Clearly defined risk management details
The coordinated application of risk management tools is assured by the compilation of all relevant facts in guidelines. These include the Articles of Association and by-laws of Group companies, internal Group procedures and METRO GROUP’s Group-wide risk guideline. It defines
- the risk management framework (terms, basic structure, strategy, principles),
- the risk management organisation (roles and responsibilities, risk units),
- processes (risk identification, assessment and management),
- risk reporting as well as
- monitoring and controlling the effectiveness of risk management.
Based on the internationally recognised COSO II standard, the risk management framework addresses the 3 levels of risk management: corporate objectives, processes and organisation.
The first level of risk management relates to the clustering of corporate objectives. In this respect, METRO GROUP has defined the following clusters:
- Strategic objectives related to safeguarding the Company’s future economic viability
- Operational objectives related to the attainment of set key operational metrics
- Corporate management objectives related to compliance with laws, regulations, internal guidelines and specified procedures
- Objectives related to appropriate preparations to mitigate event risks such as breakdowns, business interruptions and other crisis events
On the second risk management level – the process level –, the definition of objectives also serves as the starting point for risk mapping. In this context, we identify, assess and manage risks that would jeopardise or inhibit the achievement of our objectives should they materialise.
On the organisational level, we determine the corporate units responsible for setting objectives in a clearly defined area as well as identifying, assessing and managing risks. METRO GROUP’s risk management defines these areas in line with the corporate organisation using independent risk units – generally companies – as well as in terms of function using categories that are responsible for a certain operational function or administrative task.