Taking risks is an inherent part of doing business. That is why risk management is an essential part of Heijmans' culture, corporate governance, strategy development and operational and financial management. Heijmans is prepared to take certain risks associated with the performance of our core activities, but only within the limits and in balance with our earning capacity, as defined by the Executive Board in consultation with the Group Board and under the supervision of the Supervisory Board. We apply the ‘three lines of defence’ model.
The limits ensure that the actions of one person do not lead to disproportionate risks or missed opportunities for the entire company. Heijmans' risk management is designed to provide reasonable assurance that objectives are achieved. This is achieved by integrating management control into daily activities (1st line), complying with legal requirements and guaranteeing the integrity of the company's financial and non-financial reporting with the associated provision of information. Heijmans' risk framework is in line with the Dutch Corporate Governance Code. In the year ahead, Heijmans will work toward the further integration of ESG-related risks and controls in this framework.
We face risks and uncertainties due to external and internal developments, such as geopolitical circumstances in the field of energy and the availability of qualified labour, materials and products. The growing regulation related to nitrogen and other emissions and their impact on the natural and living environments also had an impact. At the end of 2022, we also saw the cancellation of the construction exemption related to nitrogen emissions and at the end of 2024, the Council of State restricted the internal netting scheme. In 2024, we saw a further destabilisation of geopolitical conditions inside and outside of Europe and an increase in the impact of climate change, including the growing impact of water. Other risks include the major challenges facing Europe, including climate, energy, supply chains and defence. These require a lot of investment and are putting a brake on inflation. Risks are also becoming more complex and increasingly interconnected, and can therefore have a greater impact when they occur. On top of this, we are seeing a rise in European citizen involvement in a number of social issues (including environmental pollution), a shift in and fragmentation of the political landscape and social pressure on sustainable and socially responsible entrepreneurship.
The transition of the sector is marked by a growing focus on sustainability, technology and digitalisation, the scarcity of personnel and materials, as well as rising cybercrime. To keep up with the dynamics and rapid developments in the construction world, Heijmans is constantly developing new internal initiatives and is investing in the fields of sustainability, industrialisation and digitalisation. We are committed to sustainable, long-term value creation. These developments are creating opportunities, but they are also introducing new risks and therefore have an impact on our risk profile and risk appetite and on safe digital working.
To stay in control, it is important to limit our risk-taking and keep it at a manageable level, and only take risks that we can influence and to make the most of opportunities. We have set up a risk management process for this. Operationally, we focus primarily on the opportunities within our projects. With our (recalibrated) strategy and the initiatives based on the five pillars, we focus on the opportunities in the medium and long term. Our risk management therefore makes an integral contribution to the realisation of our strategic ambitions and the achievement of our goals, and helps ensure the success of our company.
Risk profile
Heijmans is active in energy, construction and infrastructure projects, including consultancy, design, development, realisation, management and maintenance. We are also active in property development and integrated area development. These activities are grouped into the business areas Living, Working and Connecting. We use digitalisation to create data-driven services, while industrial automation and software development are increasingly becoming an integral part of our products and services. The decision to be active in the energy, construction, infrastructure, technical services and real estate and integrated area development segments, and the growth of digitalisation and ‘as a service’ concepts, all have an impact on our risk profile. We have made a conscious decision to increase the share of recurring business as part of our strategy. By focusing on repeat clients and activities, we lower our risk profile as a company.
For construction companies of the size of Heijmans, which often act as main contractor, various risk-mitigating aspects apply in the event of a boom or bust in the economy. The various activities (Heijmans' business areas) do not usually find themselves in an (economic) crisis at the same time. In the case of public clients, the economic cycle lags somewhat behind the private market and the peaks and troughs are less extreme than in the private market. This applies in particular to large infrastructural and utility projects. In addition, there is still pressure on the housing market due to the lack of ‘affordable’ housing and a shortage of building zones. Although the government regularly launches stimulus measures for the housing market, the measures here are more indirect (aimed at buyers) and the market is largely determined by consumer confidence, which is generally slower to recover. And while institutional investors withdrew from the residential market in 2024, housing corporations actually invested more in the realisation of new projects and in making their existing housing stock more sustainable, thanks in part to the removal of the so-called landlord tax.
