Management

p-ISSN: 2162-9374    e-ISSN: 2162-8416

2012;  2(4): 118-124

doi: 10.5923/j.mm.20120204.06

Risk Management in Connection with Acquisitions Using the Example of the TÜV NORD Group

Maksim Saat 1, Jürgen Himmelsbach 2

1Department of Business Administration, Tallinn University of Technology, Tallinn, 12618, Estonia

2Department of Finances, Accounting and Risk Management TÜV NORD Group, Essen, 45259, Germany

Correspondence to: Maksim Saat , Department of Business Administration, Tallinn University of Technology, Tallinn, 12618, Estonia.

Email:

Copyright © 2012 Scientific & Academic Publishing. All Rights Reserved.

Abstract

The legislator has left open the operationalization of the risk management system in enterprises; they are not compelled to implement a certain standard approach. Therefore enterprises are using different types of risk management systems. Aim of the paper is to describe the development of risk management system and main principles of TÜV NORD and also TÜV SÜD – who has been using its risk management system for more than 10 years and which was implemented by the authors. It has been constantly developed by authors collaboration further and complemented by new insights, gained from world-wide implemented acquisitions. The concept of the risk management system must assure that all relevant risks that might affect an enterprise especially in connection with acquisitions and not only with operational business are identified. Therefore a systematic process, which will be explained in the paper, has been chosen by the authors to provide the risk identification with a definition of the risk levels and the risk fields. It can be expected that in the future the economic significance of a meaningful risk management – especially in light of the technology development in connection with increasing of complexity, the globalisation of the industry and therefore the legal requirements – as a value-oriented instrument in the management of an enterprise will further increase.

Keywords: Risk Management, Acquisitions, Mergers, Controlling

Article Outline

1. Introduction
2. Local Germanand Examples for International Regulations Concerning Risk Management
3. Organisation of the Risk Management System of the TÜV NORD Group
    3.1. Risk Owners
    3.2. Risk Managers of the Enterprises
    3.3. Risk Managers of the Business Units
    3.4. Risk manager of the TÜV NORD Group
    3.5. Management Board of the TÜV NORD Group
    3.6. Internal Auditing and external auditors of the TÜV NORD Group
4. The Risk Management Control Cycle of the TÜV NORD Group
    4.1. Corporate Objectives / Success Factors
    4.2. Identification of Risks
    4.3. Assessment of Risks
        4.3.1. Occurrence Probability
        4.3.2. Level of Damage
        4.3.3. Gross and Net Evaluation
        4.3.4. Risk Class
    4.4. Risk Control and Risk Communication
5. Risk Management in Connection with Acquisitions
    5.1. External Influences on the Enterprise
    5.2. Internal Influences on the Enterprise
6. Summary

1. Introduction

The TÜV NORD Group is a globally active enterprise with more than 10,000 employees that provides testing services (TÜV SÜD Group: more than 16,000 employees)[1]. Through its holding enterprise, TÜV NORD AG, the TÜV NORD Group has in recent years acquired enterprises at home and abroad to hold its ground against competitors in a consolidating market. Against the background of the increasing internationalisation and globalisation of the testing services market in which TÜV NORD Group is operating and the growing economic complexity and ever greater competitive pressure, we need to take entrepreneurial risks to enable us to be commercially successful.
According to the management consulting and auditing firm KPMG, risk "no longer just means the occurrence of an unfavourable event which risk, ideally, is reduced by control measures, minimised by redundant systems or otherwise hedged against.
Today, risk has become a measure of the uncertainty of forecasts and planned development", so that risk management has gained strategic importance[2].
The aim of a well functioning and proactive risk management system has to be the systematic determination and assessment of and reporting on all risks of anenterprise.
Subsequently, the fundamentals of the risk management system as well as the organisation and arrangement of the TÜV NORD Group added with information of the TÜV SÜD Group should be presented by the authors before the risk management concerning acquisitions is expanded upon.

