In dealing with risks, Audi uses a system based on Central and Operational Risk Management. In the systematic organization of its risk management architecture, Audi follows the so-called “three lines of defense” model with a clear distinction between tasks and functions. The first line of defense is made up of the divisions: as the risk owners, the latter are independently responsible for operational management of risks, countermeasures and controls. The second line of defense is provided by the central Governance, Risk and Compliance Organization, which also supports the divisions by providing consultation as part of operational risk management. The third line of defense consists of the internal auditing department as an independent authority responsible for monitoring systematic and operational risk management as well as control activities.
Group-wide risk and compliance management systems provide optimum risk protection for the Company’s strategic and operational objectives. As far as management is concerned, it is absolutely vital that all decisions comply with statutory requirements as well as with internal regulations and values.