Annual Report 2025
Two Bechtle employees: in the foreground, a woman wearing a headset during a call.Two Bechtle employees: in the foreground, a woman wearing a headset during a call.

Opportunity and Risk Management

Identifying and capitalising on opportunities is fundamental to business activity. This is inextricably linked with taking risks. Missing an opportunity can also be a risk, just as consciously taking a risk can lead to an opportunity. Opportunity and risk management at Bechtle brings these perspectives together. Building on this foundation, we pursue our goal of sustainable profitable growth resolutely. At the same time, it is important to recognise the associated risks at an early stage and assess them appropriately. The aim is to control identified risks as effectively as possible. We are currently not aware of any risks that, either individually or in combination, could jeopardise the company’s continued existence as a going concern.

Two men and two women are sitting in a circle, whilst two of them are looking at a laptop together.

Opportunity and Risk Management

The IT industry has always been characterised by rapid technological development and constant change. We are witnessing this once again today, driven in particular by advances in artificial intelligence. This only reinforces our conviction that engaging in business activities and making use of opportunities means taking risks. A key success factor for Bechtle is the efficient opportunity and risk management system we have established as part of our precautionary principle. We record and evaluate the majority of opportunities locally within our decentralised structure. In this way, opportunity management forms an integral part of our day-to-day operations. At Group level, the Executive Board also considers opportunities as part of the risk management system. In this respect, the statements made below on risk management at Group level also apply to opportunity management. However, opportunities that are not linked to any risk are also identified. Bechtle’s streamlined opportunity management system is derived primarily from the strategy and objectives of the business segments and from the current Bechtle vision. Direct responsibility for identifying, evaluating and managing opportunities at an early stage and on an ongoing basis lies primarily with the Group Executive Board and the operational management level in the respective business segments and holding companies, together with the Executive Vice Presidents, Vice Presidents and Managing Directors. As with the risk management, these tasks are an integral part of the corporate planning and control system. The management of the Bechtle Group puts a lot of emphasis on detailed evaluations and comprehensive scenarios concerning the market and competitive environment as well as the critical success factors for the company’s performance. From this information, it derives the potential for specific opportunities for the individual business segments. These are discussed in planning meetings between the Executive Board and the management executives with operating responsibility, and suitable measures and targets are agreed in order to make use of this potential.

For more information, see Corporate Culture, Strategy and Management

Bechtle defines risk management as the entirety of all organisational regulations and measures for identifying and dealing with risks. In line with the precautionary principle, the main objective of risk management is to sustainably ensure the company’s going concern on a long-term basis. This is achieved by means of the timely identification of risks, their measurement and the initiation of suitable risk control measures. In this way, the company endeavours to avoid risks or to avert or minimise harmful consequences of the occurrence of a particular risk for the company. The measurement ranges from minor risks to material and existential risks. The time horizon for assessing risks is generally twelve months.

Efficient opportunity and risk management is an important success factor for Bechtle.

(Illustration) (Illustration) (Illustration)

Organisation

In line with the organisational structure of the Bechtle Group, risk management tasks and responsibilities are clearly separated between the Group holding company and intermediate holding companies, on the one hand, and the operating subsidiaries and individual management functions, on the other. Group Controlling has established a reporting system that enables the early identification of developments that threaten the company’s success. In addition to providing a wide range of analytical tools for operating units, it generates insights based on periodic analyses and statistics that support effective risk management in the individual areas. The Managing Directors and business unit leaders thus bear a substantial part of the responsibility for the active risk management. This basic principle also corresponds with the decentralised business model and the management philosophy of Bechtle. The organisation of risk management has not changed significantly compared to the previous year.

The risk management organisation of the Bechtle Group performs two key functions:

  • The early detection system: Early detection systems are instruments that identify risks and opportunities of an enterprise early enough to enable reactions to ward off the risks and make use of opportunities. Early detection indicators enable the detection and analysis of latent risks over time. This requires systematic risk identification, assessment and communication. To this end, Bechtle has established various systems and instruments that support and interact with each other. The auditor within the context of the annual financial statements also assesses whether the Executive Board has, in a suitable manner, taken the steps required in accordance with Section 91 (2) AktG (German Stock Corporation Act) and whether the monitoring system to be established thereunder can fulfil the tasks for which it was created.

  • The monitoring system: The internal monitoring system at Bechtle monitors risk management through both process-independent and process-dependent measures. Process-independent means that the respective monitoring entity is not integrated into the risk management process and is not responsible for its outcome. On the other hand, there are process-dependent monitoring entities that are integrated into the risk management process. The process-independent monitoring entity audits the risk management system, is informed about significant changes, plans and regulations and may, if necessary, request additional information. The system audit takes place once a year. It is audited for correctness, appropriateness and efficiency on the basis of random samples. The process-dependent monitoring activities at Bechtle are subdivided into organisational security measures such as the separation of functions and access restrictions as well as controls. The latter are taken care of by the individual operational areas and the person responsible for the risk management.

Risk management system of the Bechtle Group

Risk management system of the Bechtle Group (Structure diagram)

Within the scope of the risk management, effective continuous communication across all hierarchy levels is vital for the systemic interlinking with the operational business. Committee work and various formats of teamwork at different management levels are therefore key instruments for organising and managing the necessary flow of information. At the top level of the Bechtle Group, this comprises the Supervisory Board, Executive Board and risk management meetings. At management level, these are primarily meetings of the Executive Vice Presidents and Vice Presidents, managing director and strategy meetings, planning and individual discussions as well as more informal management meetings with the Executive Board. There are no risks within our company that are fundamentally excluded from capture. The scope of consolidation does not differ from that of the consolidated financial statements. The risk management system at Bechtle is aligned with the new version of the IDW PS 340 audit standard.

