Skip to website navigation Skip to article navigation Skip to content

Risk management

Alzheimer Nederland and NS donate train components to 22 nursing homes so they can create their own travel compartments for residents with dementia.

NS wishes to keep the Netherlands accessible in a sustainable manner. Our operations involve a number of uncertainties. Risk management is all about targeting uncertainties that could impede the achievement of the strategic objectives.

Organisation of risk management

To ensure permanent integral management of risks, risk management must move along with internal and external developments. We use planning schedules and analyses to present a realistic picture of the future impact of uncertainties and risks, so as to gain better insight into the reliability of project-related plans, policy choices and risk budgets. This supports our decision-making process.

Recording and reporting

We have recorded identified risks, including the risk owners, in risk registers and assign quantitative scores to those risks using a single, uniform risk matrix. Every three months, NS reports the main risks for each business unit; those reports are discussed in the Executive Board as part of the planning and control cycle. Any risks that fall outside our risk appetite are reported immediately and escalated where necessary. The Executive Board reports on and renders account for the risk management and internal control system to the Supervisory Board after discussing it in the Risk and Audit Committee.

Risk appetite and risk tolerance

The risk appetite and risk management we are aiming for in six risk themes at NS can be found in our ‘risk appetite statements’. Each risk theme is linked to specific performance indicators with a quantitative bandwidth. Every year, the Executive Board evaluates and, if necessary, adjusts the risk appetite for each theme. The table below presents the current risk appetite for each risk theme plus the most important group risks. NS adapted its risk appetite in 2022 in response to the impact of several factors, including the staff shortage. The shortages on the labour market, the unexpectedly high outflow and internal advancement of (in particular) main guards and the high sickness absence rate had a substantial impact on our operational performance over the past year. The staff shortages may prove persistent and could even increase, given the persistently tight labour market and our ageing operational workforce. This is why NS has become more risk averse in the field of operations. Specifically, this means that operational risks are now more likely to qualify as unacceptable in the risk matrix.

The individual risks have been included in a risk matrix. The more to the right the risk is positioned (from A to F), the more likely it is to materialise. The higher its position in the matrix (from 1 to 7), the greater its impact on NS's objectives should the risk materialise. The colours show how each risk relates to NS's risk appetite and at which level within NS any residual risk should be accepted if no further mitigating measures are or can be taken. Click on a risk for a pop-up explanation.

Main group risks: 1 - Staff shortages 2 - Revenue 3 - Costs 4 - Infrastructure 5 - Absenteeism due to psychological causes 6 - Cyber threat 7 - ICNG 8 - Non-compliance 9 - Safety 10 - Digitalisation

  • 1Staff shortage
  • 2Revenue
  • 3Costs
  • 4Infrastructure
  • 5Psychological absence
  • 6Cyber ​​threat
  • 7ICNG delayed
  • 8Non-compliance
  • 9Safety
  • 10Digitalisation
1 2 3 4 5 6 7 8 9 10

1. Staff shortage

Group risk

The risk that we do not have enough skilled and vital employees.

Development 2022

Greatly increased tight conditions on the labour market, higher outflow and transfer of employees, high absenteeism also due to increased work pressure. This risk occurred in 2022 and led to continuity problems.

Control measures

  • Limit outflow through better retention (including later retirement, flexibility in rosters) and focus on employee experience and increased vitality.

  • Increase inflow through employer branding, proactive recruitment and further scaling up of training capacity.

  • More robust planning and timetables, with which shortages are better and more predictably accommodated.

  • In consultation with social partners to adjust deployment model, with measures in the short term (e.g. deployment of office staff) and long term.

2. Revenue

Group risk

The risk of disappointing revenue due to the scaling down of the timetable, the resurgence of the COVID-19 virus, and the insufficient ability to bind new passengers to us and to activate existing passengers to travel more.

Development 2022

Revenue in 2022 was still less than before the outbreak of COVID-19. We also expect substantially lower revenue in the coming years due to, among other things, more working from home, a decrease in purchasing power and the termination of the availability payment after 2022. The scaled-down timetable makes it difficult to achieve further growth.

