Risk cate g ories Securit as ’ risks ha v e been classifed into three main cate g ories: contr act and acquisition, oper ational assignment and fnancial risks. The Contr act risks (and acquisition risks) cate g or y encompasses the risks related to enterin g into a cus tomer contr act and the risks related to the acquisition of a new business. The Oper ational assignment risks (and ope- r ational inte gr ation risks) cate g or y includes risks that are associated with our daily oper ations and the ser vices w e pro vide for our cus tomer s, such as when ser vices do not meet the required s t andar ds and result in loss, dama g e or bodily in jur y . This cate g or y also encompasses all risks related to the Contr act risks (and acquisition risks) Oper ational assignment risks (and oper ational inte gr ation risks) Financial risks (and fnancial inte gr ation risks) K e y risks Contr act risk – risk that unreasonable obliga- tions and risks are undert ak en in the contr act , ent ailin g unbalanced terms for the t ype of assignment in ques tion, such as unreasonable liabilit y , unrealis tic ser vice le v els or unfa v or able pricin g mechanisms. These factor s could impact mar g ins and proft abilit y . Acquisition risk – risk that the due dilig ence process and other activi- ties do not identif y all necessar y information for makin g the proper decision from a fnancial per spec - tiv e , but also from a cul- tur al per spectiv e and/ or that the share purchase a greement is not properly s tructured for mana g in g risks related to fndin g s from the process. Assignment e x ecution risk – risk that a greed contr actual requirements are not met which, in turn, could adv er sely impact the contr act portfolio churn r ate , gro wth, cus tomer relations and Securit as ’ reput ation. Compliance (re gulator y and other) risk – risk that re gulator y and other require- ments are not met , which could result in lo w er qualit y , hig her cos ts, los t income , dela ys, penalties, fnes or reput ational dama g e . IT failure risk – risk of not bein g able to mana g e disruptions in an efectiv e manner , which could cause signifcant disruption to the oper ations, afect the accur ac y and timeliness of reportin g and potentially cause reput ational dama g e . Securit as ’ V alues and Ethic s risk – non-compliance with the Securit as Code of Ethic s (requirements), can ultimately result in reput ational dama g e , los t re v enues, penal- ties, fnes, etc . Price risk – risk of not bein g able to mana g e price/ w a g e increases in a desired manner , which could lead to deterior ated mar g ins. M ana g ement es timates and assumption risks – risk that account balances and of -balance sheet items with hig h subjectivit y (such as g ood - will, contr act portfolios, deferred con- sider ations, pro visions for bad debt , pensions, le gal e xposures, risk reser v es, deferred t ax es, contin g ent liabilities, etc .) are not properly scrutiniz ed, resultin g in an inaccur ate present ation of the fnancial position. Mitigation In or der to mana g e contr act risks in a s tructured w a y in the oper ations, w e use a business risk e v aluation model kno wn as the S cale , which is part of Securit as ’ mana g ement model, the T ool­ b ox . The model e v aluates the assignment , risk, contr act terms and fnancial aspects (for a more det ailed description of ho w the model w orks, refer to www .securit as. com). The Group has formal policies and guidelines for defnin g the appro v al process and authorization le v els for new contr acts, as w ell as ho w to mana g e e xis t - in g contr acts. In addition, oper ations are pro - tected b y a cus tomiz ed Securit as insur ance progr am, should unforeseen e v ents occur . Since contr act risk is a k e y risk, Securit as monitor s this throug h re views (called dia gnos - tic s) to tes t the efectiv eness of controls in the contr act mana g ement process. The areas re view ed include whether the Scale is properly used and under s tood, whether local policies comply with Group policies, whether appro v al has been obt ained at the designated le v el, whether s t andar d contr acts ha v e been used where possible , and whether appropriate follo w -up procedures are in place . The Group has formal acquisition policies and guidelines for defnin g the appro v al process per - t ainin g to acquisitions to ensure that all business acquisitions are appropri- ately appro v ed and rig or - ously analy z ed to deter - mine the possible fnancial and oper ational implica- tions of the acquisition. Policies co v er such areas as appro v al le v els, share purchase a greement deal s tructures, due dilig ence checklis ts and ho w the due dilig ence is to be per formed with re gar d to internal and e xternal resources, dependin g on the char acteris tic s of the acquisition. The Group also conducts pos t -acqui- sition appr aisals on a peri- odic basis. Local procedures for securit y ser vices should include a pro- cess for writ ten site ins tructions ensurin g the y are defned, up-to- date , kno wn and under s tood. The Group polic y requires local human resources policies co v er - in g the areas of hirin g emplo y - ees, ret ainin g emplo y ees, de v el- opment and tr ainin g, and com- pliance with rele v ant la ws and re gulations. Proper recruitment procedures and the tr ainin g and super vision of securit y ofcer s are import ant for mitigatin g the risk of inappropriate assignment e x ecution. It is mandator y that local processes include procedures to ensure compliance with rele- v ant la ws and re gula- tions, that there is an assigned responsibilit y for recurrin g re view and that action plans are in place for addressin g an y issues identifed. The re view proce- dures in the Group are also designed to iden- tif y an y chan g es in re gulator y require- ments that ma y afect Securit as ’ activities, and to t ak e the appro- priate actions. Group IT policies and guidelines require con- trols o v er IT disrup- tions includin g such areas as risk assess - ment and contin g enc y plans, co v erin g all rele- v ant areas includin g re gular updates and tes tin g. Implement ation of a s tructured compliance sys tem based on the Securit as ’ V alues and Ethic s Code , one of the k e y corpor ate policies, and the launch of Securit as Int egrit y Line , which is the Group r e p o r t i n g sys tem for non-com- pliance issues with the Code . F or more det ails on all activities related to this refer to pa g es 24–30. The Group monitor s and focuses on price/ w a g e increases on a re gular basis. The pro - cesses include mea- surement , communi- cation, tr ainin g and support for emplo y ees in v olv ed in the pricin g of our ser vices, at the inception of a contr act and for price adjus t - ments. Financial risks are mainly mana g ed throug h the continuous measurement and monitorin g of fnancial per for - mance , with the help of Securit as ’ fnancial model (read more on pa g es 50–51). This model identifes cert ain k e y fgures that are vit al to the proft - abilit y of the oper ations, and facili- t ates the detection and handlin g of risks. It is mandator y that es timates are documented, signed and autho- riz ed b y the appropriate parties. M onthly re views include the analysis of account balances and of -balance sheet items with hig h subjectivit y . The accur ac y of assumptions used in pension plan measurement is moni- tored. In addition to the use of e xter - nal actuaries for each plan, the Group also ret ains actuarial advisor s to advise on the Group ’ s o v er all pension e xposure . The Group has a s tructured process that focuses on the accur ac y of the assumptions used and a re view of pension reportin g and g o v ernance . Examples of risks and ho w the y are mana g ed 42 Securit as Annual R eport 2012 G o v ernance and mana g ement Boar d of Director s ’ report on corpor ate g o v ernance and internal control