2 Risks and opportunities at BRAIN Biotech AG
2.1 Risk Management System (RMS)
2.1.1 Features of the RMS
The focus of the RMS that is presented here is on business risks, and does not include opportunities. The operating segments, projects, and subsidiaries take opportunities into consideration based on the corporate strategy. Potential market opportunities, associated expenses, and the time horizon until commercial exploitation are evaluated as part of related planning processes.
BRAIN’s RMS includes the systematic identification, documentation, evaluation, management, and reporting as well as constant monitoring of all identified and relevant risks. The management thereby ensures that the targets that are set are not jeopardized by risks, and creates risk awareness within the entire Group in accordance with statutory regulations. The RMS is fully integrated into the corporate processes of BRAIN Biotech AG.
Risks are also presented using the net presentation method. In other words, the risks are presented in such a way that they are analyzed taking into consideration countermeasures already taken. The focus in this context is on medium and high risks, and on risks that might jeopardize the company as a going concern.
The aim of BRAIN’s RMS is not only to comply with statutory regulations but also to support internal management and business security. Overall, risk awareness should be created on a Group-wide basis at minimum in accordance with statutory regulations in order to ensure the corresponding responsible handling of risks and counterstrategies accordingly.
The RMS focuses on ascertaining risks within BRAIN. Opportunities are weighed and considered based on the corporate strategy, which forms a process that is integrated into planning processes. Potential opportunities are evaluated within strategy and planning processes, and compared with potential risks. Opportunities are categorized and presented based on the probability of occurrence and the contribution to the company’s net present value (rNPV).
The RMS, which undergoes constant further development, has integrated previous years’ experience in its identification and management of risks. The effects of the risks as presented in the following risk and opportunities report are reported as annual risks. The evaluation of the presented risks relates to the 30 September 2024 reporting date, and was prepared based on an assessment in the relevant areas conducted shortly before the reporting date.
2.1.2 A new risk management system was introduced in the reporting year
The new RMS primarily focuses on the realization of the Group’s internal targets. This makes the results directly more relevant for the management of all areas of the company. The steps from the existing RMS were retained but have been organized differently.
In the new RMS, the Management Board defines a risk tolerance as a threshold for taking risks that are relevant to the achievement of the company’s objectives. This is based on the BRAIN Biotech Group’s risk-bearing capacity, which takes EBITDA as well as equity and market capitalization as a basis. As a consequence, the diversity of the BRAIN Biotech Group’s various business units (production- and research-orientated) is taken into adequate consideration.
As previously, risks are identified on a regular basis and subjected to initial assessment. In addition to a “typical” potential loss, a “high” potential loss[3] is also taken into account in order to enable better consideration of risk events entailing a high potential loss volume and low probability of occurrence. Such risks are often more likely to comprise going concern risks.
The risks that potentially exceed the defined threshold (i.e. € 500 thousand effect on EBITDA) are analyzed in greater detail. As part of this simulation, probability drivers and the extent of losses are identified and quantified. Such drivers also form the basis for risk indicators, especially if risk-mitigating measures cannot be implemented. In addition, a risk distribution is prepared on the basis of the probability assessment and the estimated loss amount, which helps to determine risk management measures at individual risk level and, together with the other risks analyzed, forms the risk profile of the entire BRAIN Biotech Group.
This comprehensive analysis is conducted annually. The risk profile is updated quarterly or on an ad-hoc basis.
2.1.3 Risk identification
Risks are surveyed Group-wide as part of risk identification involving all key decision-makers and experts. This iterative process first models all risks before aggregating them within a Group-wide risk inventory, and evaluating them.
The Supervisory and Management boards are in regular contact when new risks are identified or the general risk situation changes. If necessary, external consultants are also involved.
2.1.4 Risk evaluation
Risks identified as part of a risk analysis are evaluated in terms of their frequency of occurrence and impact on the basis of the following scale.
Frequency within the coming year
| Frequency score | Note |
|---|---|
| Frequent | > = once per month; probability around 100 % |
| Regular | once per year; probability around 100 % |
| Irregular | once in five years; probability around 20 % |
| Seldom | once in ten years; probability around 10 % |
| Very seldom | once in twenty-five years; probability around > = 4 % |
Degree of impact
| Impact score | Note | Typical EBITDA impact |
High EBITDA impact |
|---|---|---|---|
| Minor | Minor negative impact on next year’s forecast results of operations | < EUR 20 thousand | < € 100 thousand |
| Moderate | Moderate negative impact on next year’s forecast results of operations | up to EUR 100 thousand | < € 500 thousand |
| Significant | Significant negative impact on next year’s forecast results of operations | up to EUR 500 thousand | up to € 2 million |
| Considerable | Considerable negative impact on next year’s forecast results of operations | up to € 1 million | up to € 5 million |
| Critical | Critical negative impact on next year’s forecast results of operations | > € 1 million | > € 5 million |
Impact is defined as the influencing parameter on BRAIN’s forecast EBITDA.
The potential annual losses per risk are determined using a simulation of the product of the potential frequency of occurrence and loss amounts. The Management Board has set a risk tolerance of € 500 thousand per risk per year, assuming that the individual risks are at most weakly correlated. This volume may be exceeded once in twenty years. This value is determined and categorized for each risk. The categorized value is shown in the overviews for each segment. The evaluation was carried out before the existing insurance cover was taken into consideration. For many risks, however, BRAIN utilizes insurance solutions for risk transfer purposes.