There is an additional risk-mitigating factor that is partly linked to this. Although the construction sector is cyclical, for a main contractor like Heijmans the cyclicality differs per sector. This is related to the size and duration of the order portfolio at the moment a crisis occurs. Our management model enables us to anticipate early on, which means that employees are to a large extent interchangeable and we can make adjustments to our cost structure across sectors. In addition, we try to use a flexible workforce to move with the market, while respecting the current regulations regarding the use of freelancers.
To remain at the top of the Dutch construction sector, Heijmans is investing heavily in sustainability, industrialisation, digitalisation and innovation. It is primarily the interplay of these elements, in combination with the complexity and integrated nature of our projects, that determines the risks we are willing to take in each individual project. Our portfolio of projects, contracts and services largely determines Heijmans' risk profile. The acquisition of Van Wanrooij in 2023 and Van Gisbergen in 2024 has brought more balance to the Living portfolio and in turn to the entire Heijmans portfolio. We also embed risk management, systems and reporting in the companies we add to the Heijmans group, while we also consider it essential that entrepreneurship and independence are maintained.
From the selection of an assignment or development to aftercare, our risk management process is aimed at maintaining the right balance between entrepreneurship, return and the risk profile that Heijmans is targeting and finds acceptable. The markets in which we operate are diverse, challenging and often competitive. We carry out projects and service contracts that range from simple and small to extensive and complex. That is why we constantly reconsider which projects suit us and which do not. A responsible balance between risk acceptance and earning capacity should be the general principle.
Risk acceptance
Risk acceptance refers to the level of risk that Heijmans is willing to accept or is exposed to in the pursuit of long-term value creation. Risk acceptance involves risk limits and risk criteria. These are determined by the company’s culture, corporate governance and management systems, and are set out in our values, code of conduct, policies and procedures and authorisation schedules.
We generally divide business risks into four categories: strategic, operational, financial position and reporting, and legal and regulatory. We do this for both internal and external risks and it gives us an idea of the impact on the organisation should these risks materialise. A risk matrix lists the main risks per risk category, the estimated likelihood and impact of these risks and the control measures taken. The potential impact of risks is not only determined on the basis of the financial impact on the company value, but also on the basis of the negative impact on our environment (people, the planet and society) and our reputation.
When assessing our risk acceptance, we categorise project risks. This involves looking at a project's annual revenue in relation to the company's overall revenue, the contract type, the client, the cash flow, the competence ‘fit’, the profitability, the capacity to do the work and the technical risk profile of the chosen solution. Based on the above, each project is categorised into a risk project category (1 to 3). This categorisation is in turn based on the principle that the higher the risk profile, the higher the authorisation in the organisation, the higher the return requirements and the more frequent the project monitoring. A workflow and authorisation are automatically linked to the risk project category. Depending on the nature, scope and risk profile of a project, it must be approved by the business area management and/or the Executive Board. All projects in the highest risk project category 3 are discussed with the Executive Board and the Chief Risk Officer (CRO). In those cases in which we do choose to go outside the bandwidths of our risk profile and the return requirements, this requires the explicit approval of the Executive Board.
Heijmans uses an integrated CRO report to continuously evaluate project, portfolio and business risks, as well as the business risk profile and risk appetite. The CRO prepares the CRO report every quarter and discusses the report with the Executive Board and the Supervisory Board. The purpose of this report is to provide insight into the development of Heijmans' risk profile. Heijmans distinguishes between risks that involve ‘running the business’ and those that involve ‘changing the business’. This distinction is made to focus not only on risks, but also specifically on opportunities when it comes to the implementation of our strategy for the period to 2030 with its five pillars of Well-being, Sustainability, Connection, Producibility and Team.
In our view, there is a responsible balance between risk and return when:
-
The nature and scope of the project is a good fit with the company's objectives and the necessary experience, capacity and expertise are available.
-
The project is covered by a clear and balanced contract, including how the client will finance the project to be acquired. At project level, in the event of unlimited liability, this is manageable and risks are insured where possible and desirable.
-
The project is profitable, with a profit and risk mark-up appropriate to the risks and type of contract. Projects with a sales risk have a higher return requirement.