Internal control and risk management system

According to Sections 289 (4) and 315 (4) of the German Commercial Code (HGB), the Group Management Report of capital market-oriented companies must address key features of the internal control and risk management system (ICS) with respect to the group accounting process. In this regard, Bechtle uses the definition of the Institute of Public Auditors in Germany (IDW). According to this definition, an ICS consists of the principles, procedures and measures that the management introduces in the company for the organisational implementation of the management decisions. The duties and goals of the ICS are as follows:

  • To ensure the effectiveness and efficiency of the business activity. This also includes the protection of tangible and intangible assets as well as the prevention and/or detection of financial losses that may be caused by own employees or third parties;

  • To ensure the correctness and reliability of the internal and external financial accounting;

  • To comply with the legal regulations applicable to the company.

For more information, see idw.de

The principles, organisational structures and processes of the accounting-related ICS are set out in policies and organisational instructions that are continuously updated in response to external and internal developments. The controls defined throughout the group are set out in a group accounting manual. The requirements contained in the policies and organisational instructions are based on statutory provisions and voluntarily defined company standards.

With respect to financial accounting, this ensures that business transactions and circumstances are fully and duly identified, processed and recognised in the financial statements completely and accurately. This ensures correct financial accounting.

 

Effectiveness of the internal audit and risk management system

The internal control and risk management system comprises a number of dynamic subsystems that are continuously adapted to changes in the business model, the nature and scope of business transactions, or responsibilities. As a result, internal and external audits reveal potential for improvement in individual cases with regard to the appropriateness and effectiveness of controls. As far as the assessment of these management systems is concerned, the Executive Board is not aware of any insights that would render them inadequate or ineffective as a whole.

 

Risk identification and assessment

We work with a risk pool in order to recognise and record all risks relevant to Bechtle as completely as possible. The risk pool describes all potential risks that the Bechtle Group is able to identify. As part of the sustainability risk assessment, these also include financial risks for the company’s own business activities and sustainability-related effects – thus taking double materiality into account.

For more information, see Risk management and Internal Controls for Sustainability Reporting

At Bechtle, specific risks are identified by means of risk recording forms, which structure various risk types in the form of a checklist. The contents of this list can be adapted and supplemented by the stakeholders involved in risk identification and measurement, in order to take any peculiarities of individual business segments into consideration.

The risk assessment form, which contains risks from the risk pool and whose purpose is to identify potential risks as comprehensively as possible, serves as the basis for the risk assessment. Each risk is assessed for probability of occurrence and expected damage amount (risk potential) and, within the risk analysis, is positioned in a risk matrix indicating the significance (A1, A, B and C risks). The result is an additive presentation of all identified risks in the form of qualified overviews, both for Bechtle as a group and for each of its business segments. In its risk assessment, the Bechtle Group carries out a net assessment of the significant risks of the A and B categories, i.e. a risk assessment after the introduction of specific measures. In doing so, largely standardised values are assumed for major risks and individual risks. The available risk-bearing capacity is calculated by comparing this with the gross assessment. Overall risk-bearing capacity describes the Bechtle Group’s financial potential to absorb any losses that may arise should the identified corporate risks materialise. Specifically, key indicators from the balance sheet are compared with the aggregate risk position. This produces the available risk-bearing capacity. The result of this calculation in the fourth quarter of 2025 was that the aggregate risk position as a proportion of risk-bearing capacity stood at a very comfortable 44.3 per cent, meaning that the risk-bearing capacity was sufficient.

Risk control

Risk control is initially the responsibility of the respective operational units. The company responds to identified risks on a case-by-case basis and with different strategies.

  • Risk avoidance: Refraining from activities involving risks, albeit with the possibility that this may mean missing opportunities.

  • Risk reduction: Reduction of the average probability of occurrence and/or of the amount of the loss.

  • Risk transfer: Transfer of the risk to another (insurance) company.

  • Risk acceptance: Acceptance of the risk without taking countermeasures.

Risk reporting and documentation

The management of the Bechtle Group holds risk management meetings at least once a year. The formal requirements for these meetings are continuously reviewed and are expanded to reflect the risk situation in new areas. In addition, separate meetings are held for each segment and selected management areas, at which the risks are explicitly discussed and continuously reassessed with the responsible individuals. The members of the Executive Board attend the meetings of the essential operative units as well as the Group meeting in their entirety. The Executive Vice Presidents, Vice Presidents and individual employees entrusted with controlling and risk management tasks also take part in these meetings. This ensures that the areas and responsibilities that are material to the company’s success are embedded in the risk management process.

The main risk survey is conducted once a year. In addition, the above group receives a quarterly status enquiry, which reviews the previous risk assessment and identifies any potential new risks. In addition to the standard reporting and assessment of risks at these meetings, there is an arrangement for ad-hoc reporting. In this way, critical issues are reported immediately to the Executive Board and subsequently to the responsible bodies (audit committee, Supervisory Board) and other individuals involved in the risk management process.

Central risk management sends the risk report on the main survey to the entire Executive Board once a year after the second quarter of a fiscal year, and the reports on the update surveys three times a year on a quarterly basis. The detailed risk report of the main survey is passed on to the audit committee with supplementary documents and forwarded to the Supervisory Board for information.