Risks & opportunities
We balance risks and their impact with the opportunities and advantages they offer. This allows us to maximize the benefits of a risk while minimizing the consequences.
Risk Culture
Risks can occur anywhere in the organization. That is why it is important that every Coolbluer is aware of risks and can identify them. For this reason, every Coolbluer is responsible for managing their own risks.
In 2022, we updated the management structure for our operational domains and the commercial teams. One of the benefits this offers is that the managers can be more actively involved in the matters they are responsible for. This also includes the management of risks. Coolbluers are supported by our Risk & Internal Control, Tax, Safety, Security & Fraud, Tech Security, Finance, and Legal departments. The ultimate responsibility for risks still lies with the Management Board. This approach allows us to create a risk culture in which risk management stays top of mind throughout the organization and in which risks are managed when and where they occur.
Internal guidelines
To provide Coolbluers with the means to decide how to go about a risk, we have various internal policies in place, which are in part based on external regulation. These policies are written in an honest, direct, and open manner and are easily available to every Coolbluer in multiple languages. We periodically review these policies to ensure they continue to meet legislative demands. Examples of our internal guidelines are:
- The Workguide (the employee guidebook);
- The Friend Code (our code of conduct);
- How can Coolblue help me with undesirable situations? (our whistleblower policy);
- What happens if I cheat? (our anti-fraud policy); and
- What if I don’t stick to the Coolblue agreements? (our disciplinary policy).
Increasing awareness
In 2022, we united decentralized Health, Safety, and Environment departments by starting a central knowledge center. We further defined our information security policy and expanded our risk workshops and awareness sessions. We also continued to offer e-learning modules and training courses that address topics such as information security, the GDPR, labor law, competition law, tax law, and integrity.
Risk profile summary
We identified and listed the risks that can impact the realization of our strategic goals.
Risk identification & assessment
Our risk management focuses on 4 categories: strategic risks, operational risks, finance & reporting risks, and compliance risks. To create a risk profile for each risk, we conduct various top-down and bottom-up risk assessments. We have prioritized the most relevant risks in yearly Strategic Risk Assessment with managers and the Management Board. The results are discussed with both the Audit Committee and the Supervisory Board.
In total, we identified and profiled 12 risks in 2022, which we rated on a 5-point scale for their likelihood, impact, and our risk appetite. Compared to 2021, we reassessed risks and introduced a new one: Economic conditions.
Likelihood
Likelihood is the first scale on which we rate a risk. It defines the probability that a risk will occur within 2 years.
Impact
Impact forms the second scale on which we rate a risk. Here, we assess to what extent a risk would negatively affect the achievement of our goals, promises, and ambitions.
Risk appetite
The third and final scale, risk appetite, is based on the former 2. It defines our willingness to run or take a risk. The lower the appetite, the better our risk management has to be arranged. On the other hand, we sometimes need a higher risk appetite to achieve our strategic goals.
Strategic Risks
- Reputation
Coolblue has a strong reputation. We want to uphold this reputation and prevent any damage to it, as this could negatively influence our business. At the same time, we continue to enter new markets and expand internationally. The effect of this growth on risks is twofold. On the one hand, new risks are introduced, for example through new or changing legislation. On the other, the risks we already identified could have a larger impact on our reputation, as our brand becomes increasingly well-known.
In the assessment of this risk, it became apparent that the overarching risk remained unchanged in 2022. Coolblue is a strong brand that delivers on its promise and has earned the customer’s trust by doing so. To safeguard our reputation, we closely monitor external influences, such as press coverage, and protect ourselves and our customers from parties that unlawfully use our name.
2. Competition
We operate in markets that are highly competitive and dynamic in size. For certain product types, we see that the market size decreases, which leads to stronger competition. Still, this also offers opportunities to solidify our position in the market and motivates us to keep going the extra smile for our customers. Our risk appetite is high, because we believe we continue to distinguish ourselves through our approach to customer needs. As a result, we keep on gaining market share in a shrinking market.
3. Economic conditions
The economic conditions that can negatively impact Coolblue’s business are primarily inflation, recession, and market stagnation. This is because these circumstances directly affect our customers, who then adjust their spending choices accordingly. Highly volatile energy prices could lead to higher uncertainty in energy contract sales and uncertainties in the sourcing of energy.
4. Health crisis
A health crisis like Covid-19 can have a significant impact on other risks, such as Economic conditions, and on our business, specifically on our stock management, delivery propositions, and operations in our stores and warehouse. Over time, both Coolblue and society learned how to counteract these consequences as best we can. Another pandemic or other health crisis could still have an impact, but we have become more flexible and resilient in dealing with this.
