Risk management

Identifying risks and systematically taking countermeasures

Entrepreneurial action is always associated with risks. To identify, minimise or, in the best case, eliminate potential risks, TRILUX has established a systematic risk management system based on the ISO 31000 standard at the company headquarters in Arnsberg as an elementary component of the certified ISO 9001 quality management system.

Within the scope of the TRILUX Group's initial risk inventory in 2011, 30 top risks were identified. Since then, the main risks to the existence and success of the company have been continuously recorded, assessed, controlled and monitored, and the effectiveness of measures implemented to control them has been regularly checked. Current results are documented in the quality management manual.

An internal risk register records risks that threaten the existence of the company and material risks. It lists, for example:

  • strategic risks
  • financial risks (capital commitment, liquidity, currency fluctuations, interest rate fluctuations, loss of receivables etc.)
  • risks resulting from violations of regulations, laws, guidelines, standards
  • product risks (product liability cases, complaints etc.)
  • market risks (trends, technology, design, service, image, market shares etc.)
  • IT risks (data security, data protection, IT misuse etc.)
  • changes of ownership in the supply chain (insolvencies, ability to deliver)
  • personnel risks (shortage of skilled workers, fluctuation, personnel costs, age structure, succession planning etc.)

To avoid dangerous crises, foresighted action is essential. TRILUX therefore relies on a systematic and proactive approach to risk management. Those responsible for the individual divisions carry out risk assessments and develop suitable concepts to minimise or eliminate possible dangers. Across divisions, risks are assessed by management in regular reviews. The results are consolidated and factored into upcoming strategic decisions.

TRILUX examines and evaluates typical financial risks e.g. with the help of scenario analyses for different development courses. To protect against IT risks, a cyber policy was signed as early as 2017 and the quality of typical business processes such as purchase-to-pay or order-to-cash is regularly monitored as part of the IT audit.

One risk for TRILUX's business activities that is difficult to assess consists of the consequences of climate change. Explicit statements regarding the probability of occurrence and extent of damage are hardly possible in this context. Weather phenomena such as heavy rainfall, storms or extreme temperature fluctuations pose a potential threat to infrastructure, real estate and production facilities which can lead to production downtimes, impairment of value or depreciation. A further area of risk becomes apparent in view of increasingly international supply chains. Here, local disruptions, natural disasters or epidemics/pandemics can have a considerable impact even on distant locations. But the direct risk potential for TRILUX products must also be considered in detail. It is conceivable, for example, that extreme heat records would require the maximum permissible operating temperatures in LED outdoor luminaires to be put to the test.

Management approaches

  1. Quality management system DIN EN ISO 9001
  2. Risk assessment/risk inventory
  3. Audits