Selection of the Company’s processes to be included in the Risk Assessment, by taking into account their relevance for the business with particular reference to Industrial Plan targets, as well as risk topics already identified in previous Risk Assessment activities.
Identification of targets related to the selected processes, taking into consideration what has been established in the Company plans in force or being defined.

Evaluation of the Probability of Occurrence of the event of risk and evaluation of the effects of risk, by adopting quantitative methods for strategic, operational and financial impacts and qualitative methods for compliance and reputational impacts.
Definition, on the basis of a range of predefined values, of the probability and impact indices associated to the risk, with respect to which establishing the risk acceptability considering the Leonardo’s Risk Appetite, as defined for each impact nature (strategic, operational, financial, compliance and reputational). For risks with compliance nature impact, for example, the Risk Appetite is extremely low, with the aim of minimizing all risks regardless of their impact (Risk Averse – zero tolerance).
The adoption of quantitative methods allows, through the use of statistical techniques (e.g. Monte Carlo simulation), the creation of the Risk Profile and the elaboration of sensitivity analyses and stress tests with reference to the various dimensions being analysed (e.g. Orders, Revenues, EBITA, FOCF and also non-financial KPIs).

Causes/Event/Effects analysis to address the most appropriate risk treatment strategies, consistently with the Risk Appetite of Leonardo.
Computing the net benefit of identified treatment actions, selection and implementation of actions to be taken.

Periodic monitoring and review, at least quarterly, of risks and treatment actions, with identification of any emerging risks and re-assessment of the Risk Profile.