Risk and opportunity management is of paramount importance to EADS, given the complex and volatile business environment in which EADS operates. A comprehensive set of risk and opportunity management procedures and activities across EADS makes up the EADS Enterprise Risk Management (“ERM”) system.
The objective of the ERM system is to create and preserve value for EADS’ stakeholders. It is designed and operated to effectively identify potential events that may affect EADS, manage risk to be within the defined risk tolerance, identify and manage opportunities, and provide reasonable assurance regarding the achievement of targets. To achieve this, EADS seeks to have one integrated, consistent, comprehensive, efficient and transparent ERM system, using the same understanding, practice and language. It seeks to embed the risk management philosophy into EADS culture, in order to make risk and opportunity management a regular and everyday process for employees.
The Board of Directors and EADS top management regard ERM as a key management process to steer the Company and enable management to effectively deal with risks and opportunities. The advanced ERM capabilities and organisation that EADS is seeking to progressively implement can provide a competitive advantage to the extent they successfully achieve the following:
- strategy: the selection of high level strategic objectives, supporting the EADS vision and consistent with risk appetite;
- operations: the effectiveness and efficiency of operations and resource allocation; the delivery of products on time and in accordance with cost and quality objectives; the capability to achieve performance and financial targets; the implementation of risk-enabled decisions and managerial processes;
- reporting: reliability of reporting, in particular financial reporting; and
- compliance: compliance with applicable laws and regulations.
The objectives, principles and process for the ERM system as endorsed by the Board of Directors are set forth in the EADS ERM Policy and communicated throughout the Group. The EADS ERM Policy is supplemented by various manuals, guidelines, handbooks, etc. The ERM system is based on the Internal Control and Enterprise Risk Management Framework of the Committee of Sponsoring Organisations of the Treadway Commission (COSO II). External standards that contribute to the EADS ERM system include the Internal Control and ERM frameworks of COSO, as well as industry-specific standards as defined by the International Standards Organisation (ISO).
The ERM system comprises an integrated hierarchical bottom-up and top-down process to enable better management and transparency of risks and opportunities. At the top, the Board of Directors and the Audit Committee discuss major risks and opportunities, related risk responses and opportunity capture as well as the status of the ERM system, including significant changes and planned improvements. This is based on systematic bottom-up information including management judgement. The results are then fed back into the organisation. The design of the ERM system seeks to ensure compliance with applicable laws and regulations with respect to internal control (“IC”) and risk management (“RM”), addressing both subjects in parallel.
The ERM process consists of four elements: the operational process, which consists of a sequence of eight consistent, standardised components to enhance operational risk and opportunity management; the reporting process, which contains procedures for the status reporting of the ERM system and the risk/opportunity situation; the compliance process, which comprises procedures to substantiate the assessment of the effectiveness of the ERM system; and the support process, which includes procedures to increase the quality and provide further substantiation of the quality of the ERM system.
The ERM process applies to all possible sources of risks and opportunities, with both internal and external sources, quantifiable and unquantifiable, potentially affecting EADS in the short-, middle- and long-term. It also applies to all of EADS’ businesses, activities and departments. Management at each level discusses ERM when they run the business, as part of their decision-making and related activities. Accordingly, the ERM process is part of the management process and interrelated with other processes. The details of application of the ERM process vary with the risk appetite of management and the size, structure and nature of the organisational unit, programme/project, department or process. Nonetheless, the fundamental principles of the EADS ERM Policy generally apply.
For a discussion of the main risks to which the Group is exposed, see “Risk Factors”.
ERM GOVERNANCE AND RESPONSIBILITY
The governance structure and related responsibilities for the ERM system are as follows:
- the Board of Directors supervises the design and effectiveness of the ERM system including management actions to mitigate the risks inherent in EADS’ business activities. It discusses the major risks at least quarterly based on ERM reporting or as required depending on development of business risks. It is supported by the Audit Committee, which discusses at least yearly the activities with respect to the operation, design and effectiveness of the ERM system, as well as any significant changes and planned improvements prior to presentation to the full Board of Directors;
- the EADS Chief Executive Officer, backed by the Executive Committee, is responsible for an effective ERM system, the related internal environment (i.e. values, culture) and risk philosophy. He is supported by the EADS Chief Financial Officer who supervises the EADS Chief Risk Officer and the ERM system design and process implementation;
- the EADS Chief Risk Officer has primary responsibility for the ERM strategy, priorities, system design, culture development and reporting tool. He supervises the operation of the ERM system and is backed by a dedicated risk management organisation on Group and Division level, which actively seeks to reduce overall risk criticality. This risk management organisation is networked with the risk owners on the different organisational levels and pushes for a proactive risk management culture; and
- the executive management of the Divisions, Business Units and Headquarters’ departments assume responsibility for the operation and monitoring of the ERM system in their respective area of responsibility. They seek to ensure transparency and effectiveness of the ERM system and adherence to its objectives. They take responsibility for the implementation of appropriate response activities to reduce probability and impact of risk exposures, and conversely for the implementation of appropriate responses to increase probability and impact of opportunities.
