Leonardo’s Enterprise Risk Management (ERM) aims to identify, assess and manage enterprise risks, that it is to say threats and opportunities, which may potentially have effects on the achievement of the Industrial Plan and Strategic objectives and on the effectiveness of actions for long-term business sustainability.
This is a key requirement to maintain business value, operations and stakeholder interests in the long-term.
The ERM process also aims to support the strengthening of the Corporate governance in order to allow the Company to identify, evaluate (by adopting quantitative and qualitative methodologies) treat and monitor the risks according to common and cross-cutting rules, thus enabling the escalation of Top Risks, also with the support of a specific Risk Report system.
Enterprise risks identified and managed each for the respective area of competence by the relevant Company structure according to the roles established by the process (Process Owner/Risk Owner/Action Owner) with the support of Risk Management unit, may have the following risk impact nature:
- Competitive positioning choices
- Investment/disinvestment operations
- Merger and Acquisition operations
- Commercial agreements / strategic partnerships
- Corporate reorganisation
- Value chain disruption
- Procurement process
- Sales process
- Administrative and accounting processes
- Information Systems (e.g. IT/cyber related matters)
- Credit / counterpart rating
- Currency Rate fluctuations
- Inadequate definition or management of hedging instruments
- Reduction in profitability due to high financial charges as a consequence of high debt levels
- Compliance with applicable regulations of reference, such as, but not limited to: D. Lgs. 231/2001, D. Lgs. 196/2003, D. Lgs. 81/2008
- Compliance with sector / specific regulations (e.g. Trade Compliance) and universally accepted standards (e.g. ISO 37001)
- Compliance with Leonardo internal regulations and policies/procedures (e.g. Business Compliance, Anti-corruption)
- Reduction in the level of customer retention and customer satisfaction
- Decrease in banks and investors trust
- Media showing negative opinion
ENTERPRISE RISK MANAGEMENT PROCESS PHASES
Identification of targets related to the selected processes, taking into consideration what has been established in the Company plans in force or being defined.
Definition, on the basis of a range of predefined values, of the probability and impact indices associated to the risk, with respect to which establishing the risk acceptability considering the Leonardo’s Risk Appetite, as defined for each impact nature (strategic, operational, financial, compliance and reputational). For risks with compliance nature impact, for example, the Risk Appetite is extremely low, with the aim of minimizing all risks regardless of their impact (Risk Averse – zero tolerance).
The adoption of quantitative methods allows, through the use of statistical techniques (e.g. Monte Carlo simulation), the creation of the Risk Profile and the elaboration of sensitivity analyses and stress tests with reference to the various dimensions being analysed (e.g. Orders, Revenues, EBITA, FOCF and also non-financial KPIs).
Computing the net benefit of identified treatment actions, selection and implementation of actions to be taken.