Risk management

Approach to risk management

Our approach to risk (and opportunity) management aims to mitigate and minimise the number of risks and their potential impact, while maximising opportunities. As part of our long-term value creation, this risk (and opportunity) management is embedded in our strategy and essential for achieving our goals. HeadFirst Group periodically reviews and re-evaluates its risk profile to manage important risks, creating a healthy balance between risks and potential opportunities. HeadFirst Group identifies four risk categories: strategic, operational, financial, and compliance and also considers other elements such as prevention of fraud. The consideration of a healthy balance differs for each risk category.

Risk profile

The next paragraphs comprise a categorised overview of the risks that we believe are currently the most relevant considering our strategy. This risk overview is not exhaustive. There may be risks not yet known to HeadFirst Group or risks that are currently not deemed to be material, but which could later turn out to have a material adverse effect on HeadFirst Group’s business, operating results, and/or financial situation. The sequence of the risks does not reflect an order of importance, vulnerability, or materiality.

Strategic risks

Sensitivity to cyclical movements

HeadFirst Group operates in a dynamic, highly competitive industry. Macroeconomic volatility has an almost immediate impact on the market in which we operate. By having a solid core, a flexible shell, and a diverse portfolio of services, HeadFirst Group is able to constantly adapt to an ever-changing environment. Cyclical movements also provide an opportunity, as our clients will require their workforce to be flexible. This will result in ongoing demand for our services.

Reputation

HeadFirst Group provides a flexible shell to both customers and suppliers. In providing our services, trust and stability are of vital importance. Poor service or, even worse, a data breach could have a material impact on HeadFirst Group’s reputation, business and financial position. HeadFirst Group protects its strong reputation by ensuring all employees adhere to our core values and business principles, and comply with all internal policies. Periodic customer and supplier surveys help us to monitor the strength of our brand and improve poor performance quickly. Timely action is taken to investigate and address any negative trends.

As a risk management measure and to demonstrate our integrity and solid trustworthy policies and procedures, we have obtained several renowned certifications. HeadFirst Group’s certifications include the standards outlined below.

NEN 4400-1
NEN 4400-1 is the certification of the Labour Standards Foundation for organisations that act as an intermediary for temporary personnel. The quality mark imposes requirements on the payment of taxes and social security contributions. The NEN 4400-1 quality mark also offers peace of mind that an organisation only provides personnel who are allowed to work in the Netherlands.

ISO 9001
ISO 9001 is the international standard for quality management. This quality mark assesses whether we are able to meet the requirements that our clients impose, including in relation to laws and regulations. The requirements also provide a basis for our quality management system.

ISO 14001
ISO 14001 is a standard for environmental management. To fulfil our ambitions in terms of environmental performance in a targeted and effective way, HeadFirst Group works with a multi-site environmental management system that complies with the international ISO 14001:2015 standard. The ISO 14001 and ISO 9001 standards have an identical set-up thanks to a High-Level Structure (HLS).

ISO 27001
ISO 27001 is an internationally recognised standard for information security. HeadFirst Group operates in a data-driven world and, as an intermediary, it is essential that our clients, independent professionals, and suppliers can entrust us with their data with confidence. The availability, integrity, and confidentiality of this information is becoming increasingly important.

To demonstrate our professionalism in this area, HeadFirst Group considers it essential to be ISO 27001 certified. We are therefore proud to announce that our certification has been successfully renewed and now complies with the latest standard (ISO/IEC 27001:2022). This reaffirms our commitment to embedding robust, future-proof information security practices across our organisation.

SNA Quality mark & Bovib Quality mark

Several entities within the organisation carry the SNA quality mark. It shows that we comply with laws and regulations concerning personnel, wages, and financial administration. This is assessed every two years in an external inspection by an independent inspection body. We also have the Bovib Quality Mark and are a member of the Bovib, the trade association for intermediaries and brokers in the Netherlands. The Bovib quality mark proves that we guarantee quality, are financially sound and comply with laws and regulations when deploying or activating a hiring chain. This is assessed annually in an external inspection by an independent inspection body.

Changing laws and regulations

One of the major strategic risks is politically and socially oriented. Changes in the political, legislative, and/or regulatory framework governing the activities of HeadFirst Group could have a material impact on HeadFirst Group’s business, the markets in which we operate, and our financial position.

Our highly skilled in-house experts, who work closely with a range of reputable external experts, monitor the process of (possible) changes in legislation, anticipate the effects of potential changes, provide training to employees, clients, suppliers, and independent professionals and ensure proper processes and controls are embedded in our organisation. Furthermore, we anticipate all potential outcomes by carrying a broad service portfolio.

Changes in legislation also provide opportunities. New legislation might contribute to an administrative burden and increased risk to our clients, which requires extensive knowledge to remain compliant and efficient. We share our knowledge of (possible) new legislation (especially on employment laws, data, and privacy protection regulations) with our clients, strengthening our relationship with them. Furthermore, the sheer multitude of regulations has prompted organisations to seek outside assistance in this area. This trend is likely to continue in the coming years. HeadFirst Group meets this need through its contracting service.

Climate change

Climate change can impact our organisation in several ways, ranging from physical risks to reputational and regulatory challenges. More frequent and intense weather events, such as storms or flooding, may lead to property damage, business interruptions, and increased recovery costs. In addition, climate-related disruptions in supply chains can affect the availability of resources and delivery reliability. Clients and investors are placing greater emphasis on environmental responsibility. A perceived lack of action can result in reputational damage. New climate regulations, such as emissions targets or sustainability standards, may require us to adjust internal processes. Furthermore, climate change may influence ecosystems and employee wellbeing, leading to lower productivity or higher health-related costs. We mitigate these risks through strong corporate governance, regulatory monitoring and structured change management procedures.

