A business must take risks to create value. Having a risk management assessment in place allows a company to take risks in a managed and controlled manner. Within Q-Park strategic, operational, financial, and reputational risks are made controllable by carefully weighing risks and returns against each other. Effective risk management is integrated into its daily operations.
Q-Park deploys a top-down risk management assessment in which strategic risk management is executed at corporate level. Responsibility for operational risk management lies primarily with the local management of the countries in which the Group operates. The Executive Board however bears ultimate responsibility for managing the risks the company faces.
Risk management and internal control
Ongoing identification and assessment of risks is part of our governance and periodic business review. Our Enterprise Risk Management (ERM) assessment and Compliance Programme are designed to provide management with an understanding of the key business risks the company faces. It also provides methods and processes to manage the risks that might hamper the business in achieving key objectives and to initiate actions required to mitigate these risks.
- that execution of actions per step of the risk control cycle are executed based on clearly defined responsibilities;
- implementation of relevant legislation and internal guidelines within the organisation is ensured;
- top-down awareness of the importance to manage compliance areas;
- A structured follow-up of the compliance action plans.
- Related to the ‘Information Security’ compliance area, an extensive programme (2019-2021) has been developed and is being executed. The ICT infrastructure and organisation and ICT processes are being transformed to higher Information Security standards. User awareness will be improved by introducing e-learning into the whole organisation. The ‘PCI DSS’ (Payment Card Industry Data Security Standard) compliance area is integrated in this Information Security Programme.
- Several policies regarding ‘Ethics & Integrity’ such as the Integrity Policy and Competition Law Compliance Policy were updated and communicated throughout the organisation. In 2020 training sessions will be organised to make the content of the policy more practical in an interactive way.
- Internal ‘HRM processes’ have been optimised and formalised. In 2020 efficiency and consistency improvements will be realised by implementing a Q-Park Self Service portal.
- The ‘GDPR’ compliance area required continuous attention to monitor compliance and follow-up guidelines issued by the authorities. Training and awareness have our focus, during periodic consultations, Q-Park Privacy Officers share experiences under supervision of the Data Protection Officer (DPO) who was appointed in 2019. Status and progress are reported to the Executive Board on a quarterly basis.
In addition to the aforementioned focus areas, a high-level risk assessment related to the Compliance areas will be performed to reconsider the focus points and priorities.
The Executive Board and key management periodically review the risks and the related mitigation controls and procedures of the ERM assessment and Compliance programme and reconsider the focus areas identified. Furthermore, they provide complementary insights into existing and emerging risks that are subsequently included in the policy. The ERM assessment and Compliance Programme influence the formation of controls and procedures, and the focus of business planning and performance process.
- Strategic: Taking strategic risks is an inherent part of how we do business. In pursuing growth as a strategic ambition, we are prepared to take risks in a responsible way, taking account of our stakeholders' interests.
- Operational: Depending on the type of operational risk, we take a cautious to averse approach. We give the highest priority to ensuring the safety of our employees and customers, to delivering the desired level of service, and to protecting the company's reputation.
- Financial: We pursue a conservative financial strategy, including a balanced combination of self-insurance and commercial insurance coverage.
- Compliance: We are averse to the risk of non-compliance with relevant laws or regulations, or non-compliance with our own codes, contractual agreements, and financial covenants.
- Fraudulent and unethical behaviour: We are committed to act with honesty, integrity, and respect. We are fully averse to risks relating to fraudulent behaviour and we apply a zero-tolerance policy.
The following risk overview highlights the main risks which might prevent us from achieving our strategic, operational, and financial objectives. The risks described are not an exhaustive list of the risks. There may be additional risks which do not constitute a direct threat in the short-term, or risks which management deems immaterial or otherwise common to most companies, but which could at some time have a material adverse effect on our financial position, results, operations, or liquidity.
Q-Park risk management measures
Regulatory changes to inner-city parking
National or local governments could implement measures which are potentially unfavourable to the parking sector (e.g. introduction of low emission zones or banning of traffic within inner-city boundaries).
Factors that potentially influence parking revenues (prices and/or mobility) include pressure from the general public and retailers, political changes, or a long-term fall in GDP. Lower parking revenues could significantly impact Q-Park’s profitability and cash flows, definitely in situations where lower parking prices will not result in more transactions.
Competitive environment and economic conditions
The parking market (new business) is characterised by competition between a limited number of existing players. In addition, technology is used increasingly in the parking market and results in new competitors with a possible negative impact on Q-Park's financial results.
Dependency on other businesses and local developments
A car parking service is an indirect service which depends on external factors (e.g. offices, shopping centres, leisure amenities). New customer behaviour (e.g. online shopping, working from home) or changes in the popularity of certain stores or locations pose a risk of a significant decrease in parking demand and, hence, a decrease in Q-Park’s business and revenue.
Risk management measures
Safety and liability
The safety of our customers and employees is our top priority. If an employee or a customer sustains injury while at work or while visiting one of the Q-Park parking facilities, this could impact our reputation.
Dependency risks, interruptions, and business continuity
Continuity of the company and its business is crucial. Continuity depends on a number of factors, including suppliers. We are particularly vulnerable regarding PMSs, ICT, and infrastructure.
Staffing and retention
Good, experienced, and knowledgeable people are the foundation of our company and its success. The company must ensure that it is able to employ and retain the right people.
Ethics and integrity
Ethics and integrity are important conditions for confidence in the company. Behaviour deemed to be unethical could lead to loss of revenue and reputation.
Risk management measures
Valuation of fixed assets and goodwill
The company owns a considerable amount of property and goodwill. If the economic climate deteriorates and potential impairments are not identified, determined, or communicated in a timely fashion, the company could incur reputational damage.
Given that the nature of the business is capital-intensive, access to external financing is crucial for continuity. A liquidity risk could arise if external financing is not available to the company when refinancing is required.
Interest rate risks
The external debts can be subject to variable interest rates, thereby exposing the company to fluctuations in interest rates. A significant increase in variable interest rates would have a negative impact on results.
The company's functional currency is the euro. Given that the company also operates in countries with a different functional currency, we are exposed to fluctuations in those currencies.
Compliance and reportingDownload XLS
Risk management measures
Financial statement does not give a true and fair view
If misstatements are made such that the financial statements do not give a true and fair view of the company's financial position, financial performance, and cash flows, users of the financial statements would be incorrectly informed.
ICT and information security
Given the increasing use of online communication and the professionalism of cyber criminals, the company must focus constantly on continuity of ICT systems and on ensuring the security of crucial information and sensitive customer data (e.g. payment card details, passwords). A successful attack or hack by cyber criminals could cause reputational and financial damage and impact business continuity.
Non-compliance with European and national laws
Changes in the legal and regulatory environment tend to increase the risk of non-compliance with local, national, and international laws and regulations, as well as tax legislation. Failure to comply with applicable regulations could lead to fines, claims, and reputational damage.