2. Local Germanand Examples for International Regulations Concerning Risk Management

In recent years, national laws and requirements or recommendations by professional associations regarding the introduction of risk management systems have been issued in many countries. In Germany, provisions from the newly decreed control and transparency in business act (KonTraG) have been incorporated into the stock corporation act (Section 91 (2) AktG) "according to which the board of management of a public limited enterprise has to take suitable action — in particular introduction of a monitoring system — to ensure that any development jeopardising the continued existence of the enterprise will be detected at an early stage"[3]. In addition to the stock corporation act, the provisions are also anchored in Sections 289 and 317 of the German Commercial Code (HGB)[4]. In 2002, the KonTraG was supplemented by the German Corporate Governance Code, which gave it additional substance[5]. Moreover, additional regulations have been issued most recently such as the German Accounting Law Modernization Act (BilMoG) or the 8th EU Enterprise Law Directive (Directive on Statutory Audit) which also have an effect on the risk management system to be set up in anenterprise[6]. According to this, the board of management of a public limited enterprise is obligated to report on existing risks and, now also, chances in the annual report to the annual financial statements. Moreover, an effect on other forms of enterprise such as the private limited enterprise is assumed[3].
In the context of their annual audits, public accountants have to examine the effectiveness of the risk management system and provide information about the system in the auditor's report.
The prevailing legal opinion is that the risk management system has to extend to all subsidiaries world-wide if they may be the origin of any development which endangers the parent enterprise[3]. Against this background, it becomes clear that the current world-wide acquisitions of enterprises by the TÜV NORD Group jointly with its holding enterprise TÜV NORD AG may have a considerable influence on the risk management.
The rules regarding risk management have also been made clearly stricter internationally. For instance, the Sarbanes-Oxley Act (SOA or SOX) has been adopted in the U.S[8].Its objective is to improve the precision and reliability of accounting information that is reported to investors[9]. The SOA applies to all enterprises traded on an American stock exchange, including their world-wide subsidiaries. Furthermore in the UK the rules of risk management are based on the Cadbury Committee’s Code of Best Practice for the financial matters[10]. Moreover the Financial Security Act rules the control of risk management in France[11]. As an interim conclusion, it can be drawn: A enterprise's risk management has globally gained much importance in recent years.

3. Organisation of the Risk Management System of the TÜV NORD Group

The legislator has not defined the operationalization of the mandatory risk management system in the enterprises, i.e. enterprises are not taught to implement a certain standard set[12]. Accordingly, different shapes of risk management systems are installed in the enterprises. The TÜV NORD Group has been using its risk management system, which was implemented from the authors for more than ten years. The system has been continuously developed and supplemented by knowledge gained from the global acquisition measures.
Organisation and structure of TÜV NORD Group's risk management system are explained below from the authors, before we will deal with the risk management in connection with acquisitions. A clear organisation of the risk management system is absolutely essential for the smooth and efficient working of the system. The duties and responsibilities of the corporate divisions and individual enterprises and their mutual relationships in the context of the risk management system must be clearly laid down in order to avoid possible lack of clarity with respect to areas of competence or of overlaps. A successful risk management system is based on the smooth interplay between all those involved. The TÜV SÜD Group has also implemented a risk management system since years[13].
Against this background, an open corporate culture should prevail in which each employee detects risks at its workplace and reports them to the relevant risk manager.
The figure below shows all those involved in TÜV NORD Group's risk management system:
Figure 1. Structure of the risk management system.[Source: Own diagram based on internal documents of the TÜV NORD Group]
The specific areas of competence will be dealt with below.