Control measures

  • We conduct continuous research in order to gain insight into changing travel behaviour and customer satisfaction. Passenger forecasts are therefore regularly updated. These insights are used, among other things, for:

    1. improving services;

    2. activating our season ticket and business card holders to travel more often;

    3. adjusting propositions to continue to meet the wishes of customers as much as possible;

    4.  targeted marketing and communication to bind new passengers to NS;

    5. the targeted deployment of train (reinforcements) in order to prevent crowded trains.

3. Costs

Group risk

The risk that the € 1.4 billion savings will not be realised or that cost increase.

Development 2022

The savings plan of € 1.4 billion up to and including 2024, which was drawn up in consultation with the social partners, is roughly according to plan. On the other hand, costs are increasing due to inflation with an impact on salaries, equipment, materials, parts and financing interest, while rail fares cannot be increased as much as the rate of inflation. The costs of the digitalisation process that NS is going through, as well as cyber security measures, are also rising.

Control measures

  • Tight monitoring of savings initiatives.

  • Collective labour agreements made until 1 January 2024. 

  • Energy costs are covered until 31 December 2024. 

  • Negotiation with contracting authority about the terms and conditions in the franchise from 2025.

4. Infrastructure

Group risk

The risk that the implementation of the timetable and the realisation of our ambitions (high frequency and speed increase) will be negatively affected by infrastructure bottlenecks.

Development 2022

In 2022, infrastructure bottlenecks have emerged that negatively affect the operation of the train services and the realisation of our domestic and international ambitions. It is positive that the government is releasing € 4 billion for investments in the railways. Despite the fact that € 585 million is available within these investments for already known bottlenecks, NS considers this insufficient to remove all these bottlenecks (track stability, level crossings, energy).

Control measures

  • We are discussing these matters within the Medium-Term process with ProRail and Ministry of Infrastructure and Water Management and NS is requesting explicit attention for the removal of future infrastructure bottlenecks.

  • Influence the planning of service disruptions to limit passenger inconvenience.

  • Supporting ProRail in monitoring the condition of the infrastructure.

  • Preparing alternative planning in the case of infrastructure failure, such as during last year’s severe winter weather.

  • NS takes a much more active role in some infrastructure files (such as Schiphol or Amsterdam).

  • Continuously shortening the logistics lead times so that the planning can be quickly adjusted in the event of long-term infrastructure bottlenecks, such as this year at Swifterband.

5. Psychological absence

Group risk

The risk of psychosocial complaints due to work stress.

Development 2022

The workload increased sharply in 2022 due to structural staff shortages and persistently high sickness absence rates.

Control measures

  • Set up policies and procedures properly.

  • Monitoring the follow-up of results and actions in response to MBO 2022 and NS-wide in-depth risk analyses (RI&Es).

  • Reporting on psychological absence with Arbo Unie to enable targeted (collective) actions.

6. Cyber ​​threat

Group risk

The risk of a cyber attack because NS does not meet the compliance or security requirements for IT or OT (= IT on and around the train).

Development 2022

NS has taken further control measures, but in the meantime the threat level is greater due to further (chain) digitalisation and cyber threats are increasing, partly due to the now hybrid war from Russia directed towards vital infrastructures.

Control measures

  • Implementation of the NS Cyber ​​Security Management System (CSMS) and ISO27001 certification on NS Business Card processes.

  • Increased attention to cyber-safe culture, partly based on phishing campaigns and NS-wide knowledge sessions.

  • Cyber ​​roadmap with measures to intrinsically reduce the cyber vulnerability of NS, based on a secure-by-design set-up and architecture.

  • Further development of human and technological capacity for early detection and follow-up of cyber incidents.

7. ICNG delayed

Group risk

The risk that further delay of ICNG leads to insufficient back-up rolling stock or even a period with insufficient rolling stock in operational service (after the outflow of Traxx locomotives).

Development 2022

We have not realised the ambition for the ICNG inflow in 2022 due to essential software updates, the length of the admission process, capacity and delivery problems due to COVID-19, the war in Ukraine and setbacks in production. NS has produced a new schedule, in which the passenger service with ICNG will start in Q2 2023. In this schedule, it remains feasible to complete the full inflow of ICNG between Amsterdam and Breda in 2023.

