Compliance and risk management
Risk reduction is indispensable for securing a corporate strategy that will be successful over the long term. This is why at Audi the employees play an integral part in minimizing risk – a responsibility that extends to the level of specialists and technicians. Compliance management is an equally diverse area: Training activities and instruction serve to create a consistent, collective awareness of compliance-related issues throughout the Group.
The Group-wide Risk Management and Compliance Management systems provide ideal protection against risks, thus safeguarding the strategic and operational corporate objectives. And company management assigns a high priority to ensuring that all decisions are in accord with current legislation as well as with the company’s own internal rules and values. The Group-wide Code of Conduct provides the basis for this approach.
Compliance at Audi is practiced through activities whose overall aim is to ensure that the Board of Management members, Supervisory Board members and employees act in accordance with internal regulations and all legal requirements and prohibitions.
But compliance with valid laws and company regulations is not the only fundamental element. There is also personal integrity, which can be expressed in business dealings or through an attitude that moves people to realize business targets, on the one hand, but also to abide by ethical principles such as mutual respect, sincerity, appreciation, conscientiousness, dependability and fairness, all while acting for the common good.
Audi deals with risk by relying on a system that comprises Corporate Risk Management and Operational Risk Management. For the systemic design of its risk management architecture, Audi has adopted the “Three Lines of Defense” model, which calls for a clear separation of assignments and functions. The first line of defense is formed by the divisions, which as risk owners are responsible for operational management of risks, corrective measures and risk controls. The second line of defense is the central Governance, Risk and Compliance organization, whose role includes serving in an advisory capacity to support the divisions in the context of operational risk management. As an impartial body, Internal Audit acts as the third line of defense, with responsibility for examining the systemic and operational risk management and control activities.
The Risk Management and Risk Control system is based on the internationally recognized standard defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It aids in identifying and minimizing potential risks, and if possible avoiding them.