The standardized risk management system that has been introduced throughout the Group for the early recognition of material risks and risks that could jeopardize the continued existence of the Group is based on risk policy principles stipulated by the Executive Board of Rheinmetall AG, which are geared towards financial resources and strategic and operational planning and which specify guidelines, responsibilities and the treatment and documentation of identified risks, as well as thresholds. This ensures that corporate decisions and business activities are monitored on an ongoing basis and are actively managed, and enables any necessary action to be determined as required in order to comply with legal requirements.
In order to guarantee a functional and effective control and monitoring system, Rheinmetall follows the approach of the three lines of defence model when it comes to dealing with the risks in the company.
The first line of defence lies with the management of the operating activities, which is responsible for recording, assessing and managing the risks that arise there. The second line of defence comprises the risk management, the compliance management and the internal control system. Internal Audit is the third line of defence and acts as the independent control organ of the Executive Board of Rheinmetall AG.
In order to identify, analyze and assess potential risks, the risk inventory is revised once a year during corporate planning. This contains all the most important risks potentially impacting the corporate targets and sub-targets, probabilities of occurrence, the potential level of damage, early warning indicators, responsibilities and suitable countermeasures. On this basis, the operating units and central functional departments record, process and communicate the risks associated with their current business situation and future development each month in accordance with prescribed standardized parameters, along with the probabilities of occurrence and financial impact of these risks.
These detailed reports, which are an integral part of the integrated planning, management and information process, inform the Executive Board and managers of the status of and significant changes to important ventures subject to reporting requirements, and the status of countermeasures that have already been introduced. The measures introduced to ensure appropriate management of identified risks are monitored on an ongoing basis and adjusted to a new risk assessment where necessary. If necessary, adequate additional measures are taken in order to further limit and reduce identified potential risks. The Executive Board of Rheinmetall AG is regularly informed by Group Controlling of developments in the Rheinmetall Group’s overall risk situation. Unexpected material risks and undesirable developments with significant consequences are reported to the Executive Board on an ad hoc basis.