The Volkswagen Group’s responsible and forward-looking approach to risks is supported by a comprehensive risk management and internal control system (RMS/ICS). This is based on the internationally recognized COSO Enterprise Risk Management Framework (Committee of Sponsoring Organizations of the Treadway Commission). We pursue a holistic, integrating approach that combines the risk management system, internal control system and compliance management system in a single Governance, Risk & Compliance strategy. As a result, the RMS/ICS ensures full coverage of all potential risk areas. The central body responsible is the Group Board of Management, which is informed about risks and opportunities in connection with a wide variety of processes. The Supervisory Board’s Audit Committee receives regular reports on the effectiveness of the RMS/ICS.
As an integral part of our structures and procedures, our RMS is embedded in the day-to-day business processes of the Volkswagen Group. It pursues the “Three Lines of Defense” approach:
- The first line is the essential task of the divisions, companies and brands. Thanks to reports during the year via the paths documented above, the Board has an overall picture of the current risk situation at all times. The minimum requirements for the RMS/ICS are laid down in a single guidance document for the entire Group. This also includes a process for timely notification of significant risks.
- The second line is the Group Governance, Risk & Compliance (GRC) department. This sets standards for the RMS/ICS and coordinates the annual GRC standard process. In this process, the brands, major companies and individual functions identify risks and verify the effectiveness of the RMS/ICS. This serves as a basis for updating the overall picture of the potential risk situation and assessing the effectiveness of the system. The Group Board of Management receives a report on significant risks, which are also defined in terms of quantitative and qualitative assessment criteria and a probability rating.
- The third line is Group Internal Audit, which makes regular checks on the structure and implementation of the RMS as part of its independent audit activities.
Being aware of our stakeholders’ expectations
is an important precondition for business success.
The biggest risks – i.e. risks with a high probability of occurrence and involving a large financial loss – may arise from adverse sales and market trends for vehicles and genuine parts, development and creation of products not suited to demand, and potential quality problems.
Risks that could impact on the financial result of the Volkswagen Group also include general environmental risks and climate change risks. Under the RMS these are identified, assessed and controlled by the Group’s divisions and companies. Examples of such risks include the following:
- Extreme weather situations, storms or floods leading to failure of information and communication technology, supplier failure with production standstill or general production downtime at one of our more than 100 production locations worldwide.
- The differences in CO2 regulations between the major volume markets, which involve a variety of sanction mechanisms. Emission requirements for vehicle taxation also play an important role here.
- Alongside the risks described, the development of new drive technologies (hybrid and electric) may result in advantages compared with our competitors. In view of a broad change in public awareness based on the depletion of fossil resources and a growing desire to protect the environment, these technologies promote the Group’s sales opportunities.
For more information on economic, political, financial and operational risks, see the Risks and Opportunities section of the Management Report. 11