Operational risks

Information security

HeadFirst Group deals with confidential information of both customers and suppliers. In providing our services, trust and stability are of vital importance. A data breach could have a material impact on HeadFirst Group’s reputation, business, financial position, and the reputation of our customers. HeadFirst Group is continuously strengthening its IT controls and compliance by improving IT security and IT controls. Therefore, our employees are screened before hiring, and awareness activities are rolled out to increase employee awareness of IT security risks. Those parts of the IT environment, including software, that are outsourced are only outsourced to trustworthy parties that are ISO 27001 accredited. HeadFirst Group hires independent qualified agencies for periodic audits of our policies and procedures based on the latest rules and regulations, to ensure compliance. This has resulted in, for example, our accreditation for quality control (ISO 9001). The ISO 9001 certificate enables us to demonstrate our trustworthiness, thus strengthening our brand image of a reliable and stable party.

Talent attraction and retention

People are our most important asset. The success of HeadFirst Group’s business depends not only on attracting and developing the best talent, but also on retaining our highly skilled employees. We aim to achieve this by creating a positive and open working atmosphere, where employees are encouraged to pitch initiatives and where development is stimulated. Regular employee surveys help HeadFirst Group to monitor the engagement of its employees and investigate employees’ needs in a structured manner. Timely action is taken by the HR department to investigate and address any negative trends.

Just like our own organisation, our clients are seeking to attract and retain talent. The trend set out in the market developments section of an ongoing shortage of knowledge professionals means that organisations have a continuing need for help in recruiting external personnel. HeadFirst Group can offer a solution to this problem through its triple sourcing model of (1) an open market approach, (2) close ties with a closed community, and (3) global sourcing.

Contract liability

Requirements from clients may result in unique contract clauses. Accepting inappropriately high contractual liabilities could result in a client making a claim that would materially affect the results of HeadFirst Group. We always work with standard contracts, unless a customer requirement calls for a unique contract clause that is not unduly onerous and will not lead to additional liability for HeadFirst Group. HeadFirst Group believes that the risks and liabilities associated with the service performed should lie with the party that can exert influence on that particular element of the service. If HeadFirst Group cannot exert any influence on a specific part, the liability remains with the client or is transferred to the supplier if it is under their influence. To ensure proper service delivery, HeadFirst Group focuses on further improvement of its contract delivery model and contract management. Our expertise in contract management improves our quality and the added value we deliver to our clients.

Financial risks

We maintain a prudent financing strategy. Only a minimum risk is accepted in relation to errors in our reporting.

Credit risk

HeadFirst Group’s exposure to trade receivables is managed through continuous credit risk assessments of each individual customer. For the remainder of the credit risk, we have taken out an insurance policy for bad debt. Further details on credit risk and other financial instruments are provided in the notes to the financial statements.

Interest rate risk

We entered into a factoring agreement with Coface in 2020. This agreement was extended in 2022 to 2027. Part of the fee of Coface is calculated by the timing difference in receipt of the funds and a variable interest rate based on 3-month EURIBOR. HeadFirst Group policy prescribes that derivative financial instruments should only be considered if current and future interest rate risks are not within the acceptable risk levels of management. Therefore, we bought a derivative (interest rate cap with a term of 3 years) in 2022 to mitigate the interest rate risk. Hedge accounting is being applied.

Cash flow risk

Cash flow analyses are performed by HeadFirst Group as a whole. HeadFirst Group monitors the liquidity requirement in order to hold sufficient liquidity for operational activities or to attract liquidity in time through financing without exceeding set limits (externally). HeadFirst Group conducts adequate liquidity risk management by maintaining sufficient cash and by ensuring sufficient availability of financing by means of committed credit facilities, the pledging of trade receivables, and the ability to close out market positions. Management controls the rolling forecast of the organisation’s liquidity position on the basis of expected cash flows. In general, this takes place at a central level, within the frameworks and limits set by management. When setting limits, we take into account the liquidity of the market in which the company concerned is active. Furthermore, HeadFirst Group’s liquidity management includes forecasting of cash flows and the maintenance of related sufficient liquidity. Importantly, this includes monitoring the development of the debtor position, the amount of the receivables purchase agreement, and credit management.

Compliance risks

Compliance is at the core of the services provided by HeadFirst Group. HeadFirst Group applies a zero-tolerance policy to all compliance risks. Our business is subject to increasingly complex compliance requirements (see also the strategic risks section). Non-compliance could have a material adverse impact on HeadFirst Group’s reputation, business, and financial position. HeadFirst Group therefore invests in the continuous development of its highly skilled and educated in-house specialists, who share their knowledge within the group and embed all new legislation in the core of our business. HeadFirst Group has close relationships with specialised reputable companies. These companies provide HeadFirst Group with professional advice on topics relevant for HeadFirst Group.

We are responsible for the integrity and protection of all personal data that we store within business processes and IT systems. We continuously invest in cybersecurity-related processes and systems. With investments in compliance resources, business processes, and technology, the group complies with relevant statutory GDPR principles. In doing so, the 27001, 9001, and 14001 management systems ensure that we continuously work on quality, information security, and environmental objectives.

Changes in legislation also provide opportunities. New legislation contributes to an administrative burden and risk to our clients, which requires extensive knowledge to stay compliant and efficient. We can share our knowledge of new legislation (especially with regard to employment law, data, and privacy protection regulations) with our clients, strengthening our relationship with them. New regulations require an ongoing critical review of existing training, policies, and procedures to stay compliant.