” worldwide, has been seen as exacerbated since Russia’s attack on Ukraine – especially for Germany. Overall, the situation continued to escalate throughout 2022: The threat in the cyber space is therefore higher than ever before. Ensuring the availability, integrity, and confidentiality of data is an essential requirement for Zeppelin. Likewise, the resilience of the systems used, and products provided against the described threats is also essential. For this reason, technical and organizational measures are taken in the context of a Group-wide information security management system and its risk management in order to counteract risks in a targeted manner through detection, response, and prevention. For example, the IT operations of the Eurasia region have been restructured in order to be able to react as flexibly as possible to future changes and threats. Furthermore, the development of a Group-wide IT Service Continuity Management (ITSCM) was accelerated. The introduction of the ITSCM ensures the availability, integrity, and confidentiality of Zeppelin’s time-critical and business-critical business processes in the event of cyber attacks and IT crisis situations.
The human factor continues to play a key role in many attacks. For this reason, awareness training and regularly simulated phishing attacks are carried out for all Group employees. These campaigns raise employees’ awareness of these risks and are accompanied by further technical measures. Security monitoring and security analytics ensure that anomalies are detected and attack attempts are prevented. These and other measures of integrated information security management form the basis for appropriate protection against current threats in the cyber environment. But in the future, we can expect continued strong growth in the dynamics of cyber risks, mainly driven by advancing digitalization and an increase in cyber crime. Despite the implementation and improvement of these preventive security measures, risks cannot be ruled out in this volatile environment.
In addition to optimizing internal processes and improving product and service quality, transparent and fair handling of complaints also plays an important role. Standardized processes can achieve lower reject rates, reduce material usage, and thus save resources and energy. Due to Zeppelin’s extensive product and services portfolio, a standardized procedure is crucial to ensure the health and safety of customers and to avoid risks in advance. To ensure high-quality products and services, and to meet our customers’ needs and requirements, we have implemented a uniform management system in accordance with DIN EN ISO 9001:2015 in the German companies. This underscores the quality awareness for internal and external purposes.
The Supply Chain Due Diligence Act gives particular relevance to human rights risks such as child labor, forced labor, and slavery. Failure to properly manage suppliers could result in risks in these areas. On the other hand, companies in Germany will have to ensure that their supply chains comply with the requirements of three international environmental agreements in the future. From 2023, for example, supply chains will also be subject to requirements for the use and handling of mercury, for the production and handling of certain hazardous persistent organic pollutants, and for the import and export of hazardous substances (Minamata Convention, Stockholm Convention and Basel Convention). Moreover, companies must prevent or mitigate certain environmental damage if human rights are otherwise violated. This means, for example, that companies must prevent harmful changes in soil, water or air pollution if this would significantly impair the production of food, deny a person access to safe drinking water, or damage a person’s health. For these reasons, sustainable supplier management is of particular importance.
Health and safety
According to the German statutory accident insurance body, there is a high risk of injury within the construction industry. To prevent accidents and illnesses, it is particularly important for Zeppelin to draw customers’ attention to the risks involved, to encourage correct handling, and to conduct preventive work through training. Due to the heterogeneous product diversity of the company, there are different approaches within the strategic business units.
Employee satisfaction and diversity
Corporate activities in the area of employee satisfaction and diversity relate less to risks for the environment and society, and more to opportunities and advantages arising from the discussion of the topic of diversity, equal opportunities, and inclusion. In this way, inclusive measures and concepts, the promotion of a work-life balance, and the establishment of an appreciative and non-discriminatory corporate culture contribute to the sustained safeguarding of our corporate success. These initiatives in turn support the handling of social changes such as demographic change and are able to counteract the shortage of skilled workers. A detailed list of our measures and initiatives can be found in the corresponding section.
Occupational health and safety
At Zeppelin, the health and safety of employees is paramount. Particularly in field service, hazardous situations can arise in which employees have to react independently and flexibly. With the help of our Vision Zero and our occupational health and safety measures, we want to prevent accidents to the fullest extent possible. The occupational health and safety management system in accordance with DIN ISO 45001 in all German companies helps us to be legally compliant and to continuously improve our processes.
Donations and sponsoring activities
For Zeppelin as a foundation-owned company, business and corporate social responsibility are inseparable. Charitable organizations and charitable projects can be supported through targeted funding. This establishes a better understanding and better cooperation within the company in the long term. To ensure that no preference is given to specific stakeholders, it is important to be careful when selecting donation and sponsorship activities and to ensure that they are in line with the company’s values and beliefs. For this reason, Zeppelin has developed a donation and sponsoring policy as well as internal review processes (see the Financial Engagement section for more details).
Significant environmental risks may arise as a result of the company’s activities. Some examples of these risks are the release of harmful chemicals or waste, the use of fresh water within water stress areas, and the impact of climate change on greenhouse gas emissions. These risks may not only harm the environment, but also have a negative impact on people’s health and on the economy. Zeppelin actively counteracts these risks through regular official audits, the energy and environmental management system, and many site-specific measures. An in-depth context analysis with regard to environmental conditions along with the assessment of environmental aspects help to assess risks and opportunities in detail.
Physical climate risks can arise from the direct consequences of climate change, such as extreme weather events or flooding. Long-term changes, such as the increase in average temperatures, and indirect risks, such as restricted functionality of international supply chains are also considered. At the same time, physical climate risks offer opportunities for Zeppelin as these risks must be countered by appropriate measures such as the expansion of flood protection systems, irrigation and drainage systems, and the energy-efficient refurbishment of buildings. Transitory climate risks can be associated with the transition to an environmentally friendly economy. Zeppelin has identified regulatory changes, for example due to new or stricter laws and requirements, as well as higher operating and investment costs, for example due to necessary technical retrofitting of plant and equipment or the energy-efficient refurbishment of existing properties, as risks and areas for action. Furthermore, it is expected that current sales markets will change because of the transformation of the economy, and that the demand for products that use fossil energy sources will decrease in the long term, and the need for environmentally friendly, low-emission products and services will rise significantly. As a sustainable company, Zeppelin reacts in good time to the changes that the transformation to a more environmentally friendly economy entails. Zeppelin also anticipates opportunities that arise as a result, such as tapping into new sales markets, improving competitiveness by changing the product and services portfolio, and increased resilience. Caterpillar, as Zeppelin’s most important business partner and supplier, is also committed to sustainability and thus contributes to a lower carbon future. Caterpillar demonstrates this in many ways, e.g. through significant progress in reducing greenhouse gas (GHG) emissions from its own operations, and its ongoing investments in new products, technologies, and services to help customers meet their climate-related goals. Caterpillar is also developing a variety of alternative energy solutions to support a lower-carbon future, including battery-powered construction equipment.
Zeppelin counteracts potential climate risks at an early stage through sustainable corporate governance and its voluntary commitment to achieving its own sustainability goals. In the coming years, further climate risks and possible fields of action will be identified and prioritized, and measures to reduce risks and identify opportunities will be defined as required.