3.1. Risk Owners

As those responsible for the business process also at the TÜV SÜD Group, the boards of management, managers, department heads and project managers etc. of the enterprises of the TÜV NORD Group are the risk owners. The risk owners main tasks include especially the following (see also chapter 4):
•Identification of risks and documentation on a record form
•Analysis of the risks with respect to occurrence probability and probable level of damage
•Determination, quantification and monitoring of implementation of the countermeasures
•Electronic transmission every three months of the record form for the identification of risks to the competent risk manager of the enterprise
•Where relevant, ad hoc reporting up on newly identified risks or existing risks in the case of major changes

3.2. Risk Managers of the Enterprises

The responsibilities of the risk managers cover in particular the following:
•Implementation of the rules for risk management system and coordination of the recording of risks in the enterprise.
•Consideration of individual risks which cancel one another out or which are cumulative.
•Check whether the record forms have been completed and electronic transmission of the signed forms to the risk manager of the business unit.
•In the case of so-called ad hoc reporting, passing on of the relevant information.
•Acting as contact for the auditors, risk manager of the business unit, supervisory board / advisory council of the enterprise.

3.3. Risk Managers of the Business Units

The risk managers of the business units are responsible for the business unit with the following major tasks:
•Controlling and discussion of the reports first with the risk manager and second with the member of the management board responsible for the business unit.
•Integration of newly founded or newly acquired enterprises into the risk management system by arrangement with the risk manager of the TÜV NORD Group.

3.4. Risk manager of the TÜV NORD Group

The main tasks of the risk manager of the TÜV NORD Group include the following:
•Establishing and further developing of the rules for the risk management system.
•Regular check of the individual risks from the group`s point of view.
•Summary of the reports from the business units to form an overall report and acting as contact for the auditors.

3.5. Management Board of the TÜV NORD Group

The management board also at the TÜV SÜD Groupis responsible for ensuring that risk assessment standards are laid down and that a watch is kept on whether necessary countermeasures for risk control have been taken[13]. It informs the supervisory board on a regular or ad hoc basis in a brief report of any major risks or risks which are a vital threat to the enterprises continued existence.

3.6. Internal Auditing and external auditors of the TÜV NORD Group

An important part of internal auditing measures focuses also at the TÜV SÜD Group on the workability of the internal controlling system and the risk management system[13]. In the context of the risk management system, the task of internal auditing as a supervisory body independent of the process is to check the group-wide application of the risk management system and, in acenterpriseing audits, the efficiency and appropriateness of the measures of the risk management system.
According to German law, the auditors have to check whether a risk management system exists in the enterprise and the system basically meets the requirements of adequate and orderly corporate governance.

4. The Risk Management Control Cycle of the TÜV NORD Group

The figure below shows the risk management control cycle:
Figure 2. Risk management control cycleSource: Own diagram following[14]
The individual elements of the risk management control cycle, which was implemented by the authors, do not stand in isolation but are based on one another and exercise a mutual influence such that they can be shown in the form of a control cycle. This control cycle is constantly passed through in every enterprise of the TÜV NORD Group. The control cycle ensures that a standard and systematic method of identification, assessment, control and communication of risks is applied throughout the enterprise. The TÜV SÜD Group has also implemented a risk management process to report all the risks every three months[13].To ensure permanent functioning and integration of the control cycle in the corporate control system, it is necessary to have an appropriate organisation, including monitoring of the control cycle. The individual elements, the organisation of the control cycle and the related tasks are described in detail below.

4.1. Corporate Objectives / Success Factors

The corporate objectives and strategies form the basis for a systematic risk management system. The process of establishing the objectives and communicating should be systematic and in real time. This will ensure that for all divisions and hierarchical levels criteria will be defined which can serve as the basis for the identification of risks.

4.2. Identification of Risks

The notion of identification of risks must ensure that all relevant risks which have or may have an impact on anenterpriseare logged.
To ensure a complete record of all relevant risks, it is necessary to adopt a systematic procedure to identify them. For this purpose, risk levels have been defined, taking account of different risk fields {Additional detailed explanations see chapter 5 [7, 15, 20]}.