-
Financing is assessed for property development activities. Aspects that play a role in this assessment are the method of financing, the term and the result to be accomplished, taking into account this higher risk profile.
-
In principle, 70% of the property development project must be sold and/or let before construction starts, in the event that Heijmans bears the risk in the development of the project.
-
For projects that are carried out in combination with others (partners), each partner contributes resources in proportion to their contribution, runs a proportionate level of risk and adds value to the project. This is also based on a substantiated assessment that the partner can actually bear their share of the risk.
In addition, Heijmans strives for a good balance in the revenue mix, risk acceptance and earning capacity, both between and within all the business areas. In order to achieve the right risk/return ratio for Heijmans, Heijmans’ portfolio has shifted on several fronts in recent years. We take on fewer (very) large projects and more medium-sized projects; we are risk averse with regards to Design Build Finance Maintain Operate (DBFMO) contracts and focus more on construction team and two-phase contracts; plus maintenance projects and services (recurring business) account for a greater share of our portfolio, at the expense of new-build projects. All these shifts have led to a more robust portfolio of projects and services with a lower risk profile. We see examples of this in the Connecting segment, where the ratio of large projects to regional projects, specialised activities and asset management is developing in favour of the second risk category (fewer large and more medium-sized projects). In the Working segment, we strive for a balanced ratio between non-residential projects and service business. In the Living segment, we manage the ratio between development based on our own positions, tenders/competitions and existing relationships with clients, while also maintaining a healthy balance between inner-city and suburban projects. The recent acquisitions of Van Wanrooij and Van Gisbergen have resulted in a better balance in this respect. The acquisitions have also contributed to a better balance between houses and inner-city apartments. We prefer to develop from our own positions and maintain a sustainable relationship with our clients and principals. We use tenders to supplement the portfolio if we feel the need to.
Main risks
The risk assessment describes the risks that could jeopardise the realisation of our strategic goals or our continuity. The risks are directly related to market developments, our market positioning and our business operations. Based on a benchmark, the risks Heijmans has identified are no different from those to which our industry peers are exposed. The climate-related opportunities and risks and their relevance to Heijmans are described in more detail in the Climate chapter of the sustainability report.
When determining the impact of the risks listed below, we distinguish between very low, low, medium and high.
-
Impact very low: If the risk manifests itself, the impact on Heijmans’ strategy, objectives and image will be zero in both the short and long term.
-
Impact low: If the risk materialises, the impact on Heijmans’ strategy, objectives and image will be limited in the short term and zero in the long term.
-
Impact medium: If the risk materialises, the impact on Heijmans’ strategy, objectives and image will be limited in both the short and long term and still manageable if appropriate control measures are taken.
-
Impact high: If the risk manifests itself, the impact on Heijmans’ strategy, objectives and image could be significant in both the short and long term and immediate control measures are necessary.
Risk framework
To make sure we can recognise and manage all possible risks in time, and be in a position to take advantage of opportunities, we have established and implemented procedures and measures at every level of our organisation. We have placed responsibility for compliance with these procedures right across the entire organisation. The Executive Board creates the frameworks and provides the resources, and is also responsible for the overarching risks at the level of Royal Heijmans N.V. The Chief Risk Officer reports to the Executive Board and the Supervisory Board on the company risk profile. The Risk and Audit Manager reports to the Executive Board and the Audit and Risk Committee of the Supervisory Board on compliance with the control measures and their effectiveness. Relevant findings and recommendations from the Risk Office and Corporate Audit are shared with the participants in the Acquisition, Preparation & Realisation and Service & Maintenance process consultations.
Our risk management system is based on the COSO ERM framework, in which project-related risk management is the common thread. Our internal control system is organised top-down and includes control measures at the strategic, tactical and operational levels of our organisation. Based on this framework, Heijmans continuously assesses how all the components of the COSO ERM framework are embedded within the organisation at the first, second and third lines of defence. We call this the Heijmans Governance, Risk & Compliance model. We recognise that GRC systems can be complex and can overshoot their target. That is why we are continuing to develop our model, with the emphasis on the safeguarding of the twenty building blocks by the key officers to whom the Executive Board has delegated tasks and responsibilities. This model is also in line with the approach expected on the basis of the CSRD guidelines.
