ÖBB Annual Report 2023

99 Group Management Report Österreichische Bundesbahnen-Holding Aktiengesellschaft Consolidated Financial Statements | Group Management Report 54 The Association Liability Act stipulates that a company can be held liable and punished for criminal offences committed by its employees or decision-makers. This risk needs to be addressed. The legal risk management system of the Group addresses this risk by identifying offences under criminal law. Furthermore, in the areas of negligence, the environment and corruption, for example, the current status is assessed and measures are taken to avoid risks. Preventive measures have also been taken with the introduction of control and reporting systems, as well as with the issuing of general behavioural instructions through the “Code of Conduct”. Appropriate training and the creation of clear areas of responsibility also serve to minimise risk. Risks and opportunities arising from ongoing proceedings are mapped in opportunity and risk management and minimised through appropriate support from the responsible legal departments. Purchasing and procurement On the purchasing side, there are risks that – in addition to other procurement risks – arise directly or indirectly as a result of the Ukraine crisis in the form of price increases for energy, raw materials and components. The observation and analysis of the markets and the selective procurement and distribution decisions derived from this, in combination with appropriate contractual arrangements, make a reduction in the risk situation possible. The price issue can be accompanied by delivery delays that make operations more difficult. These risks are mitigated through intensive contacts with suppliers and service providers. Data processing System failures have the potential to cause additional costs and loss of sales for the operating divisions, as well as legal consequences. A large number of measures are implemented on an ongoing basis to minimise this risk and ensure that business activities are conducted in the interests of customers. In addition to availability, the focus is also on ensuring the other protection goals of information security: confidentiality and integrity. In 2023, a comprehensive information security strategy with clearly defined focal points and principles was endorsed. Intensive and comprehensive work is now underway to implement these measures, supported by a structured management system. This takes place both in regular operations and as part of programmes and projects. For example, a project to develop comprehensive, targeted and appropriate awareness measures is being finalised. An overarching project was also launched to prepare for the new legal situation with regard to NIS-2. The strong public response to generative artificial intelligence (AI) caused this topic to be addressed within ÖBB. As a result of this, awareness measures regarding the use of generative AI were implemented and the establishment of corresponding governance was begun, based on the available draft of the European Union’s AI regulation. This is based on the existing draft of the European Union’s AI Regulation. The aforementioned measures and initiatives show part of the broad spectrum in which strategic and operational measures are implemented and information security is systematically managed. Subsidiaries and investments Subsidiaries and shareholdings are considered within this risk area. There is a risk here that budgeted figures will not be achieved and that fixed assets will have to be written down in the course of impairment tests or that impairment losses will have to be recognised on shareholdings. To mitigate risks, developments are monitored and analysed on an ongoing basis as part of the controlling process allowing countermeasures to be taken in good time. RCG maintains a company in Russia (ooo “Rail Cargo Logistics – RUS“). There is a limited continuation of business operations in terms of the RCG’s defined approach under the sanctions regime. The Russian business of ooo “Rail Cargo Logistics – RUS” is of only minor importance to the Group’s performance. Risks related to financial instruments Original financial instruments The ÖBB Group holdings of original financial instruments are shown in the statement of financial position. These are receivables and liabilities from financing activities, trade receivables and payables as well as financial assets and securities. Detailed information is available in the corresponding notes to the consolidated financial statements. MR54 |