3.2 Risk management

Risk management is an essential part of our business strategy. The overriding risk management objective is to identify and mitigate risks that have a potentially major impact on our ability to achieve our strategic and financial goals, and therefore on the overall value of our business.

The Board of Directors has the overall responsibility for achieving our strategy, objectives and establishment of adequate internal risk management and internal control systems. The implementation of our Step Up! strategy, aimed at building strong key market positions, is compatible with effective risk management, in which risks are identified in a timely way and mitigating measures are taken.

The business units are responsible for maintaining an effective risk and control environment as part of day-to-day operations. Our employees, both in the business units as in the corporate teams, provide the first line of defense. Our corporate culture, whereby employees’ personal responsibility and autonomy are balanced with risk awareness, creates a sound basis for fulfilment of this management responsibility and for the organisation of risk management. This is reinforced by our code of conduct.

We firmly believe that a sense of ownership leads to optimum risk management. The Board of Directors, senior management and Supervisory Board members all play a key role in this respect. They safeguard our culture in which everyone feels empowered and free to handle risks responsibly. Through this sense of ownership and personal responsibility, risk management is integrated into the strategic planning process and day-to-day operations. Our long-term perspective, oriented towards sustainable value creation, ensures that long-term effects are also considered in the decision-making process.

In our open, informal culture, finding the right balance between rules and entrepreneurship is a continuous dialogue, particularly given increasing regulatory pressure. While the main responsibility for managing risks lies within the business units, more and more supporting processes are jointly organised or aligned, allowing people within the business units to continue focusing on their core activities.

Sustainability plays an increasingly prominent role in our value creation model, bringing potential risks and opportunities for Nedap. The importance of sustainability and the associated laws and regulations that have been introduced in the last few years have prompted us to fully integrate sustainability with strategic planning and risk management.

Risk appetite

Nedap strives to strike the right balance between acceptable entrepreneurial risk and sustainable long-term value creation while remaining in control. Our risk appetite ranges from moderate to high in terms of proposition development, commercial initiatives and operations. When it comes to compliance with legislation and regulations, our risk appetite is low, whereby we respect the spirit of the law.

Risk management and control systems

Nedap Risk Management Framework

Nedap has formal and informal frameworks in place for responsible risk management. These are based on the Nedap Risk Management Framework that was adopted by the Board of Directors and the Supervisory Board. This framework identifies relations between enterprise risk and the internal control system. It contextualises the COSO principles for Nedap and links them to business processes and procedures.

The Nedap culture of entrepreneurship leads to widespread interaction within and between teams, business units and the Board of Directors. This creates a solid system with strong informal checks and balances, supplemented by formal procedures and controls wherever these are compulsory or deemed useful. The framework has been organised around its business processes. Risks that, based on size, nature and impact, could potentially cause substantial losses or serious consequences for a business unit or damage the company as a whole, are reported to the Board of Directors. The Board of Directors decides on follow-up actions in these situations.

As part of the risk management process, we organise annual risk sessions with business units and corporate teams to raise awareness, share knowledge and identify Nedap-wide trends and developments to consider during the strategic process. Relevant risks for each business unit are identified and discussed. Specific attention is paid to detecting and preventing fraud. The risk sessions operate as an extra control mechanism as they reinforce the risk management principles of the business units and the Nedap Risk Management Framework. They also enable management to identify and share best practices within and across business units. During 2023 specific attention was paid to identifying and prioritising sustainability risks and opportunities from a double materiality perspective.

Risks that based on size, nature and impact potentially have a major impact for Nedap, are included in the risk table at the end of this section. These risks have been classified based on the risk categories strategic, operational, and compliance (including reporting). The risk table includes a description of the associated impact and probability trend, as well as the key measures to mitigate the risk. Climate risks were specifically adressed in risk assessments and not found to be material to Nedap. Specific financial risks are addressed separately in the financial statements. These risks are not considered vital risks for Nedap and have also largely been mitigated.

