Risk Management
In a period of profound upheaval – characterized by increasing volatility, geopolitical uncertainties and rapid technological and regulatory changes – an efficient Risk Management and Internal Control System is of particular importance. The Audi Corporate Risk Management department is responsible for ensuring that risks are identified, assessed, made transparent and managed as effectively as possible using appropriate risk management tools.
To this end, Audi has implemented a Risk Management System (RMS) and an Internal Control System (ICS) based on the use of standardized processes. These processes serve to protect against risks arising from business operation and most importantly to monitor the current risk situation and review the effectiveness of the measures taken.
Within its RMS, Audi focuses on early identification of acute operative risks, which could jeopardize corporate and business area objectives. For example, negative deviations in market trends are comprehensively assessed, managed with corresponding countermeasures and reconciled with financial planning and reporting. The company uses the ICS to protect against Group-wide process risks in the relevant areas by means of internal controls and to document these risks. This strengthens process compliance and ensures regulations are upheld.
Both RMS and ICS are based on the internationally recognized Enterprise Risk Management Framework of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
This framework helps to identify and minimize potential risks and, where possible, to avoid them altogether.
Standardized Group-wide principles are the basis for addressing risks at Audi. These principles include:
- promoting an open risk culture,
- aligning RMS/ICS with the corporate goals,
- assessing risks and opportunities in order to make use of opportunities that involve manageable and controllable risks,
- complying with rules (compliance),
- ensuring that RMS/ICS is appropriate in terms of the type, scope, complexity and risk content of the concrete business operation and the scope of business,
- regularly checking RMS/ICS with regard to effectiveness and efficiency.
Transparency through reporting
Transparency is ensured by regular and ad-hoc reporting to the Board of Management and Audit Committee of the Supervisory Board of AUDI AG, to the Group Chief Integrity & Compliance Officer of the Volkswagen Group and, where needed, other management positions at Audi and Volkswagen.
The internal Governance, Risk and Compliance report (GRC report) is of central importance in this context. It provides information for the Board of Management and the Audit Committee of the Supervisory Board of AUDI AG concerning the risk situation and the effectiveness of the Risk Management System (RMS), the Internal Control System (ICS) and the Compliance Management System (CMS). Further activities undertaken by the “Integrity, Compliance, Risk Management” unit in the past financial year also form part of the report. The GRC report enables the Audit Committee of the Supervisory Board to comply with its supervisory obligations.