Culture and risk awareness
Heijmans believes that the culture of the organisation is a significant factor in the management of risks. Due to their inherent risks, projects can entail a certain degree of unpredictability that cannot be entirely mitigated by guidelines and procedures alone. This requires a certain level of flexibility and an open/transparent and action-oriented culture in which people show sufficient ownership to identify and discuss and solve any problems that may arise in a timely manner. The example set by management is crucial in this respect, as is calling each other to account for failing to comply with agreements, but also pointing out things that are going well or not going well. By providing training courses that incorporate conduct and culture-related elements, we make clear to our employees what behaviour we expect of them and what behaviour we find unacceptable. Examples of these include the Heijmans Code of Conduct, the ‘Zakelijk Zuiver’ business integrity programme, the ‘Working safely with data’ programme, the Risk Management Masterclass and the GO! Compass.
Privacy compliance
At Heijmans, we devote a great deal of attention to compliance with privacy regulations. All employees regularly follow an e-learning course on this subject and we share a lot of practical information via our internal platform Viva Engage. We provide specific training and lectures for various target groups. In addition, we have appointed General Data Protection Regulation (GDPR) contacts in all business units to advise on any privacy issues that may arise. At a central level, the Privacy Officer deals with policy aspects and is the go-to person for more complex questions.
Given the increasing importance and complexity of privacy and cybersecurity, the privacy office and IT security department launched a long-term awareness programme called ‘Working safely with data’ in 2023. The emphasis is more on behavioural change and less on knowledge transfer. We use technological tools to actively reduce this risk.
Procedural measures
Management across the company is bound by clear frameworks regarding representation and decision-making. Important aspects of the control framework are:
-
Management regulations and instructions for the management of the operating companies/business units, focusing on authorisations, project acquisition, entering into investment commitments and reporting and accountability obligations.
-
Our authorisation matrix provides guidance on this front.
-
Conduct-oriented instruments such as the Heijmans Code of Conduct, the GO! Compass and the Transaction Register and the Customer Due Diligence (CDD) check at Heijmans Property Development.
-
An Accounting Manual with regulations for internal and external financial reporting and related procedures.
-
Business process systems for the primary and secondary processes of the Living, Working and Connecting business areas, aimed at the uniformity of processes across the group and the sharing of best practices.
-
Register of statements as an additional guarantee for the integrity of senior management and specific positions. This includes official Certificates of Good Conduct and Certificates of Judicial Background.
-
Internal audit programme aimed at compliance, with control measures related to project-specific risks, the management of organisation-wide business process risks and the safeguarding of certifications.
Internal guidelines
The Executive Board determines the operational parameters of the directors and management of the business areas. The authorisations related to project acquisition, entering into investment commitments and reporting and accountability obligations are embedded in management regulations and instructions to the management of the business areas:
-
Rules for internal and external financial reporting are laid down in the Accounting Manual, including related procedures such as the procedure for investments and entering into joint ventures with other parties.
-
Tender guidelines, tender board, go/no-go process for tenders in project risk category 2 and 3 and all project risk category 3 tenders subject to authorisation by the Executive Board. For each project risk category 3 tender, Heijmans conducts an independent risk review under the guidance of the Chief Risk Officer and this is reported to the Executive Board, both at several moments during the tender process and during the execution.
-
The business process systems include descriptions of primary and secondary processes of the Living, Working and Connecting business areas, including risk management systems, which are used to identify and control project-related risks. This promotes uniformity of processes across the entire group. The Heijmans-wide SAP-based ERP platform is making an ever greater contribution to this uniformity.
Planning and control cycle
The strategic pillars and the bold statements derived from those pillars are aimed at achieving Heijmans' long-term objectives. The Risk Office performs stress tests to determine the extent to which Heijmans can absorb potential worst-case scenarios in given circumstances (crumple zone). The Executive Board consults on a regular basis – and on an ad hoc basis if necessary – with the management of the business areas and the project management about material themes. In these meetings, they review the developments in relevant markets, the (financial) situation in relation to the budget and targets, the financial and operational progress of projects, sustainability and safety, all based on monthly and quarterly reports. They also focus on impacts, opportunities and risks for the short and long term in relation to the strategy and targets. For projects in progress with an elevated risk profile (particularly project risk category 3), the Executive Board, the CRO and the management of the business areas also conduct regular project reviews, in which they address impacts, opportunities and risks for short-term and long-term risk management. The status of sales, unsold inventory and options for the Living segment are reported to the Executive Board on a weekly basis using a dashboard.