Strategic and financial management system

Nedap has an adequate and effective strategic and financial management system. Key components are the Strategic Calendar, which includes the multi-year plan and the budget, as well as the financial reporting system, which tracks both progress and actual outcomes of the company’s operating activities. The financial management system is designed to:

Set and align the right priorities and targets at board and business unit level.
Test actual progress and performance against the objectives.
Enable management to retain control over responsibilities delegated to others.
Manage cash and cash-equivalent flows within the organisation.
Identify and restrict risks.
Prevent fraud.

The Board of Directors and business unit leaders also hold consultations on significant market-related matters, major investments, the progress of R&D projects and staff appointments that go beyond the budget. Their final decisions are made in the interest of Nedap as a whole.

The Group Controlling department in Groenlo plays a leading role in terms of finance and risk management. The department’s role is to verify the data used in financial reporting and ensure that the tasks of administration and data processing are performed correctly. The department also ensures the correct, complete and timely delivery of these reports and oversees other departments that deliver data with a focus on preventing fraud. This department holds operational responsibility for financing, cash management, currency management and taxes and is responsible for the risk management process globally. The department’s responsibilities require it to have regular and timely consultations with the Board of Directors and to work closely with employees in the Netherlands and abroad.

Strategic Calendar

The Strategic Calendar serves as a basis for making strategic and financial plans for the medium and short term. Every spring, the business units draw up a three-year financial plan and a strategic update. The latter reviews and updates the strategic direction and associated goals. The financial plan quantifies the ambition and sets out the resources needed to carry out the plans. This year, as part of the focus on the four key markets, we re-assessed the strategic plans for the business units against the long-term financial plan. Potential risks that could affect the execution of this strategy are included in this assessment, together with mitigating activities. The three-year plans of the business units are also used as input for the Nedap-wide strategy.

In the autumn, the managers of the various business units make a budget based on their insights, whereby the multi-year plan serves as the starting point. These budgets are integrated into the consolidated Nedap financial budget. The Board of Directors presents both the multi-year plan and the annual budget to the Supervisory Board every year, covering the strategic plans, their financing, together with the risks and opportunities.

Nedap Compliance Framework

The Nedap Compliance Framework describes the formal objectives, mission, responsibilities and scope of Nedap’s management of compliance. It applies to all business units and subsidiaries worldwide. The framework includes compliance-related communications, compliance monitoring and enforcement and its embedding in the organisation. Subjects covered by the compliance framework include supplier liability, information security, privacy, insider trading, anti-bribery and corruption, competition, products and entities subject to sanctions under external legislation and regulations, and product compliance, such as certifications.

Nedap applies a three-lines model that fits with the nature of the company.

The first line consists of employees working at Nedap business units and entities in the role of ‘compliance theme champion’. They are the eyes and ears on the ground in Nedap’s day-to-day operations and take action whenever they detect a situation that may pose a compliance risk for the company.
The second line consists of employees in the roles of ‘compliance theme owner’ and ‘compliance officer’. Based on their knowledge, experience and overview of the organisation, compliance theme owners connect the dots across business unit and entity boundaries and give feedback to those involved. The compliance officer does the same but for the organisation as a whole, and reports findings. Compliance theme owners draw up an action plan to address and mitigate the risks attached to the compliance theme. They closely liaise with the compliance theme champions and monitor progress on the action plan. The compliance officer is responsible for developing, updating and evaluating the Nedap Compliance Framework, based on feedback received from compliance theme owners.
The third line is formed by the internal auditor. It is the internal auditor’s responsibility to audit Nedap’s internal processes and procedures and make sure these meet regulatory and legal requirements. The internal auditor also performs audits to assess whether the organisation complies with the applicable rules, regulations, and aligned procedures.

