Shareholders, Supervisory Board and management bodies ...

02
Annual Report 2008
Management report
Risk report
32
Annual Report 2008
2.3 Risk report
To the ARC Group, risk management means both actively addressing risks in order to protect the
Group‘s assets, finances and earnings, and equally, identifying opportunities and weighing up
business decisions. Our risk management system is aimed at recognising risks at an early stage,
and taking appropriate action to counter them so as to minimise deviations from our targets. This
involves the identification, assessment, management and monitoring of risks, which takes place
regularly as part of our internal financial, performance and risk reporting processes.
2.3.1 Financial risk: information on financial instruments pursuant to
section 243(3)(5) Austrian Business Code
The Company does not currently employ any derivative financial instruments, and due to the nature
of its operations it does not plan to do so in future. The receivables management system includes
ongoing impairment testing and monitoring. The potential impact of defaults on the Company‘s
assets, finances and earnings is restricted by monitoring compliance with payment dates, setting
credit limits and obtaining client creditworthiness checks.
2.3.2 Market risk
The current situation on global markets and the sharp downturn in economic activity in 2009 represent
risks for all market participants in terms of the attainability of performance targets, the acquisition
of new customer groups and partner networks, and the implementation of business models. The
ARC Group’s diversified service portfolio addresses a variety of markets. It is difficult to assess the
potential effects of the global crisis on ARC’s revenue due to the constant changes in the information
available to management. While the improvement in commissions in hand sends a positive
signal for ARC, constant tracking of order backlog and early identification of trends in the relevant
markets, leading to rapid action will remain a key task.
2.3.3 IT risk
The Company has a centralised IT environment, permitting joint use of advanced system components
at the various sites. These include a modern security environment with firewalls, virus
scanning and remote access points with multiple protection to recognise and repel attacks. Regular
generation of backup copies of centrally held data is automated. Security for all our projects complies
with the generally accepted standards established by the BSI (Federal Office for Information
Security) IT Baseline Protection Manual and ISO 17799, and reflects the technical state-of-the-art.
2.3.4 Legal risk
We are currently unaware of any actual or impending legal disputes that could have a significant
influence on the financial position of the Company and Group.