Control measures

  • Maximum extension of the contracts for Traxx locomotives and the life of the ICM carriages (back-up rolling stock).

  • Maximum control of Alstom on timely delivery of ICNG within the framework of the functional requirements and quality.

  • Continuous consultation with IL&T about the optimal course of the admission procedure.

  • Intensive cooperation between NO Process Management and Programme ICNG to incorporate the latest forecasts regarding the delivery of ICNG on time in the rolling stock planning, in order to limit any impact on timetable steps in 2023 to 2025 as much as possible.

8. Non-compliance

Group risk

The risk that NS does not comply with legislation and regulations or that applicable standards and values ​​are exceeded.

Development 2022

We further strengthened the control of compliance in 2022, as part of a multi-year programme. In addition, compliance policy, monitoring and accountability were further expanded.
In the area of ​​undesirable behaviour, the improvement in 2022 will be limited.

Control measures

  • An NS-wide integrated compliance vision has been established in 2022.

  • Regular reporting takes place through an NS-wide compliance dashboard with key risks, issues and relevant KPIs.

  • NS-wide training courses to keep employees’ knowledge of legislation and regulations up-to-date. 

  • A national programme to improve behaviour on the shop floor based on the NS Code of Conduct.

9. Safety

Group risk

The risk that NS does not take adequate measures to prevent safety incidents or does not sufficiently fulfil its duty of care.

Development 2022

The key risks have been updated for each domain by owners and advisers. We manage the risks more proactively with KPIs.
In the field of social safety, the visibility of NS in 2022 was sometimes insufficient.

Control measures

  • Rail travel is one of the safest forms of mobility. NS seeks to continue improving safety by controlling risks and continuously improving performance. Considerable progress has been made in all areas.

  • In the field of social safety, we focus more specifically on the visibility of personnel in trains and at stations based on data-driven efforts. At a local level, NS works with government bodies, the police and agencies on specific measures. NS cannot solve some problems itself and is working with the ministries involved on a ‘10-point plan’.

  • Crowding at the stations continues to increase due to more events and more travellers at the weekends. NS is working on integrated process improvement with regard to events, with a specific focus on Bijlmer Arena station.

10. Digitalisation

Group risk

The risk that the customer relationship deteriorates and that agile logistics cannot improve because we do not realise digitalisation projects.

Development 2022

Insufficient availability of IT personnel and complexity of IT systems have a negative impact on the digitalisation acceleration.

Control measures

  • The most important critical systems in train logistics control have been replaced. The large operational legacy systems, including the travel information system and Data Warehouse systems, are in transition for replacement.

  • Strategic plan for recruitment of IT personnel and strategic personnel planning. Internal data talent training programme ready.

  • Plan for a digital commercial strategy about, among other things, standardising digital distribution channels. 

  • Development of effective target architecture.

Key changes in the risk profile compared with 2021

The risk profile saw a negative development in 2022, especially on the risk theme of Operations, where the shortage of staff had a considerable impact on our operational performance. The risks in connection with Safety and Finance remain high. We do however note an improvement on the theme of Compliance, where our measures are becoming increasingly effective.

  • Operations: The main risk is that the existing staff shortages persist or become even worse. The shortages are attributable to the structural staff shortages on the labour market, high exit and internal advancement rates among main guards, high sickness absence levels and our ageing operational workforce. The most visible effect of these staff shortages are their direct consequences for train services, but shortages also affect other job categories and business processes. This effect is strengthened by the risk of psychological sickness absence, caused by factors such as high work pressure and persistent COVID-19-related health issues. Another persistent risk is infrastructure, where - despite the announced government investments - quality and volume issues can potentially result in product development steps being postponed or cancelled altogether, or in increasing levels of operational vulnerability.

  • Finances: Revenue levels remain uncertain due to lower passenger number forecasts and changing travel behaviour following the COVID-19 lockdowns. Furthermore, cost-related risks increased in 2022 as a result of higher inflation rates and disrupted supply chains.

  • Safety: Rail travel remains one of the safest forms of mobility. However, rail travel is not immune to the increasing rudeness in social intercourse (personal safety) nor to the increasing risks in the cybersecurity domain.

Add to My report
Print page