Risk management
RAI works continuously on the structural and systematic management of risks. Risk management is embedded in both our strategic and operational processes as an integrated system that covers all levels of operations and all parts of the organisation. Risks and control measures are analysed, recorded in a register and actively monitored. A risk & compliance board reviews progress quarterly, with participation from the Executive Board, senior management and the risk & compliance officer. The Executive Board monitors the effective functioning of this system and, together with the organisation, strives for its continuous improvement and strengthening.
Focus on realising goals
Risk management and internal control are dynamic processes. RAI Amsterdam aims to identify and manage the risks that can occur when realising strategic, tactical and operational goals to a reasonable degree of certainty. Control measures taken in this framework are focused on reducing the chance that the risk will occur and/or lessening any impact the risk might have should that be the case.
To ensure risk management functions well, it is crucial that it is properly embedded in the operational processes and integrally applied. The risk management system developed by RAI Amsterdam is based on the principles of standards such as ISO 31000 and COSO.
Although we try to limit this as much as possible, it cannot be excluded that risks which are currently unidentified or considered insignificant will later have a major negative effect on the capacity of RAI Amsterdam to realise its goals.
Risk attitude and appetite
Entrepreneurship is one of the core values of RAI Amsterdam and involves having the appetite to take risks in a controlled way. The goal of risk management is therefore not to exclude risks but to gain insights that enable us to properly address opportunities and threats. RAI Amsterdam does limit its risk appetite in other ways, however. For instance, we ensure that financial risks cannot threaten our financial resilience. RAI Amsterdam always aims for a healthy safety margin with regard to its main financing ratio (net debt/EBITDA) of 15%. This implies a constant availability of contracted financing capacity of at least €10 million as a liquidity buffer.
RAI Amsterdam aims to be a safe meeting place and is aware of its responsibility to keep locations and events secure, healthy and accessible. In this framework we aim to limit security and health risks as much as possible. Compliance with laws and regulations is the starting point as RAI Amsterdam seeks to minimise the risks of non-compliance and applies a very low tolerance in this field.
Integrity is important and a zero-tolerance policy is applied with regard to fraud and corruption. The risk attitude of RAI Amsterdam can be schematically represented as follows.
RAI Amsterdam’s risk attitude
Organisation based on 'three lines of defence' model
In setting up its risk management system, RAI Amsterdam applied the 'three lines of defence' model, a structure of measures comprised of the operational line, risk management function and internal audit function.
The first line of defence is primarily responsible for the operational management and takes ownership of controlling related risks. This control is realised via an adequate set-up of the organisation with regard to structure and processes as well as culture.
The second line of defence consists of the risk & compliance function that supervises the set-up and functioning of the risk management system. The second line supports the first line, provides a coordinating function and reports to the Executive Board and line management.
The third line of defence comprises an independent internal audit function with a scope that is specifically focused on environmental and quality management in line with ISO 9001 and ISO 14001. Based on an annually updated internal audit plan, the function supervises the set-up, existence and functioning of the control measures.
'Three lines of defence' model
Supervision
The Supervisory Board monitors the operations of RAI Amsterdam and approves (changes to) the risk management policy. Risk management is also regularly included on the agendas of meetings of the audit committee and Supervisory Board. The Supervisory Board employs the external accountants and approves their audit plan on an annual basis.
The external accountant also acts as supervisor and monitors the set-up, existence and functioning of the administrative organisation and internal supervision based on an annually updated audit plan. The external accountant reports to the Supervisory Board via an audit report and a statement in the annual report.
Risk inventory and assessment
An integrated update of the risk assessment was implemented during 2024 in light of the cyclical evaluation of current developments and any adjusted organisation goals. Due to the explicit connection to the goals of RAI Amsterdam, risk management strengthens the performance management. There are 17 risks in total which are considered most relevant and often interconnected. RAI Amsterdam has determined sub-risks for these 17 domains and defines, implements and monitors control measures.
Evaluating the actual risks involves assessing both the current risk of an incident occurring and the likely current consequences (measured in financial terms) this might have.
Important risk and mitigating measures
Explanation:
- Strategy execution and change management
- Increased competition
- Changing client preferences
- Changing environmental factors
- Attract and retain personnel
- International activities
- Reputation risks
- Safety & security
- Financial risks (including taxes)
- Cybercrime
- Contractual obligations
- Disrupted operations
- Insufficient innovation
- Insufficient improvement capacity
- Integrity
- Non-compliance & licence to operate
- Economic and/or political obstacles
Strategy execution and change management
An integrated programme to update our strategy for the coming years was started at the end of 2023. Involving stakeholder consultation and an analysis of the market and external environment, this strategic update was finalised in 2024. The internal organisation was closely involved in the process. The new strategy places strong emphasis on making both the venue and the RAI area at Europaplein in Amsterdam future-proof and sustainable. The core business will be expanded and further optimised. To enable this, RAI Amsterdam aims to transform into a more development-driven organisation.