Risk governance
The Executive Board is ultimately responsible for risk management within the company and sets the risk acceptance level. In addition, every Heijmans employee is aware of their role in the management and/or mitigation of the risks to which the company is exposed. Heijmans’ risk management and internal control process is essential to our business model and is implemented at three levels in the organisation:
-
The first line is the operation responsible for implementing and complying with agreed procedures and managing the associated operational risks and specific project risks. In this respect, we recognise the following gradation:
-
-
the management of project-level risks from project development, design and construction to completion and maintenance: primary responsibility project and/or line management.
-
the management of business risks of the portfolio of projects and sales, general and administrative costs at business area level: primary responsibility business area management.
-
the management of the portfolio of projects across business areas and business risks at group level: primary responsibility Executive Board.
-
-
The second line includes the Risk Office, Legal Affairs and Compliance and analyses and tests the substance of the risk profile, gives an independent opinion, develops and improves management measures across business areas, codifies lessons learned and ensures that these are fed back to the first line, and reports regularly to the Executive Board, Group Council and the Audit and Risk Committee of the Supervisory Board.
-
The third line (Internal Audit) uses an audit programme to monitor the correct compliance and effectiveness of the control measures and reports regularly to the Executive Board, the Group Council and the Audit and Risk Committee of the Supervisory Board.
The Audit and Risk Committee, the Executive Board and the Group Council receive independent information about risk management activities from both the CRO (substantive reporting on Heijmans' risk profile) and Internal Audit (reporting on risk-driven process tests). The Audit and Risk Committee assesses the quality of reporting and the effectiveness of Heijmans' internal risk management and control systems for the purpose of advising and preparing the decision-making of the Supervisory Board. The Audit and Risk Committee reports its observations and findings to the full Supervisory Board.
Risk Office
The Risk Office, led by the CRO, is responsible for the second line of risk management. The Risk Office's goal is to permanently raise risk management and a risk-aware culture to a higher level across the entire organisation. In addition, the CRO and the Risk Office form a second pair of eyes (at a substantive level) on project, portfolio and business risks. The CRO and the Risk Office are independent of the company's operational processes, with the CRO reporting directly to the Executive Board. The Risk Officers come from various Heijmans business units, and are a mix of experienced specialists and management potentials with project-specific knowledge and experience. After a period in the Risk Office, a Risk Officer returns to their business unit and is succeeded by a new experienced specialist from that business unit. At Heijmans, a period of employment as a Risk Officer is an important part of succession planning and leadership development.
Heijmans regularly evaluates the activities of the Risk Office and makes adjustments if this proves necessary. In addition, process meetings deal with and adjust elements on a Heijmans-wide level, which results in the continuous improvement of both risk awareness and risk management. These process meetings discuss and make improvements on issues such as the weighting model for project categorisation, tender board presentations, use of supporting tools, adjustment of formats used, etc.
Risk Officers are involved in categorising projects for pre-qualification and project selection. They provide an independent opinion on the risk profile of all project risk category 3 tenders and the larger and more high-risk project risk category 2 tenders. They are deployed for both the substantive design of second-line risk management and the substantive performance of independent risk reviews of tenders and projects under construction. In the CRO report, the CRO provides a quarterly update on the development of Heijmans’ business risk profile.
The CRO is also consulted in the selection of partner choices for larger projects based on a predefined weighting framework and reports their findings to the Executive Board.
Internal Audit
Heijmans has an internal audit team whose primary task is to initiate and realise sufficient risk-driven process audits, including clear feedback to the relevant management and follow-up actions. In 2024, the team performed standard and risk audits in accordance with the audit plan. In addition, the team performed regular conformity audits to ensure that the processes continued to run smoothly at the right level. The findings from the audits are compared with the main risks identified by Heijmans and the associated risk acceptance.
