SBB: Combining risk management with financial planning

Corporate Risk Management is part of SBB's Finance Division. On behalf of the Board of Directors and the Management Board, it focuses on SBB's overall risk situation and is responsible for the Group-wide processes, methods and instruments in SBB's risk management.
SBB's financial planning is prepared for different time horizons on the basis of the long-term rail business. The focus is on medium-term corporate planning for the following six years. Even though Risk Management looks at the same horizon when assessing risks, coordination between risk managers and financial planners has so far been mainly informal.

In order to align risk management with the needs of integrated corporate management, both of SBB's central management instruments had to be more closely linked. The aim was to ensure that, on the one hand, risks are systematically taken into account in financial planning and, on the other, that financial plan values are used in risk assessment. In addition, as a transport and industrial company with a public service mandate, many risks are classified qualitatively in SBB's risk management, e.g. in terms of their impact on the company's image. The goals set by the owner and the perception of customers and a wide range of stakeholders are just as relevant for SBB's business development as the achievement of financial goals. However, qualitative risks cannot be taken into account in financial planning.

A theoretical analysis of the link between financial planning and risk management produced few practical findings. Valuable input was gained from discussions with other companies and a new approach was developed for SBB with risk managers and controllers. Risks from the risk processes are now systematically taken into account in financial planning (step 1) and financial plan values are in turn mapped in the risk reports (step 2).

Step 1: Consider risks in financial planning

First, four principles for the consideration of risks in financial planning were developed:

1. Even a risk taken into account in planning remains a risk in Risk Management until it no longer exists. Such a risk continues to be mapped and managed in the risk process. In contrast to theoretical approaches, which define a risk as a deviation from a target or plan, SBB follows the principle of prudence and promotes the active management of risks.
2. Risks are to be evaluated financially as far as possible. Risks that cannot be assessed financially (e.g. qualitative risks) are not taken into account in financial planning.
3. Preventive risk measures must be taken into account in financial planning.
4. Risks are mapped in the financial planning using a "decision tree" (cf. Figure 1). In accordance with internal regulations, financial risks are taken into account in financial planning if their probability of occurrence is over 50 percent. Depending on their relevance, other risks can be presented with scenarios and their impact on financial statements.

Step 2: Consider financial plan values in risk management

Up to now, the so-called current risk was recorded in the risk processes and mapped in the risk report. In addition, the target state of each risk defined the target state to be achieved with the risk strategy. The current risk already takes into account implemented measures, but not the values, provisions or insurance benefits set in the financial planning. This transparency had to be created in the risk report: How big is a risk still if the values set aside for it in the financial planning are deducted? With the new approach, a risk is shown in the risk report with three instead of two values. The previous presentation of the current risk and the target status remains. What is new is the net representation of the risk. This value corresponds to the current risk minus the values and measures taken into account in the financial planning or covered by provisions and insurance benefits (see Figure 2). This provides full transparency in the risk report on the various risk values.

The prerequisite for steps 1 and 2 is the financial risk assessment

Until now, SBB's risks have been assessed primarily in qualitative terms. In order to quantify as many risks as possible and to strengthen the link between risk management and financial planning, a new risk assessment approach was developed that monetizes not only the potential damage to SBB, but also that to customers, the population and politicians.

Furthermore, the direct damage of a risk to earnings and/or free cash flow is assessed financially. In addition, availability and safety risks are now quantified by calculating the economic damage in addition to the economic damage. For example, train delays can cause comparatively low direct costs, but have a major impact on customers, the population, politics and SBB's image. Only risks that neither have a direct financial impact nor affect availability or safety (e.g. staff motivation) are assessed purely qualitatively.

Conclusion

Unlike in theory and in many companies, SBB focuses on the holistic management and assessment of risks, even if these are taken into account in financial planning. The systematic handling of risks in financial planning and the mapping of financial plan values in the risk reports strengthen the link between risk management and financial planning. For this purpose, risks must increasingly be evaluated in financial terms, which also increases the comparability of risks with one another.

Authors

Corinne Posch, Business Economist FH, is Senior Corporate Risk Manager at SBB. She was previously Head of Planning and Reporting in Finance at SBB's Infrastructure Division.

Tanja Matetic, who holds a degree in business administration, has been Head of Corporate Risk Management at SBB since 2010. In summer 2021, she will start as Head of Corporate Security at Migros Aare.

Tanja Matetic is a member of the board of Association Network Risk Management. Corinne Posch is a member of the association Netzwerk Risikomanagement.