Operational risks
5. Information security & data privacy
Ensuring the safety of our data and technology is vital to Coolblue. We constantly improve our IT security measures and do everything in our power to secure our data, prevent data leaks, and minimize the impact a leak may have. This applies to both data we generate ourselves and information that customers provide us with, for example when they place an order. Coolbluers only have access to this data on a need-to-know basis. We review their access rights periodically to ensure they stay up to date.
6. Availability of systems & critical processes
We constantly apply optimizations in our operations, such as mechanization in our warehouse. As a result, our dependency on technology increases. The impact of disruptions also increases, for instance in our automated picking process. To minimize the chance of this happening, we have identified our critical operations and risks. This allows us to minimize the odds of a disruption and the downtime that follows. At the same time, we optimized how quickly we can restore our operations.
7. Stock management
Stock management risks come in 2 categories: excess stock and insufficient stock. To minimize both, we use algorithms that calculate the expected sales patterns every day, which we align our purchasing activities to. This way, we can order the optimal number of products at all times and closely monitor our stock health. Our recent expansions have led us to increase our stock levels. While this does increase the risk of excess stock, it also allows us to improve availability and increase sales.
8. Supply chain continuity
Our business depends on the availability of products and their components. In case of a global shortage, we see a direct impact on the availability of product types we sell. For example, chip shortage impacts the availability of laptops and tablets. We make an effort to ensure continuous availability of impacted products. We work very closely with our suppliers to guarantee a constant optimum supply and make use of our strong financial structure to ensure this.
9. Attract and retain qualified Coolbluers
Qualified and talented people are key to our success. That is why we are always happy to welcome new Coolbluers and help them build their career within Coolblue. At the same time, we see that the competition for skilled personnel remains high. We offer Coolbluers careers rather than jobs, in which we help them continuously refine their skillset. For example, we offer them various training courses at our in-house training facilities. This way, we actively help them build their career within Coolblue.
10. Health, safety, and environment
The health and safety of our Coolbluers is of the highest importance. We have procedures in place that outline in detail how to act in certain situations, such as what to do in case of an emergency. In 2022, we united our decentralized Health, Safety, and Environment departments and recruited new experts. They are responsible for centrally coordinating our Safety Coordinators and Prevention Officers, who for example give health and safety courses to Coolbluers. Together, they ensure optimum safety under all working conditions.
Finance & reporting risk
11. Finance and liquidity
Our operations are financed by our operating cash flow, a negative working capital, and reinvestment of our profits. Because we continuously improve our underlying debtor management, stock management, and treasury processes, we are always able to meet our payment obligations. Operating in the energy supply business includes related sourcing risks, collateral risks, and credit risk on suppliers. We continually monitor our exposure and liquidity to minimize the risk and have sufficient cash and credit lines available.
Compliance risk
12. Regulatory compliance
We continue to grow and expand into other countries and markets, such as Germany and the Dutch energy market. Additionally, we continue to develop our private-label brands. As a result, there is an increasing amount of legislation we need to adhere to. We want to ensure our full compliance with all (announced) governing legislation, simply because it is the right thing to do.
We have a zero-tolerance approach to bribery, corruption, fraud, and any other form of (illegal) misconduct. This is strongly highlighted in our code of conduct and other internal guidelines, which are made available to every Coolbluer. We also offer mandatory training courses that are geared to the relevant legislation within departments. This further ensures our consistent compliance.
Enhancement of our risk management system
As Coolblue grows, so do our Risk & Internal Control, Tax, Safety, Security & Fraud, Tech Security, Finance, and Legal departments. To improve our risk management in 2022, we have implemented both risk-specific measures and enhancements on the internal control framework. These improvements are aimed at stimulating business involvement and ownership within the domains.
Further optimize internal control
We are transitioning from multiple risk control matrices to a single control framework. This internal control framework will contain the key risks and related controls of all processes, including information security, tax, and cyber security. As a result, we can better identify and classify the main risks associated with the processes and test the controls. A summary of the status of internal control and issue tracking is discussed monthly with domain management and the Management Board.
Looking ahead
We are pleased with the steps we were able to take in 2022 in improving our risk management and internal control framework. They will form a solid basis for further enhancements we have planned for 2023. We will further strengthen internal control, broaden our risk assessment activities in terms of IT, and enhance our cybersecurity posture.