Internal Audit shares the most important findings from the audits with the Audit and Risk Committee of the Supervisory Board, the Executive Board and the management teams of the business areas on a quarterly basis. The entire audit programme is monitored using a tool that records the audit schedule, the audits, the findings and the follow-up actions for the entire company. When the audits result in remedial or improvement actions, these are assigned to those responsible for the actions. A dashboard is now providing us with ever greater insight into the nature and scope of the findings - as well as their interrelationship - and enables us to take risk-based actions on a Heijmans-wide scale. In consultation with the Executive Board and the Supervisory Board, a number of focus areas for the audit programme have been designated for the coming audit year, which runs from April to March. We will determine the focus of the audit programme in the first quarter of 2025. We expect the focus to be on maintaining existing processes (conformity), predictability, compliance with the General Data Protection Regulation (GDPR), the deployment and contracting of freelancers, the evaluation of material investments and the embedding and implementation of the identified improvement actions.
External auditor
The external auditor KPMG audits the annual financial statements. The findings from the management letter are compared with the findings of Internal Audit and included in the improvement register. The auditor also has access to the CRO and audit reports and is present at least once a year for their discussion of these with the Supervisory Board.
External certification audits
Heijmans places a high priority on safety, quality and the environment. The corresponding certifications are regularly subjected to structured audits by external bodies. The relevant findings, deviations and recommendations are included in the quarterly reports of Corporate Audit. Heijmans is certified for the ISO 9001, ISO 14001 and SCC** en SCC-P, (Infra) standards, plus the CO₂ Performance Ladder, FSC/PEFC and various Evaluation Guidelines (Dutch: BRLs). On the safety front, Heijmans is certified at Safety Culture Ladder level 4, with the exception of its recent acquisitions.
Where possible, Heijmans uses uniform processes and methods, with room for customisation when necessary. The recently acquired companies (Van Wanrooij and Van Gisbergen) are still certified according to their own management systems.
Executive Board and the Risk and Audit committee
The Risk Office and Internal Audit prepare quarterly reports and discuss these with the Executive Board, the Group Board and the Audit and Risk committee. The focus in these meetings is on ownership and the follow-up on mitigating measures and improvement actions. In 2024, the Audit and Risk Committee was informed, with the aid of a dashboard, about the tool used to monitor audit planning, the recording of findings and the follow-up on actions. The dashboard enables us to analyse findings more effectively and to focus the audit programme in the future on unwanted risks based on our risk acceptance.
Management statement
The Executive Board is responsible for Heijmans' risk framework and for assessing its effectiveness under the supervision of the Supervisory Board. The Executive Board has delegated responsibilities to the officers/roles described in the framework. The framework, as described above, is designed to manage the main risks that could prevent us from achieving our business objectives. However, the framework does not provide a complete guarantee that all control gaps, material misstatements, cases of fraud or violations of legal and regulatory requirements will be prevented. The risk framework should ensure consistent and reliable financial reporting, both internally and externally. In accordance with the Dutch Corporate Governance Code, we have assessed the design and operational effectiveness of our risk framework. For more information, see the Management Statement appendix.
Development of the risk profile
Heijmans actively monitors both its business risks and its portfolio of project risks. Heijmans monitors its main risks using dynamic heatmaps, both for operational opportunities and risks (‘running the business’) and for strategic opportunities and risks (‘changing the business’).
The Executive Board and Supervisory Board regularly map and review the expectation and impact of opportunities and risks.
In 2024, the internal risk profile of Heijmans’ business operations rose slightly due to the start-up of large projects and contracts at Working and Connecting. In the project execution in the Living segment, this was offset as a result of the increased share of houses in the mix of projects. Due to our selective project acquisition policy and conservative valuations, the project portfolio does not contain any major surprises. The current project portfolio has been valued adequately, taking into account the risk profile of the various projects.
The external risk profile remained the same in 2024. Although geo-political and national political conditions remain unsettled, procurement markets have stabilised at a new normal and interest rates and inflation fell slightly in the second half of 2024. We did see a further increase in the pressure on the labour market. Despite internal and external challenges, all segments were able to operate successfully in 2024. In addition, the existing crumple zone, the buffer to absorb any setbacks, has grown to a robust level.
