Audi 2015 Annual Report Download - page 190

Download and view the complete annual report

Please find page 190 of the 2015 Audi annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 300

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300

REPORT ON EXPECTED DEVELOPMENTS, RISKS AND OPPORTUNITIES
REPORT ON RISKS AND OPPORTUNITIES
190 >>
Within each scope of responsibilities, risks are to be identified,
evaluated, appropriately managed and monitored. Furthermore,
transparent, accurate, timely communication up the chain of
command to the appropriate internal business units and Group
functionalities is required. All organizational levels are to be
integrated into the Risk Management System. The inclusion of
Group, brand, corporate and divisional levels also meets statu-
tory requirements. Changes in the legal framework with respect
to risk management are continually observed and are acted on
promptly where relevant for the Company. The integration of all
principal subsidiaries is currently already ensured. New compa-
nies are integrated promptly.
The Risk Management System and Internal Control System is
closely interlocked with the compliance functionality (central
governance, risk & compliance organization/central GRC organ-
ization) as part of an integrated and inclusive management ap-
proach. The Board of Management and the Audit Committee of
the Supervisory Board are kept regularly informed about the
Risk Management System and Internal Control System as well
as the Compliance Management System in a combined report.
The central task of risk management is to identify and analyze
risks, then systematically render them transparent and improve
their controllability using suitable risk management tools. This
process also creates scope for generating and exploiting oppor-
tunities. Using the COSO framework, risk-appropriate internal
controls are defined and performed along the entire value chain
(Internal Control System). So that suitable measures and
controls can be implemented early on, cross-disciplinary topics
and activities in particular are examined for risk potential both
continually and ad hoc.
The Audi Group promotes the ongoing development of the Risk
Management System through cross-divisional and cross-company
projects. One of the priorities here is to interlink the system
closely with financial corporate planning and management,
accounting and insurance management. In view of its high
strategic relevance, the regulatory framework for the Risk
Management System and Internal Control System is firmly
established both in an internal Board Directive of AUDI AG and
at the subsidiaries.
For the systemic design of its risk management architecture,
the Audi Group adopts the “Three Lines of Defense” model – a
recommendation of the European Confederation of Institutes
of Internal Auditing (ECIIA). The Risk Management System
and Internal Control System of the Audi Group consequently
features three lines of defense that are intended to protect the
Company against the occurrence of material risks.
The “Three Lines of Defense” model
The individual risk owners of the AUDI AG divisions and subsid-
iaries are responsible for the operational management of risks
and their control, as well as for reporting on them. They repre-
sent the first line of defense. Controlling maintains a constant
dialogue with the individual departments of the Company
throughout. This ensures that the financial impacts are
continuously taken into account in corporate planning and
management.
In the second line of defense, the central GRC organization
takes charge of the fundamental functionality of the Risk
Management System and Internal Control System as well as
the compliance management system. The core activities of
Central Risk Management involve monitoring system perfor-
mance and submitting an aggregated report on the risk situa-
tion to the Board of Management and the Audit Committee of
the Supervisory Board (GRC Annual Report). This ensures that
the statutory requirements for the early identification of risks
and the effectiveness of the Risk Management System and
Internal Control System are met. In addition, Central Risk
Management handles the Group-wide ongoing development of
risk management governance and tools. These include direc-
tives and standards, as well as methods and processes that are
adapted to the scale of the individual company. In addition,
consultancy on operational risk management is available for
the divisions and subsidiaries. Regular training courses and
fact-finding events are held to lastingly reinforce awareness of
risk management and compliance as well as promote a posi-
tive risk culture in the Audi Group. AUDI AG also has risk com-
Supervisory Board
Board of Management
First
line of defense
Third
line of defense
Second
line of defense
Operational risk
management
Coordination
of GRC control
process, risk and
compliance program
Audit of
RMS/ICS
Reports on risk
management Reporting through
GRC Annual Report Audit reports
on RMS/ICS
Divisions Central GRC
organization Internal Audit