Monthly meetings between the compliance theme owners, the compliance officer and the CFO are held in the presence of the internal auditor to discuss relevant developments. These meetings are also intended as knowledge sharing opportunities and to discuss progress on the various compliance themes. As and when unusual developments occur, they are immediately raised with the Board of Directors. Compliance theme owners get together for meetings when they represent added value. The group privacy officers convene for regular meetings about privacy-related matters around ten times a year. Group information security officers come together with the same frequency to discuss information security. The Nedap Compliance Framework is reviewed annually and updated as necessary.

Tax Control Framework

Nedap is exposed to tax risks that could potentially result in double taxation, penalties and interest payments. These risks include, but are not limited to, transfer pricing risks on cross-border, inter-company transactions and tax risks related to potential changes in tax laws that could result in higher tax expenses and payments.

Nedap’s tax policy ties in with its global governance model. Our Dutch operations consist mainly of strategy design, product development, marketing, sales, supply chain management, legal affairs, compliance and controlling. Activities at subsidiaries consist almost exclusively of local sales (support). A large part of the Group’s economic value is therefore generated in the Netherlands. Group Controlling oversees and implements the global tax policy, formulates and implements the transfer pricing policy and actively monitors compliance. Transactions between related entities are subject to the ‘arm’s length’ principle and the relevant OECD Transfer Pricing Guidelines for Multinational Enterprises and Tax Administrations (OECD guidelines) are applied. The transfer pricing aims for all Nedap companies to post profits that are in line with the scale and risks of the activities in their respective countries. Such profits are subject to all applicable local taxes. All Nedap subsidiaries issue periodical reports on their tax position, including taxes charged and paid. In line with the OECD guidelines, a new benchmark study is conducted at least every three years. While most of the countries where Nedap operates have endorsed the OECD guidelines, these are not binding, and local tax authorities still have to sign off on a company’s transfer pricing system. Although the chances of it happening are slim, local tax authorities may withhold approval of this. Nedap does not foresee any financial, compliance or reputation risks as a result of that.

Nedap has implemented a tax control framework that is continuously monitored and updated. It documents and formalises material tax risks, tax control, the monitoring of taxes for corporate income tax, VAT and income tax. The risks and efforts to mitigate them are the subject of regular meetings across the organisation. The Tax Control Framework forms the basis for the reconfirmed horizontal supervision regime with the Dutch tax authorities in 2023.

Nedap has one ruling with tax authorities. This ruling concerns an agreement with the Dutch tax authorities to apply the Innovation Box tax regime. The current agreement runs until 2026. When Nedap deems it helpful to gain prior certainty on the application of tax laws and regulations, the company tries to secure a ruling with the tax authorities.

A specific measure was taken to control tax risks and other risks. The directors under the articles of association of most subsidiaries are controllers who spend a considerable part of their time working at Group Controlling in Groenlo. They are responsible for local compliance, including tax legislation and regulations. The managers of our subsidiaries are evaluated based on the operating results of their respective business entity. Taxes are not a factor in such evaluations.

Risk table

The risk table on the next pages provides a summary of the main risks identified and the associated impact and likelihood trend, the developments in 2023 that relate to these risks, as well as the main measures taken to mitigate them. Since specific financial risks, such as the credit risk, liquidity risk and currency risk, are addressed separately in the financial statements, they have not been included in the risk table. These risks are not considered vital risks for Nedap, and have also largely been mitigated, meaning that material consequences are covered.

Other than stated in the Directors' Report (the full annual report without chapter 5 'Financial Statements'), there have not, to the best of the Board of Directors' knowledge, been any exceptional events that do not have to be taken into consideration in the financial statements.