4.3. Assessment of Risks

After the risks have been identified, an assessment must be conducted. The main aim of the assessment is to highlight the relevant potential risks. The assessment of the effects should if appropriate be made precise by means of economic calculations on the basis of mathematical-statistical methods[6]. Where quantification is not possible in an exceptional case, only a qualitative description of the risk is made (e. g. threatening damage to the enterprise image). The risks identified are assessed with reference to the two dimensions of occurrence probability and level of damage.
4.3.1. Occurrence Probability
The occurrence probability of the risk indicates the estimated expectation that the risk identified will arise. The occurrence probability indicates how probable the occurrence of a risk is, while it says nothing about the possible time of risk occurrence. To support the estimate of occurrence probability, the probability classes defined below were formed by the authors:
•Probability class "Low"0 to 25%
•Probability class "Moderate"25 to 50%
•Probability class "High"50 to 75%
•Probability class "Very high"75 to 100%
4.3.2. Level of Damage
The rating of the level of damage represents the anticipated impact after the emergence of the risk on the situation in the respective enterprise in respect of the result. The level of damage is basically assessed following the principle:
•Vital treatmore thanhalf the equity capital of the enterprise
•Majormore than one third tohalf the equity capital of the enterprise
•Significantmore than one sixth toone third of the equity capital of the enterprise
•Perceptiblezero toone sixth of the equity capital of the enterprise
4.3.3. Gross and Net Evaluation
When assessing risks, a distinction is drawn between gross and net evaluation. The evaluation levels are defined by the fact that, in the gross evaluation, the measures already taken by the enterprise to control and deal with the identified risk are not considered in the assessment. The net evaluation, on the other hand, highlights the remaining hazard potential (residual risk) once the measures established have been considered. To obtain a better assessment of the countermeasures, both methods are applied to assess the risk. The establishment of effective countermeasures is another component of risk control which has to be implemented by the operative management of anenterprise. On the basis of the risk analysis, the existing risk management measures are to be highlighted and their impact assessed by the controlling department in consultation with the respective risk owners. In particular where there is a high residual risk, it may be necessary to establish what further action is necessary. The countermeasures have to be stated more precisely by means of costs and the definition of deadlines.
4.3.4. Risk Class
The hazard potential of a risk can be presented in the form of a two-dimensional matrix made up of the occurrence probability and probable level of damage. To avoid deceptive accuracies, risk classes are projected by allocation to the following categories:
Figure 3. Risk classes[Source: own diagram based on internal documents of the TÜV NORD group]
The risk classes are intended to indicate the risk potential for the respective enterprise. Risk class AA was formed to provide an overview of the top risks for anenterprise. These risks are of the highest priority. Like the risks of class A, they invariably require additional and real-time measures to cope with risk, where such measures are economically appropriate and justifiable. Risks of class B must be regularly monitored. Furthermore preparations must at least be made for additional necessary measures. Risks of class C must be consciously monitored so that the first signs of a rising potential risk can be detected at an early stage.

4.4. Risk Control and Risk Communication

Control consists of monitoring and in the case of risks additionally of overcoming. The logging as described above serves primarily to ensure transparency in the situation of the respective enterprise. It forms the basis for a comprehensive control of the risks. The establishment of effective countermeasures and the monitoring of risk-related factors with a view to early detection are other components of risk control which have to be implemented.Reporting in the risk management system on a quarterly basis at every enterprise and also the TÜV NORD and TÜV SÜD Group must ensure that the competent decision-makers are notified early in a systematic form of the risks that exists.

