United Internet regularly performs a comprehensive risk assessment of direct suppliers so as to identify any necessary measures using a risk-based approach. The Company takes a two-stage approach here.
Firstly, an abstract gross risk assessment of the sector- and country-specific risks to which direct suppliers are exposed is performed. United Internet uses the IT-based EcoVadis IQ Plus tool for this.
This abstract gross risk assessment is used to determine potential high-risk suppliers, which are then prioritized on the basis of the appropriateness criteria (the nature and scale of their business, their contribution to causing the risks, and their ability to influence them). The focus here is on:
In relation to certain potential suppliers, the annual gross risk assessment will be supplemented by an ad hoc gross risk assessment in fiscal year 2025: With effect from March 1, 2025, all new suppliers with an estimated annual purchasing volume in excess of €500,000 will always be subjected to a gross risk assessment, and will run through the two-stage process described here.
The concrete risk assessment builds on Step 1 and further analyzes the gross risk suppliers identified. Where suppliers already have an EcoVadis sustainability rating, this is taken into account. Actions may be specified depending on the rating result and the areas for improvement indicated. Suppliers that do not have an EcoVadis sustainability rating receive an invitation to participate in an EcoVadis rating. Based on the rating result, United Internet prepares a concrete risk profile for the supplier concerned and may derive appropriate measures for improvement.
Standard preventive measures such as the Code of Conduct for Business Partners and contractual clauses, and IT solutions for implementing the two-stage risk assessment represent the organizational and technical foundations for the supply chain measures. They are supplemented by dedicated preventive measures and remedial actions, which are performed either ad hoc or on a risk-driven basis.
In fiscal year 2024, no severe human rights issues and incidents connected to the upstream and downstream value chain were reported via United Internet’s whistleblower system.
In the course of the abstract gross risk assessment performed in fiscal year 2024, one gross risk supplier with abstract sector- and/or country-specific risks was identified out of a total of 7,393 vendors who were examined. The gross risk for human rights risks was estimated to be “high,” while that for environmental risks was put at “medium-high.” As a result, United Internet performed a concrete risk assessment for the supplier using EcoVadis Rating, which determined that the supplier does not meet the requirements in the “Labor & Human Rights” area. Measures for improvement were initiated as a result and a deadline was set for their implementation. 2
1 A six-point scale is used: 1 – very low, 2 – low, 3 – medium-low, 4 – medium-high, 5 – high, 6 – very high.
2 The deadline for implementing the measures ends in fiscal year 2025.
Links
Downloads