Risk manifestation
The main operational risks that Heijmans faced in 2024 were risks resulting from labour shortages, limited capacity to execute projects and uncertain budgets at government level, as well as project delays due to nitrogen emissions issues or objections from local communities (permit applications).
The growing and changing order book at Working and Connecting requires strong tender and project management. Labour market shortages and increased mobility are creating quantitative and qualitative imbalances in staffing capacity, which can pose a portfolio risk. Heijmans mitigates this risk in part by applying a selective tender policy (return-potential and risk-driven) and in part by making extra efforts to recruit, train and retain people.
In the Living segment, we are dealing with prolonged spatial planning procedures and stagnating permit issuance, combined with limited administrative capacity, which is leading to delays. Lengthy objection procedures by stakeholders are causing further delays.
Nitrogen emissions problems have led to delays in projects, particularly new-build projects at the Ministry of Public Works and Water Management's line infrastructure division. This involves the entire traffic infrastructure and related environment intended for the movement and transport of people, goods and communications. This includes motorways, waterways, pipelines, power lines and telecommunications infrastructure. The shortage of government budgets for infrastructure projects has also led to projects being postponed or cancelled.
Heijmans has mitigated these risks by shifting the project portfolio towards the replacement and renovation of infrastructure (roads). In addition to linear infrastructure, we are increasing our commitment to flood protection programmes and the energy transition, as well as putting a greater focus on the replacement and renovation of existing linear infrastructure.
By periodically monitoring our most important projects and contracts, we try to identify undesirable developments in a timely manner, so we can take appropriate management measures at the earliest possible opportunity. In this regard, we learned over the past year that monitoring long-term projects and responding to (weak) signals as soon as possible is essential if we are to intervene in a timely manner.
It is important that the Risk Office is and remains independent of the procurement team in order to bring and maintain sufficient focus in the considerations we make during the tender process.
Heijmans is agile and can respond adequately to changing circumstances. If the market deteriorates or changes substantially in the future, pressure on the order portfolio may increase. We remain vigilant in order to prevent any increase in our risk acceptance and our general cost levels, which could create potential problems for the future. We will therefore continue to prioritise margin over volume.
Integration of CSRD-driven impacts, risks and opportunities
From the 2024 reporting year onwards, Heijmans is also subject to the Corporate Sustainability Reporting Directive (CSRD). Based on the legal and regulatory requirements, which is explained in more detail in the sustainability report, Heijmans will need to continue to integrate ESG-related risks in its existing risk management system in the coming years.
Heijmans is currently improving the management measures for ESG-related reporting. Heijmans prioritised a number of material topics (within ESRS standards E1 - Climate Change and S1 - Own Employees) in the current reporting period. In the Own Employees sub-theme, Health and Safety is currently the most developed topic, and for this we use automated checks in the existing reporting system.
The ESG reporting processes and definitions have been formalised as part of Heijmans' Accounting Manual. The Accounting Manual covers governance, roles and responsibilities, and management review controls for reporting on ESG-related information. It provides guidelines for the collection, consolidation and reporting of data, and describes the relationship to the risk management process (from risk identification to monitoring). We will follow up on this in 2025. Finally, we will integrate the operational impacts, risks and opportunities identified during the double materiality analysis in the existing ERM framework in the coming year. This takes into account the translation of the financial materiality scales to the use of Heijmans' risk prioritisation methodology. The existing documentation currently focuses primarily on risks related to the completeness, scope and timeliness of information, which is substantiated by management review checks. As described above, we are investigating how we can extend this approach to other material themes with different types of checks.
At the moment, we are using the same management lines described in the previous sections. The Executive Board is responsible for Heijmans' risk framework and for the assessment of its effectiveness and compliance under the supervision of the Supervisory Board. There is no formal delegation to functions and committees yet. However, the internal sustainability team and the business areas currently play a leading role in the process of managing impacts, risks and opportunities. As part of this role, they actively communicate with the Executive Board at least once a month about the implementation of legislation and the management of material impacts, risks and opportunities. Topics of discussion include the impact on strategy, the implementation of due diligence procedures and the implementation of policies, targets, actions, and any associated data. We will continue to formalise and integrate this working method in the coming reporting year.