5. Risk Management in Connection with Acquisitions

In the last six years, the TÜV NORD Group has made 28 acquisitions. 17 of the enterprises purchased are headquartered in Germany and 11 abroad. Due to the acquisitions, the number of employees has increased from more than 2,000 to more than 10,000. At the same time period the TÜV SÜD Group also has acquired 28 enterprises[17]. As soon as an acquisition is completed, integration of the enterprise into the TÜV NORD Group and thus into the risk management system begins. In connection with the integration, numerous workshops are held and the responsible employees of the acquired enterprise are comprehensively trained. The processes of the risk management system has to be implemented at the acquired enterprises. Against the background of new knowledge and experience gained in connection with the expansion of the TÜV NORD Group, the risk management is continuously developed and extended.
However, in order not to have to register unknown or unforeseen risks in the context of the integration of acquired enterprises into the risk management system, a risk analysis should be performed in the context of the acquisition process. However, risk analysis is different from operational risk management, in particular with regard to its project character and information basis (publicly available information and information provided by the target enterprise)[17]. Risk analysis should include the most important elements of risk management, i.e. risk identification and risk evaluation, and can be integrated into the due diligence process. A due diligence procedure also should be carried out for each acquisition. {According to Section 11 of the US Securities Act of 1933, brokers reproached for having withheld important information from investors were able to relieve themselves from personal liability by the defence of due diligence. To do this, they had to prove, among other things, that as a consequence of an appropriate investigation they had reasonably believed that all information published had been true and no essential information had been omitted[18]}.
The aim of due diligence has to be the identification of all risks of anenterprise and their subsequent minimisation or inclusion into the calculation of the enterprise value. A due diligence procedure can be divided into the following areas: basic, strategic, financial, marketing, human resource, legal, tax, environmental, organisational and IT due diligence[19].In a due diligence process the enterprises can also cooperate with external advisors such as auditing and law firms to perform due diligence checks and risk analyses.
In the following, the authors will deal with issues of risk management or risk analysis in the acquisition processes which are of great importance for every enterprise. For this background to ensure a complete record of all important risks, it is necessary to adopt a systematic process to identify them, which was developed and implemented from the authors in the TÜV NORD Group in the last years to reduce the risks concerning acquisitions. For this the issues will be classified by external and internal influences on the enterprise (see Figure below).
Figure 4. Identification of Risks[Source: Own diagram based on internal documents of the TÜV NORD Group]
With regard to the risk levels and risk fields established, all the relevant risks must be identified, measured and describe as precisely as possible.

5.1. External Influences on the Enterprise

At the "global environment" risk level, in particular the issues of macroeconomic development, technological development and political-legal development are of very great importance for every enterprise and also to the TÜV NORD Group. Furthermore the issues of socio-cultural and ecological development are to consider.
Macroeconomic development in particular includes cyclical risks which find expression in the fluctuation of economic variables (e.g. gross domestic product) of a national economy and foreign currency and inflation risks[15]. To enable the assessment of such risks for a country in which an acquisition is planned publicly available information provided by financial or research institutions can be used. The country-specific risk potential is estimated on the basis of this data.
In its assessment of the technological developments and the associated technological risks, the TÜV NORD Group usually relies on own Know-How which is supplemented by publicly available studies. Where own Know-How does not exist because the acquisition is made to set up a new business division, enterprises often cooperates with external advisors who prepare expert reports on the further technological development of the market in question. On this basis, the risk potential is estimated.
Political-legal risks identified byenterprisesbasically are the following {Additional detailed explanations see[15]}:
•Fiscal risks: Fiscal measures by governments may present a risk to enterprises.
•Transfer risks: Governments may make retransfer of invested capital, e.g. in the form of distribution of profits, difficult.
•Expropriation and terrorism risks
•Corruption risks: Regular publication of country rankings provides an overview which likewise is very important to enterprises due to the corporate governance and compliance obligations.
•Legal risks: These may be the lack of basic conditions for quality, liability and protection risks or the general jurisdiction.
In the context of an acquisition project, the political-legal risks are also determined, analysed, assessed and compiled.
Central to the risk field socio-cultural developments are circumstances and changes in demographic features (e.g. age structure) or social values, attitudes and norms (e.g. attitudes to the environment).
Ecological developments arising from the exploitation of finite resources or changed environmental and climatic conditions (e.g. environmental disasters) may represent risks for anenterprise.
At the "competitive environment" risk level, the competitors, suppliers and customers issues are often of great relevance to enterprises. Therefore, a detailed analysis of the competitor, supplier and customer situation in a country is performed in the context of the acquisition process. For instance, the general price, service and quality level of testing services, the possibility of new customers entering (entry barriers) or the customers' market power and payment behaviour are analysed in connection with this.