Risk type	Risk description		Developments in 2023	Mitigation
Strategic	Speed of technological developments		The rise of generative AI is a development that can impact the markets that Nedap operates in and the solutions that we are offering to our customers. Nedap recognises the dual nature of generative AI as both an opportunity and a risk, actively exploring its potential to both safeguard and enhance our market positions and solutions. Besides AI, Nedap continues to monitor the trends in current and upcoming technologies. Also, dedicated exploration teams in each key market assess and invest in potential new propositions.	* Nedap has a strong track record in developing successful high-tech solutions and strong customer and partner relationships * Every year, new developers are hired with up-to-date knowledge of current and upcoming technologies. Nedap events are organised to share technological knowledge and the latest developments * Nedap explores potential new technologies that can threaten existing market positions
	Decreased relevance of Nedap's core technologies of Nedap leading to worsened competitive position

	Risk appetite	HIGH
	Impact trend
	Likelihood trend



Strategic	Unsuccessful proposition and product development		This year, we advanced in developing our portfolio through the implementation of a key markets strategy and by establishing clear strategies for these positions. The progress of these strategies is tracked using the Strategic Calendar, and they are integral to the Create-Scale-Core process. We carefully monitor investments in explorations, ensuring they align with our key market strategy. This alignment allows us to make more informed decisions about scaling up or down as necessary. For instance, we have continued to reduce our focus on Livestock Pigs, transitioning personnel to Livestock Cows instead. In a similar vein, our investments in Staffing Solutions have been adjusted to better match market potential, and key personnel are now engaged in other Nedap initiatives.	* R&D draws on various business units’ experience and knowledge, built up over many years * Nedap conducts periodic proposition portfolio reviews and has a clear process and key performance indicator for propositions in various phases * The strategy to focus on four key markets, in which we already have a strong position, creates leverage to extend our footprint in these markets through innovations and new solutions * Nedap closely monitors the development and potential of propositions and products in the exploration and create phase and is able to scale up or down quickly if required
	Excessive strain on resources over a prolonged period without an instant prospect of returns, resulting in dependence on a limited number of growth factors and limited long-term growth perspective

	Risk appetite	HIGH
	Impact trend
	Likelihood trend



Strategic	Attracting, developing and retaining talent		Nedap consistently invests in its workforce, recognising them as a lasting competitive edge. In 2023, we enhanced our internal recruitment team to attract the right talent, particularly for key markets. This effort was bolstered by significant progress in cultivating our employer brand. To retain our skilled employees, Nedap offers a variety of training programmes focused on both personal and professional growth. We organised events across different business units, covering topics such as business development, AI, and technology. Additionally, we improved transparency regarding career opportunities within Nedap. A family day event was also held, aimed at familiarizing our employees' families with Nedap and encouraging them to become enthusiastic advocates of our brand.	* Nedap targets young talent through initiatives including the Nedap Masterclass and Nedap University * Nedap’s in-house recruitment team takes a dedicated approach in serving each business unit’s needs * The company offers a culture of entrepreneurship and competitive employment terms, including an employee depositary receipt scheme * We develop leadership talent through a Leadership Development programme and an organisational structure that fosters leadership talent development * Our Diversity, Equity and Inclusion programme aims to ensure equal opportunities and treatment for all * There is a continuous focus on Health and Safety through training sessions, policies and resources, for example for working from homes
	Shortage of talented employees leading to a delay in the implementation of the strategy

	Risk appetite	LOW
	Impact trend
	Likelihood trend




Strategic	Cybersecurity and IT		Significant emphasis has once again been placed on preventing cyberattacks. The overall risk has increased and is further intensified by the use of Artificial Intelligence (AI) in orchestrating these attacks. In the upcoming year, the NIS2 directive will be implemented. Substantial groundwork for this initiative was already laid in 2023. A specialist tool, which proved effective in a pilot programme last year, will be deployed across the entire organisation to enhance endpoint security. Furthermore, Nedap's IT unit has been expanded, as have the roles related to security. Initial steps have also been undertaken in auditing Nedap EMS partners in the area of Information Security.	* Audits and further roll-out of certifications (including SOC2, ISAE 3402, ISO 9001, ISO 14001 and ISO 27001/NEN 7510) * Increasing awareness in the organisation through knowledge sharing, e-learning modules * Roll-out of endpoint security protection * Quality IT organisation, with up-to-date knowledge * Awareness in recruitment process for new employees including mandatory certificate of conduct for integrity-sensitive roles * To mitigate the risk of data breaches in Nedap propositions, penetration tests are done, red teams are set up and business units share knowledge
	A successful cyberattack could inflict great damage on our company; financial and legal damage as well as damage to our reputation (customer confidence).

