Risk management
Our business operations involve a number of uncertainties. Risk management is all about targeting uncertainties that could impede the achievement of the strategic objectives.
Organisation of risk management
To ensure ongoing and comprehensive management of risks, we ensure that our risk management system keeps pace with internal and external developments. We use planning schedules and analyses to present a realistic picture of the future impact of uncertainties and risks, so as to gain better insight into the reliability of project-related plans, policy choices and risk budgets. This supports our decision-making.
Recording and reporting
We have recorded identified risks, including the risk owners, in risk registers, and we assign quantitative scores to those risks using a single, uniform risk matrix. On a quarterly basis, we report on the main risks by business unit to the Executive Board, which discusses these risks as part of the planning and control cycle. Any risks that fall outside our risk appetite are reported immediately and escalated where necessary. The Executive Board reports on and, in turn, renders account for the risk management and internal control system to the Supervisory Board after discussing it in the Risk and Audit Committee.
Risk appetite and risk tolerance
The risk appetite and risk management we are aiming for in six risk themes at NS (safety, compliance, operations, finance, reputation and CSR) can be found in our ‘risk appetite statements’. We have linked each risk theme to specific performance indicators with a quantitative bandwidth. Every year, the Executive Board evaluates and, if necessary, adjusts the risk appetite for each theme. The risk appetite of NS in 2023 has not changed compared with 2022. Periodically, we evaluate fraud scenarios (both internal and external) based on a risk matrix. This is measured against the NS-wide risk matrix below and measures are taken to mitigate risks where necessary. In line with previous years, we have not identified any fraud risks within our top-9 group risks as listed below.
An explanation of the risks appears as a pop-up when clicking on a risk in the diagram below.
The individual risks have been included in a risk matrix. The more to the right the risk is positioned (from A to F), the more likely it is to materialise. The higher its position in the matrix (from 1 to 7), the greater its impact on NS’s objectives should the risk materialise. The colours show how each risk relates to NS’s risk appetite and at which level within NS any residual risk should be accepted if no further mitigating measures can be taken.
Key changes in the risk profile compared with 2022
The risk profile in the themes of operations, safety and finance remains high. The themes of compliance, reputation and CSR do not contain risks that fall in the top 10 but are in the lower risk categories.
Operations: The main risks are in the area of infrastructure, leading to increasing disruption and impact on product steps and rolling stock, especially due to the delayed introduction of the ICNG trains and unexpected cancellations. The staff shortage risk decreased slightly for NS in 2023 as we improved our operations accordingly. The combination of risks within this theme makes operations highly vulnerable.
Finance: In 2023, revenue developed more strongly than expected. However, passenger-kilometres are still lower than before the COVID-19 pandemic. In addition, the cost of salaries, rolling stock, materials, components and financing increased in 2023 due to inflation and rising interest rates. The ‘indexation gap’ incurred since 2021 is 8.9%.
Safety: Train travel remains one of the safest forms of mobility. However, we are noticing the effects of increasing rudeness and aggression in society and internal staff shortages on public safety. In addition, cybersecurity-related risks are increasing.