5.2. Internal Influences on the Enterprise

At the "enterprise internal" risk level, all issues are very important always in the case of acquisitions which are why during an acquisition process a due diligence check including a risk analysis for the enterprises to be acquired is carried out jointly with local public accountants and lawyers.
With regard to this, risks may result from anenterprise's strategy/corporate governance, e.g. with respect to questions of composition of the service portfolio, choice of location enterprise investments.
Risks in connection with human resources or cultural aspects are of the highest importance for all service related enterprisesbecause the business model is based on the provision of services by people, not machines. Accordingly, it is important for the management of enterprises to detect risks in connection with key persons (Know-How carriers) at enterprises to be acquired and reduce them by contractually binding these key persons to the enterprise at least for a certain time. Without such agreements which serve to reduce the risk potential, an acquisition should usually not be performed.
Jointly with public accountants, the management of enterprises look for financial risks or risks with regard to the assets of the enterprise to be acquired. These may in particular be found in various items of the balance sheet such as the intrinsic value of receivables from customers or fixed assets (e.g. values of buildings, machines, technical installations and the equipment of the IT system), pension plans or risks arising from under-insurance.
External lawyers can be involved in particular in the determination of organisation risks or business process or project risks. Risks may concern the operational and the organisational structure or exist in the business processes along the value-added chain. There also may be risks in an individual current or future project, environmental or quality management.
At the end of the acquisition process, all risks in connection with external and internal influences on the enterprise which have been identified have to be compiled and assessed. Based on these reports, the board of management and if existing the supervisory board of enterpriseshave to decide whether or not the acquisition will be made. In this way, there should be a close interlocking between the enterprisesrisk management and the acquisition management already prior to an acquisition. In the process, the methods and tools of risk management can be used as explained above. This procedure can prevent or greatly reduce unpleasant surprises in the form of new or hitherto unknown risks after the integration of an acquired enterprise into the risk management system of anenterprise which was also the case at the TÜV NORD Group.

6. Summary

As a consequence of the increased national and international legislation and requirements made by professional associations, ever more enterprises are obligated to install a meaningful risk management system. The organisation of the risk management has to meet the corporate requirements on risk management and be integrated in the corporate organisation.
In the context of the designing of the risk management processes, the enterprise-specific risks initially have to be identified, analysed, assessed and communicated transparently.
This paper would in particular like to show that the close interlocking of different aspects of risk management with acquisition management in acquisition processes seams to be reasonable. This approach can prevent or considerably reduce unpleasant surprises in the form of hitherto unknown risks following the integration of an acquired enterprise into an existing risk management system.
Therefore a systematic process for indentifying all the risks during an acquisition process should be implemented in the enterprises. With such a systematic process – as explained from the authors in the paper – risks of an acquisition will be identified, valuated and finally can significantly be reduced. The main topics of such a systematic risk management process are:
●Definition of the risk level (internal and external influences on an enterprise)
●Definition of the risk fields
●Systematic identification of the risks
●Valuation and communication of the identified risks
●Establishing suitable measures to reduce the risks of an acquisition
In comparison with the competitors of the TÜV NORD Group (e.g. TÜV SÜD Group) the depreciation of assets from acquired enterprises during a time period from 2004-2010 was much lower also because of the systematic risk management process[16]. Furthermore as shown the profitability of enterprises could be increased.
Risk-oriented corporate management ensures anenterprise's continued existence. At the same time, it promotes achievement of the corporate goals to which the risk strategy can make an important contribution. However, this requires that all the employees of anenterprise are made aware of risk management issues.
Risk management is to be monitored and audited by the internal audit department, the annual auditor and the supervisory board.
All in all, it is to be expected that the economic significance of meaningful risk management as a value-oriented tool of corporate management will continue to increase in the future in particular in acquisition processes especially because of:
●Technology development in connection with an increasing of the complexity of enterprises and products
●Worldwide globalisation of the industries
●Influence of environmental aspects
●Macroeconomical aspects for national economies (e.g. financial crisis in Europa)
For this background new risks will be occur which have to be controlled through a systematic and well functioning risk management system.