	Risk appetite	LOW
	Impact trend
	Likelihood trend






Strategic	Geopolitical conflicts in relevant areas		From a supply chain point of view, the circumstances in Asia and Eastern Europe, especially, continue to be challenging. Nedap relies heavily on Taiwan for semi-conductors, and many of our Electronics Manufacturing Services (EMS) providers are historically located in Hungary. In 2023, significant efforts were made, in close cooperation with our strategic suppliers, to identify alternative sources in different regions, such as in Spain. Our heightened focus on key markets, all of which, except for Healthcare have global reach, helps to mitigate sales risks.	* Geographically spread, dual-sourcing strategy * Sanction control systems * Scenario management to think through implications of risks materialising * Portfolio spread out over different markets and geographies
	Potential supply chain disruptions or loss of sales channels

	Risk appetite	MEDIUM
	Impact trend
	Likelihood trend



Strategic	Imbalance in the supply chain		The availability of components is showing improvement, with lead times returning to normal for many business units. However, imbalances between demand and supply have resulted in relatively high inventory levels within the supply chain. We are collaborating more closely with our customers and suppliers to achieve optimal stock levels, while simultaneously striving to create a more flexible and agile supply chain. Going forward, we consider this risk to be more an operational risk.	* Our revamped supply chain has made component and product delivery more flexible and reliable * An effective forecasting process for all business units across Nedap ensures early warning and time to act * We ensure design flexibility to allow the use of alternative components in case of shortages * We have a clear price adjustment process for end customers in case disruptions occur that have an inflationary impact
	Delayed or even aborted delivery of products to our customers and/or pressure to cut costs

	Risk appetite	MEDIUM
	Impact trend
	Likelihood trend



Strategic	Inability to achieve sustainability goals		The assessment of double materiality helps to elucidate our exposure, from both risk and opportunity standpoints. We have advanced in setting ambitions across all domains and are converting them into clear, tangible and measurable objectives. This foundation enables us to actively pursue the achievement of our goals. The next step involves incorporating these sustainability objectives into the strategic plans of all key markets. The preparations for implementing the Corporate Sustainability Reporting Directive (CSRD) strengthen us in this process.	* Strong financial position and balance sheet * We are setting clear reduction targets and have the right plans to achieve these * Do the Right thing strategy aimed at mobilising the organisation and raising awareness of sustainability * Implementing non-financial reporting structure that provides all relevant data needed to take right decisions * Integrating sustainability goals with business level strategies of all business units
	More material impact of the environment on our business and greater Nedap impact on the environment

	Risk appetite	LOW
	Impact trend
	Likelihood trend




Operational	Supply chain dependence		In 2023, the component shortage issue was largely addressed, leaving numerous business units with excess inventory relative to short-term demand. Distributors are facing challenges in servicing end customers. At Nedap, we are proactively managing relationships with key suppliers to mitigate risk and guarantee the delivery of quality products at the right price and time.	* Nedap takes great care in selecting its production and logistics partners and sets the highest standards * Measures taken to improve the robustness of the supply chain include maintenance of buffer inventories, production partner audits, multiple suppliers for critical products and improved testing & measuring systems * In 2023, second sources were set up for many components and strategic relationships with suppliers were expanded
	Insufficient or late product availability

	Risk appetite	MEDIUM
	Impact trend
	Likelihood trend



Operational	Internationalisation		This area is a primary focus for all our market positions. Our international business partner network is growing stronger as we expand our global footprint and coverage. Increased investments in key market propositions are offering our partners more opportunities. However, supply chain disruptions and reduced product availability put a strain on our partners' operations. The scarcity of components experienced in 2022 was largely resolved in 2023, enabling Nedap to significantly increase product availability. Unfortunately, this led to a downside: our partners struggled to find enough personnel to implement and install everything, which put pressure on short-term growth and working capital.	* Nedap has built a solid ecosystem with its business, implementation and technology partners * This makes the implementation and installation process as smooth and easy as possible * We provide online trainings and support to business partner personnel
	Insufficient access to or insufficient implementation capacity at customers