The potential annual EBITDA losses per risk are categorized as follows in this report:
| Loss for the year score | Note |
|---|---|
| Low | Up to € 500 thousand of potential loss for the year |
| Medium | From € 500 thousand up to € 1.5 million of potential loss for the year |
| High | More than €1.5 million of potential loss for the year |
Risks beyond the 95 % quantile are monitored where it is appropriate to do so. Such monitoring is realized with the help of risk indicators, among other things, which are measured regularly and will be monitored and discussed in future at quarterly meetings between the Management Board and division heads.
2.1.5 Risk management and monitoring
BRAIN deploys various measures to manage risks. Active risk measures include strategies such as risk avoidance (e.g. through refraining from engaging in excessively risky activities), risk reduction (e.g. through project controlling) and risk diversification (e.g. research and activities in different areas). Where appropriate, BRAIN also makes recourse to passive measures including either a transfer of risk (e.g. through insurance or risk sharing with partners) or the conscious assumption of risks.
In addition, changes in identified risks at BRAIN are reported in the internal quarterly reports and discussed by the Management Board with the division heads. This enables specific countermeasures to be taken if necessary.
2.1.6 Reporting
The Management Board is informed at least on a half-yearly basis not only about medium and high opportunities and risks, but also about important changes in relation to their impacts and probabilities of occurrence. The Management Board also receives internal ad-hoc reports on significant risks that unexpectedly arise or are discovered. Information is submitted to the Supervisory Board as required via the Management Board during quarterly meetings or, if necessary, on an ad-hoc basis.
2.2 Internal control system (ICS)
All BRAIN Biotech Group units are included in our ICS. The level of maturity of the ICS depends on the size and materiality of the units for the Group.
In addition to the accounting-related internal control system, the following controls should be emphasized:
- Decisions that originate obligations for BRAIN must always be executed in accordance with the four-eye principle. This principle is waived only for certain processes.
- Quality controls are applied continuously in production operations in order to ensure compliance with production processes. Where necessary, this is realized within the framework of internationally recognized quality systems and quality standards.
The instruments for managing the Group, the subsidiaries, and the projects were developed further and expanded on a business-related basis. With an optimized internal control and risk management system, we are taking account of the expanding revenue level and the increasing complexity of exogenous factors.
As part of the management-based control system, the company’s Management Board and Head of Group Finance discuss identified control weaknesses and inefficiencies in the managing directors’ monthly report. If action is required as a consequence, measures are developed and taken together with the Management Board and Head of Group Finance to mitigate existing control weaknesses.
2.3 Accounting-related internal control system and RMS
The overriding objective of our accounting-related ICS and RMS is to ensure the correctness of financial reporting in terms of compliance of the consolidated financial statements and the management report with all relevant regulations.
Accounting-related risk identification is also conducted by means of a survey of Group-wide risks, whereby all relevant decision-makers and experts are involved. This iterative process first surveys all risks before aggregating and evaluating them within a Group-wide risk inventory.
Please refer to the general procedure in sections 2.1.5 and 2.1.6 for information about the risk management and monitoring of accounting-related risks and their reporting.
The accounting-related internal control system aims to appraise appropriately in financial accounting terms, and to report in full, Group business transactions in accordance with respective applicable accounting regulations. The system consists of fundamental rules and procedures, as well as a clear functional separation through the four-eye principle. Especially when preparing separate financial statements, when performing the reconciliation to IFRS, as well as when performing consolidation and related standard measurement and reporting, controls exist in the form of the four-eye principle. The clear separation between preparation and internal review enables BRAIN to identify deviations and errors, and ensures that information is complete.
The accounting-related appraisal and recording of business transactions is implemented by the respective Group companies where such transactions occur, as a matter of principle. As an exception to this principle, BRAIN Biotech AG evaluates and records the transactions of the subsidiaries BRAIN US LLC (Rockville, MD, USA), BRAIN UK Ltd. (Cardiff, UK), BRAIN UK II Ltd. (Cardiff, UK), and Akribion Genomics AG (Zwingenberg, Germany). The subsidiaries’ annual financial statements are prepared by the respective subsidiary’s management. External service providers assist in the preparation of monthly and annual financial statements based on commercial law. Amendments to acts, accounting standards, and other publications are monitored regularly in relation to relevance and their effect on the separate and consolidated financial statements.
Business transactions within the Group are appraised in accounting terms based on standard Group accounting guidelines. The finance department of BRAIN Biotech AG with the support of external service providers converts financial statements prepared according to commercial-law accounting standards to IFRS financial reporting standards (quarterly) and prepares the separate annual financial statements of BRAIN Biotech AG as well as the consolidated financial statements. The independent auditor appointed by the AGM audits both the separate and the consolidated annual financial statements. Significant risks for the financial accounting process are monitored and evaluated based on the risk classes specified below and applying their individual risk classification. Requisite controls are defined and subsequently implemented.
All heads of business areas report personally to the Management Board and to the company’s central finance department on a monthly basis. Current business performance, adherence to budgets, and changes to the risk profile are reviewed. In addition to risks, we also identify opportunities for the company.
The separate annual financial statements and the consolidated financial statements of BRAIN Biotech AG are submitted to the Supervisory Board of BRAIN Biotech AG for approval. At least one Supervisory Board member is an independent financial expert in the meaning of Section 100 (5) of the German Stock Corporation Act (AktG). The Supervisory Board’s Audit Committee monitors the financial accounting process and the auditing of financial statements.
The accounting-related internal control system ensures that the financial accounting process complies with German commercial-law (HGB) regulations and International Financial Reporting Standards (IFRS).
2.4 Overall assessment of the risk management system and internal control system
At the time of this report, in all material respects no indications existed that the internal control and risk management system as a whole was inadequate or ineffective.
- ↑A typical loss is the loss that occurs most frequently (this is equated with the mode). A high loss is a loss that is exceeded once in 20 times (this is equated with a 95 % quantile).