Market and competition
The commercial playing field and competitive position of RAI Amsterdam can be affected by activities or developments by competitors and potential market partners. With this in mind, a strategic portfolio policy has been developed and a close eye is kept on its market position. We proactively assess opportunities in this field, which are then translated into a growth strategy for the domains and markets in which we wish to operate. The strength of this approach and the improved financial starting position post-Covid have had a positive impact on the resilience of RAI Amsterdam in relation to threats from the market and our competitors.
Changing environmental factors
Developments in the environment of a company can have a material impact on the extent to which strategic goals can be realised. In many cases, RAI Amsterdam has a limited impact on events and our main focus is on how best to manage their consequences. Recent examples include the pandemic and the war in Ukraine with the resulting energy crisis. The latter reinforced the importance of an energy transition, both in the framework of costs and to increase the sustainability of RAI Amsterdam. It is a complex issue with many uncertain variables that cannot be easily resolved and we are making our preparations in a programmatic way.
Labour market developments
The labour market has been under pressure for a longer period. While RAI Amsterdam is an attractive employer and manages in general to fill its vacancies, it remains difficult to attract and retain suitable talent in a few specific segments. This could make the company vulnerable to staff turnover. Customised recruitment and strategic personnel planning mitigate this risk to a significant extent. The agency staff market is also tight, making it uncertain that we can attract a sufficient number of temps in due time. This in turn can put pressure on our business activities. The proposed enforcement related to the Dutch deregulation and assessment of work relations act (DBA) is further enhancing complexity. The risk can be mitigated by proactively and closely aligning the expected capacity demand in advance with temporary staff agencies and service providers.
Cybercrime
Cybercrime is one of the greatest threats to businesses worldwide and RAI Amsterdam is by no means immune. The risks are significant so we have defined a cyber security policy and are taking organisational and physical measures to mitigate this risk as much as possible. We are setting up to control IT security along the lines of ISO 27002. The intention is also to reduce consequential risks such as operational disruptions and the loss of privacy-sensitive information.
Economic climate
The economic climate was not unfavourable in 2024. While the exceptionally high inflation rates fell, considerable uncertainty remains over the future development of the global economy. This is also relevant to RAI Amsterdam as inflation puts pressure on the profitability of our business. Dedicated cost savings and margin management are used to mitigate the effect of these developments where necessary.
Safety and security
RAI Amsterdam is a multifunctional venue where large numbers of people come together. This can have health & safety risks and involve a risk of property theft for visitors and employees. We have therefore developed an integrated safety management system that involves a risk-based focus on strategic and operational safety management issues. It also mitigates as much as possible the risk of business interruption caused by calamities. The effective functioning of these measures is monitored. RAI continuously invests in organisational, technical and IT-related solutions to ensure the safety of its employees, visitors and the venue.
Financial risks
Financial risks usually originate from underlying strategic, operational or compliance risks, and the related control measures take place within the spectrum of financial management and treasury. The focus is on strengthening the financial resilience and profitability of the company in the short and long term.
Reputation
As any damage to the reputation of RAI Amsterdam can have major long-term consequences for the company, a range of mitigation instruments have been deployed. A compliance management system has been set up to ensure laws and regulations are closely observed. An integrity policy helps prevent undesirable or dishonest behaviour. Intensive stakeholder management is partly focused on consolidating the good reputation of RAI Amsterdam, while a corporate communication policy ensures effective communication to all stakeholders.
Compliance management
RAI Amsterdam aims to comply with all legal and licence-related requirements and guidelines that apply to the company. This also goes for the standards and guidelines with which the RAI organisation has chosen to comply. RAI Amsterdam aims to minimise the risks of noncompliance as much as possible. It has a low tolerance in this respect and has established a compliance management system.
In setting this up we closely followed the starting points and principles of the ISO 19600 standard for compliance management wherever possible. Key starting points included:
- A dedicated, structured approach to a continuous process;
- A clearly defined scope and a risk analysis-based prioritisation in the context of the specific characteristics of the RAI Amsterdam organisation;
- A clear division and appointment of tasks and responsibilities, with a leading and dedicated role for senior management;
- A cyclical process that enables RAI Amsterdam to be a learning organisation;
- A focus on culture and behaviour in line with the core values;
- Transparency regarding the compliance approach and the way non-compliance is handled.
The compliance management system has comprehensively mapped out the obligations of RAI Amsterdam and secured compliance using various programmes. The progress is constantly monitored and discussed in the risk & compliance board, which includes the Executive Board, senior management and the risk & compliance officer.