	Risk appetite	MEDIUM
	Impact trend
	Likelihood trend



Compliance	Legislation and regulations		In 2023, further steps were taken to integrate the Nedap Compliance Framework within the organisation for various identified compliance themes, including Anti-Bribery and Corruption, Privacy, Customs, Health and Safety, Competition Law, Insider Trading and Information Security. To enhance compliance-related knowledge within the business units, awareness programmes were established. Additionally, Legal business partners have been appointed for the four key markets.	* The Nedap Compliance Framework is monitored by the Nedap-wide compliance committee of theme owners, which meets on a monthly basis. This committee discusses, among other topics, relevant developments and the actions required to implement compliance * The framework is evaluated annually to ensure it remains effective and to identify areas for improvement * Nedap has expanded its Legal & Compliance team * Various training and knowledge sharing sessions are held to improve awareness in the organisation * Nedap’s culture and powerful soft controls support compliance
	Fines, sanctions and/or damage to reputation

	Risk appetite	LOW
	Impact trend
	Likelihood trend



Compliance	Fraud and corruption		Fraud and corruption remain high on the agenda. In the annual risk sessions with all business units, fraud was discussed and there were no cases identified, except for a known limited scale and financially not insignificant case at one of the subsidiaries. As "Anti-bribery and corruption" is an identified compliance theme, it is also regularly discussed in the compliance committee.	* Zero tolerance on fraud and corruption * Strong informal system of checks & balances * Several formal rules and policies, including a whistle-blower policy and a code of conduct * Centralised management from Groenlo * Monitoring control: controllers from Groenlo are appointed to management positions at international sites * Various e-learning programmes and workshops are provided on fraud * The company has an anti-bribery and corruption policy
	Fines, sanctions and/or damage to reputation

	Risk appetite	LOW
	Impact trend
	Likelihood trend



Compliance	Product compliance		Compliance standards for the products that Nedap develops and sells continue to increase. The greater focus on circularity and sustainability has resulted in more comprehensive product legislation and regulations. Nedap actively monitors these developments and integrates them into the design and development work within the business units. The upcoming law on producer circularity could also influence the way Nedap designs products, which could lead to additional costs and resources.	* 3rd party evaluation and certification of products, reference to suitable products in manuals * Pre-sales checks on having the right certificates for each region * ATON product master data up to date * New legislation, especially on sustainability, is monitored constantly to ensure that new designs meet relevant requirements.
	Not complying with legislation from a product perspective could damage reputation and result in fines

	Risk appetite	LOW
	Impact trend
	Likelihood trend



Compliance	Reporting		Nedap is experiencing increasing regulatory pressure when it comes to reporting (among other things). Examples are the revised Dutch Corporate Governance Code, the implemented and updated EU Taxonomy and the upcoming CSRD.	* Reporting based on the International Financial Reporting Standards (IFRS), which are in fact compulsory standards for listed companies in the Netherlands. Having reported figures audited by an independent external auditor. The Group Controlling department in Groenlo plays a leading role in terms of financial management. This department ensures that the administrative organisation and data processing are sufficient to ensure uniform and correct handling of all financial and business matters. The department has set up a uniform reporting system (including explanatory notes) that is designed to supply the information required by the leadership team. They make sure that this report is made available correctly, on time and in full, while also assessing the administrative organisations with a focus on preventing possible fraud. * Implementation of best practices and principles of the Dutch Corporate Governance Code in our governance model. * Dedicated team, supported by an external professional adviser, to assess and implement upcoming CSRD legislation.
	Inaccurate or incomplete information provided to shareholders and other stakeholders

	Risk appetite	LOW
	Impact trend
	Likelihood trend