The EADS ERM system needs to be effective. EADS has established recurring ERM self-assessment mechanisms, to be applied across EADS. This seeks to allow EADS to reasonably assure the effectiveness of its ERM system. The ERM effectiveness assurance comprises:
- ERM process: needs to be present and functioning throughout EADS without any material weaknesses and needs to fulfil the EADS ERM Policy requirements;
- risk appetite: needs to be in accordance with the EADS risk environment;
- ERM IC system: needs to have an effective IC system for the ERM process in place.
For the coverage of all of its activities, EADS has defined 20 high level business processes. In order to achieve ERM effectiveness, the ERM process as an overlaying process must be an integral part of these business processes. ERM effectiveness is assured if the achievement of the ERM process objectives is secured by adequate ERM controls which are operating effectively throughout the organisation and are within the respective risk appetite level.
Operating effectiveness is measured inter alia by assessing any potential major failings in the ERM system which have been discovered in the business year or any significant changes made to the ERM system.
The combination of the following controls is designed to achieve reasonable assurance about ERM effectiveness:
ERM control with explanations
|Board of Directors/Audit Committee||Regular monitoring
The Board of Directors and the Audit Committee review, monitor and audit the ERM system.
|Top Management||ERM top management discussions
This control is the most important step of the ERM Sub-Process “Compliance”. All the results of the “Scoping”, “Self Assessment” and “Confirmation” procedures are presented by the Divisions or Business Units Top Management and discussed and challenged at EADS top level.
|Management||ERM confirmation letter procedure
Entities and processes/departments heads that participate in the annual ERM compliance procedures need to sign ERM confirmation letters, especially on internal control effectiveness and deficiencies or weaknesses. The scope of participants is determined by aligning coverage of EADS business with management’s risk appetite.
|ERM Department||ERM effectiveness measurement
Assess ERM effectiveness by performing operational risk management for the ERM process, benchmarks, etc.
|Corporate Audit||Audits on ERM
Provide independent assurance to the Audit Committee on the effectiveness of the EADS ERM System.
Provide evidence for deficiencies of the EADS ERM system.
DEVELOPMENTS IN 2011 AND OUTLOOK
Today, companies are operating in a more volatile risk environment than ever before. Mature risk management capabilities are therefore more critical, more strategic and overall more valuable. EADS seeks to deploy its ERM system effectively across the Group in order to mitigate risk and drive competitive advantage, and invests accordingly. The design of its ERM system has evolved towards a more homogeneous and performance-oriented management tool that is integrated into the business, with the following major achievements in 2011:
- strengthening of ERM foundations, with a progressive appreciation of ERM processes and development of a true risk culture;
- beginning roll-out of a dedicated Group-wide ERM IT tool;
- strong ERM contribution to improvement initiatives launched across the Group; and
- successful finalisation of year-end ERM compliance process, i.e. ERM confirmation letters were received from all relevant risk owners in Divisions, Business Units and Business Functions, and all ERM top management discussions took place.
As an outlook, EADS seeks to:
- follow the path to further mature risk management, especially ERM awareness, capabilities, culture and risk management organisation;
- fully embed the risk management organisation into business operations;
- improve ERM measurement, modelling and analytics for decision-making;
- further improve transparency, reduce risk criticality and encourage seizing of opportunity by use of the ERM methodology;
- further deploy and harmonise the Group-wide ERM IT tool; and
- introduce a common skills model and career path for risk managers.
More generally, EADS seeks to continuously evaluate and improve the operating effectiveness of the ERM system. EADS will use the recommendations from the Corporate Audit department, which has reviewed risk management of selected departments and business processes, to further strengthen its ERM system.
BOARD DECLARATION – LIMITATIONS
The Board of Directors believes to the best of its knowledge that the internal risk management and control system over financial reporting has worked properly in 2011 and provides reasonable assurance that the financial reporting does not contain any errors of material importance.
