Risk management We consistently apply the precautionary principle and implement the same robust risk management system: • We identify risk factors and opportunities that could affect our activity, taking into account all dimensions that could affect us • We assess the causes and potential impact in a detailed and structured manner • We aggregate risks into different categories, depending on the type and severity of the impact and relevance to our business • We address both risks and opportunities by formulating appropriate measures • We mitigate risks by implementing concrete actions to reduce negative impacts We align ourselves with the risk management system implemented at the REWE Group level, which uses a uniform risk management system across the group to reduce potential risks and identify long-term opportunities. Thus, risk management is an ongoing process that is integrated into our operational activities. For all identified risks, appropriate management measures are outlined, and the degree of complexity of the action and the timing of implementation depend on the urgency (probability of materialization and occurrence of the risk as soon as possible), as well as on the potential threat (potential damage caused by the monetary, reputational and legal impact) of the risk. At group level, the general conditions, guidelines and processes for the uniform management of corporate risks by Corporate Controlling are developed in cooperation with the departments of Governance and Compliance, Finance, Business Administration, Tax, IT Strategy and Governance and Information Security, as well as with Corporate Security. Risk managers independently identify, assess and manage risks in specific risk areas throughout the year, using a bottom-up approach. Each risk area presents once a year the risks identified on the basis of the Group's uniform standards, in the form of an inventory of the risk area The uniform risk management system defined at the level of the REWE Group implements the same fundamental values in all companies belonging to the group: • Self-assessments – the Governance, Risk and Compliance (GRC) approach to identifying, assessing and managing risks with a focus on the "antitrust" and "corruption" components • 4 risk management strategies: avoidance, mitigation, transfer, and acceptance. At the same time, we use the Risk to chance "R2C" software tool, mainly intended for identifying and reassessing compliance risks. We maintain the same procedure for identifying and classifying risks, the following parameters are taken into account: the relevance of their potential to threaten the business, the financial situation and earnings, the cash flow, as well as the reputation of the group. The risk managers in our company inform the top management about the results of the risk analyses carried out and the degree of implementation of the previously defined management plans. At the same time, according to the mandatory provisions, any significant risks identified, new or existing, which may have a material impact, are reported in a timely manner and directly to management. Risks of relevant importance are managed and monitored by the selected corporate departments according to their expertise. The most important risk categories identified in 2024 at Group level were: Identified risk Specificity of the relevant risks Value at Risk* Compliance Violations of antitrust law Material IT, information security I&T (Information and Technology) compliance, misuse of data and information/cybercrime, technical failures Material Data protection Procedural and organizational deficiencies in data protection Material Epidemic Pandemic Significant * The risk assessment is made on the basis of given or realistically foreseeable circumstances. In principle, risks are assessed on a net basis (= monetary loss minus impact mitigation measures plus costs incurred for these measures). MESSAGE FROM THE GENERAL MANAGEMENT SUSTAINABILITY STRATEGY AND GOVERNANCE ABOUT US AND OUR VALUE CHAIN ABOUT THE REPORT THE FUTURE IS MADE TODAY SUSTAINABILITY MILESTONES SUSTAINABILITY REPORT PENNY ROMANIA 2024 100/276
RkJQdWJsaXNoZXIy MjUyMDg2Nw==