References

[1]  Annual report of TÜV SÜD AG 2010, page 1.
[2]  KPMG:“RisikomanagementvonderGesetzeserfüllungzumstrategischenSteuerungsinstrument,”Frankfurt,2008.
[3]  D.Holtbrügge,M.K.Welge,“InternationalesManagement–Theorien,Funktionen,Fallstudien”,5thedition,Stuttgart:Schäffer-PoeschelVerlag,2010,ISBN:978-3-7910-2883-5.
[4]  Schmitz,T.,Wehrheim,M.(2006):“Risikomanagement–Grundlagen,Theorie,Praxis,”2000.
[5]  Enz,Rouven:“RisikomanagementinProjekten.EinKonzeptzursystematischenIdentifikation,BewertungundBehandlungvonRisiken,”Duisburg:WiKu-Verlag,2008.ISBN:978-3-86553-257-2.
[6]  “ArbeitskreisExterneundInterneÜberwachungderUnternehmung(AKEIÜ)derSchmalenbach-GesellschaftfürBetriebswirtschaftslehree.V.”In:AktuelleHerausforderungenimRisikomanagement–InnovationenundLeitlinien,Köln,DBleafletno.23of11June2010,p.1245-1252.
[7]  W.Gleißner,“GrundlagendesRisikomanagementsimUnternehmen,”München:VerlagFranzVahlen,2008,ISBN:978-3-8006-3458-3.
[8]  J.Hull,“RisikomanagementBanken,VersicherungenundandereFinanzinstitutionen,”2ndedition,München:PearsonStudium,2011,ISBN:978-3-86894-043-5.
[9]  H. Li, M. Pincus, S. Olhoft Rego, “Market Reaction to Events Surrounding the Sarbanes-Oxley Act of 2002 and Earnings Management,” Journal of Law and Economics, Vol. 51, No. 1, February 2008, published by The University of Chicago Press, p. 111-134.
[10]  M. Leitch, “Risk management history and regulations (UK)”, 23 March 2003.
[11]  AUTORITÉ DES MARCHÉS FINANCIERS (AMF), “Risk management and internal control systems”, Reference Framework, 2010.
[12]  P.Reichling,D.Bietke,A.Henne,“PraxishandbuchRisikomanagementundRating.EinLeitfaden,”2ndrevisedandexpandededition,Wiesbaden:GablerVerlag,2007,ISBN:978-3-8349-0332-7
[13]  Annual report of TÜV SÜD AG 2010, page 107 ff.
[14]  W.Lück,M.Henke,“Risiko-ControllinginWachstumsunternehmen,”in:A.K.Achletiner,A.Bassen,(Hrsg.):ControllingvonjungenUnternehmen,Stuttgart,2003,p.281-298.
[15]  T. Kühlmann, H.D. Haas, “Internationales Risikomanagement, Auslandserfolg durch grenzüberschreitende Netzwerke”, München: Oldenbourg Verlag, 2009, ISBN: 978-3-486-58875-0.
[16]  Annual reports of TÜV SÜD AG 2004-2010, page 3 ff.
[17]  W.Schmitting, “Perspektiven eines Risikomanagements im Rahmen von Unternehmensakquisition und Due Diligence,” in: W.Berens, H.U. Brauner, J. Strauch, (Hrsg.): Due Diligence bei Unternehmensakquisitionen, 6th edition, Stuttgart: Schäffer-Poeschel Verlag, 2011, ISBN:978-3-7910-3045-6.
[18]  G. Picot,Handbuch Mergers & Acquisitions,” 2nd edition, Stuttgart: Schäffer-Poeschel Verlag, 2002, ISBN: 978-3-791-01999-4.
[19]  G.Picot, “Handbuch Mergers & Acquisitions: Planung – Durchführung – Integration,” 4thedition, Stuttgart: Schäffer-Poeschel Verlag, 2008, ISBN: 978-3-791-02733-3.
[20]  M.Diederichs,“RisikomanagementundRisikocontrolling,Risikocontrolling–einintegrierterBestandteileinermodernen Risikomanagement-Konzeption,” München: Verlag Franz Vahlen, 2004, ISBN: 3-8006-3084-2.