No matter how well designed, all ERM systems have inherent limitations, such as vulnerability to circumvention or management overrides of the controls in place. Consequently, no assurance can be given that EADS’ ERM system and procedures are or will be, despite all care and effort, entirely effective.
BUSINESS PROCESSES COVERED BY THE ERM SYSTEM
Based on EADS’ activities, 20 high-level business processes have been identified within EADS. They are categorised into core processes (research and development, production, sales, after-sales and programme management), support processes (corporate sourcing, Human Resources, accounting, fixed assets, treasury, information technology, mergers and acquisitions, legal and insurance) and management processes (strategy, corporate audit, controlling, compliance, Enterprise Risk Management and management controls). These business processes, together with the corresponding ERM processes, are designed to control process risks that have significant potential to affect the Group’s financial condition and results of operations. Below is a description of the main business processes at the respective headquarters’ level which were in place during 2011.
At the core of EADS’ ERM system are accounting processes and controls designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements and other financial information used by management and disclosed to EADS’ investors and other stakeholders. The integrated approach to planning and reporting aims to improve internal communication and transparency across departments and organisational units within EADS.
The EADS financial control model defines the planning and reporting procedures that apply to all operational units of the Group, as well as the responsibilities of the Chief Financial Officer, who is charged with developing, implementing and monitoring these procedures. Among the Chief Financial Officer’s primary tasks is oversight of the preparation of the Consolidated Financial Statements of EADS, which are prepared under the direct supervision of the Chief Accounting Officer (“CAO”). The CAO is responsible for the operation of the Group’s consolidation systems and rules and for the definition of Group-wide accounting policies which comply with IFRS, reporting rules and financial guidelines in order to ensure the consistency and quality of financial information reported by the Divisions and Business Units. EADS’ accounting policies are set out in a written accounting manual, which is agreed with the Company’s external auditors. Changes to the EADS accounting manual require approval by the CAO, and, where significant changes are involved, the Chief Financial Officer or the Board of Directors (based upon the advice of the Audit Committee).
Control of the financial planning and reporting processes is achieved not only through the development of Group-wide accounting systems and policies, but also through an organised process for providing information from the reporting units on a timely basis as an up-to-date decision-making tool to control the operational performance of the Group. This information includes regular cash and treasury reports, as well as other financial information used for future strategic and operative planning and control and supervision of economic risks arising from the Group’s operations. The Divisional Chief Financial Officers frequently meet with the CAO and his responsible staff to discuss the financial information generated by the Divisions.
Prior to being disclosed to the public and subsequently submitted for approval to the shareholders, the consolidated year-end financial statements are audited by EADS’ external auditors, reviewed by the Audit Committee and submitted for approval by the Board of Directors. A similar procedure is used for the semi-annual and quarterly closing. Group auditors are involved before EADS financial statements are submitted to the Board of Directors.
Treasury management procedures, defined by EADS’ central treasury department at Group headquarters, enhance management’s ability to identify and assess risks relating to liquidity, foreign exchange rates and interest rates. Controlled subsidiaries fall within the scope of the centralised treasury management procedures, with similar monitoring procedures existing for jointly controlled affiliates, such as MBDA.
The management of liquidity to support operations is one of the primary missions of the EADS Central Treasury department. Regular cash planning, in conjunction with the planning/reporting department, as well as monthly cash reporting by the central treasury department, provide management with the information required to oversee the Group’s cash profile and to initiate necessary corrective action in order to ensure overall liquidity. To maintain targeted liquidity levels and to safeguard cash, EADS has implemented a cash pooling system with daily cash sweeps from the controlled subsidiaries to centrally managed accounts. Payment fraud prevention procedures have been defined and communicated throughout the Group. For management of credit risks related to financial instruments, see “Notes to the Consolidated Financial Statements (IFRS) — Note 34A: Financial risk management”.
Commercial operations generate material foreign exchange and interest rate exposures. A Group hedging policy is defined and updated regularly by the Board of Directors. In order to ensure that all hedging activity is undertaken in line with the Group hedging policy, the central treasury department executes all hedging transactions. The central treasury department conducts ongoing risk analysis and proposes appropriate measures to the Divisions and Business Units with respect to foreign exchange and interest rate risk. Subsidiaries are required to calculate, update and monitor their foreign exchange and interest rate exposure with the EADS Central Treasury department on a monthly basis, in accordance with defined treasury procedures. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations — 2.1.7 Hedging Activities”.
In connection with certain commercial contracts, EADS may agree to enter into sales financing arrangements. In respect of sales financing at Airbus, an annual sales financing budget is defined as part of the EADS operative planning process. Sales financing transactions are approved on a case-by-case basis with the involvement of top management, in line with certain risk assessment guidelines and managed by a Group-wide integrated organisation.
Commercial contracts entered into by EADS’ operating subsidiaries have the potential to expose the Group to significant financial, operational and legal risks. To control these risks, management has implemented contract proposal review procedures that seek to ensure that EADS does not enter into material commercial contracts that expose it to unacceptable risk or are not in line with the Group’s overall objectives. These procedures include (i) Board of Directors-approved thresholds and criteria for determining the risk and profitability profiles and (ii) a mandated pre-approval process for contracts defined as “high-risk”. Contracts falling within the defined threshold categories require approval by the respective Divisional Chief Financial Officer. Contracts that are deemed “high-risk” and/exceed certain thresholds must be submitted to a standing Commercial Committee (with the Chief Financial Officer and the Chief Strategy and Marketing Officer serving as Chairmen, and a possible escalation to the Chief Executive Officer when needed). This committee is responsible for reviewing the proposal and giving recommendations when necessary, based on which the concerned Business Unit is allowed to remit its offer. In the case of Airbus, due to the nature and size of its business, contracts are approved in accordance with Airbus’ own corporate governance policy based on EADS guidelines which follow the same principle, with participation of EADS. In general, where EADS shares control of a subsidiary with a third party, the Commercial Committee is responsible for developing the EADS position on proposed commercial contracts.
EADS is subject to myriad legal requirements in each jurisdiction in which it conducts business. The mission of the EADS Legal department, in coordination with the Division and Business Unit Legal departments, is to actively promote and defend the interests of the Group on all legal issues and to ensure its legal security at all times. By carrying out this mission it is responsible for implementing and overseeing the procedures designed to ensure that EADS’ activities comply with all applicable laws, regulations and requirements. It is also responsible for overseeing all major litigation affecting the Group, including Intellectual property.
The EADS Legal department, together with the Corporate Secretary, also plays an essential role in the design and administration of (i) the EADS corporate governance procedures and (ii) the legal documentation underlying the delegation of powers and responsibilities which define the EADS management and its internal control environment.
The EADS Corporate Audit department, under the direction of the Corporate Secretary, provides assurance to the Executive Committee and Audit Committee Members based upon a risk-oriented approved annual audit plan. The Corporate Audit department (i) reviews the achievement of the Group’s strategic, financial or operational objectives, (ii) reviews the reliability and integrity of Group reporting, (iii) reviews the effectiveness of the ERM system, (iv) reviews the efficiency and effectiveness of selected processes, entities or functions and (v) reviews compliance with laws, regulations, Group guidelines and procedures.
Corporate audit also conducts ad hoc reviews, performed at the request of management, focusing on current (e.g., suspected fraudulent activities) and future (e.g., contract management and programme management) risks. In 2011, the Institut français de l’audit et du contrôle internes (IFACI) reviewed the Corporate Audit department and certified that it fulfilled the requirements of the International Professional Practices Framework. Corporate audit also established a forensic function in 2011, with specialist expertise to support the Group in its treatment of compliance allegations.
The performance of EADS is to a large extent determined through its supply chain. Therefore, sourcing is a key lever for EADS in its marketplace.
EADS’ size and complexity requires a common approach to maximise market levers and to avoid inefficiencies in the procurement process. To help ensure that sourcing is carried out in the most effective, efficient and ethical manner, a set of common procurement processes, which support a common sourcing strategy and ultimately the Group strategy and vision, is defined by the head of Corporate Sourcing and the Chief Procurement Officers Council.
The common approach and processes are then implemented and optimised across all Divisions through the sourcing networks. These sourcing networks comprise representatives from all Divisions. They are tasked by the EADS Chief Procurement Officers Council to define and roll out across EADS strategic sourcing topics such as Supplier Relationship Management, Common Processes and Tools, Global Sourcing, Joint Procurement, Compliance, Corporate Social Responsibility, and Procurement Performance Management. The procurement processes are regularly reviewed by means of performance indicators, audits and self-assessments and thus consistently challenged and optimised.
See Ethics and Compliance section.