The sustainable success of our Company also depends on how quick we are to identify the risks and opportunities arising from our operations and how far-sighted we are in managing them. The Volkswagen Group’s responsible approach to risks is supported by a comprehensive risk management and internal control system. The organization of the Volkswagen Group’s risk management system (RMS) and internal control system (ICS) is based on the internationally recognized COSO Enterprise Risk Management Framework (Committee of Sponsoring Organizations of the Treadway Commission). Here Volkswagen has chosen a holistic, integrated approach that combines the risk management system, internal control system and compliance management system in a single management strategy (Governance, Risk & Compliance strategy). As a result, the RMS/ICS ensures full coverage of all potential risk areas. The central body responsible is the Group Board of Management. The Board examines risks and opportunities in connection with a wide variety of processes. The Audit Committee of the Group Supervisory Board receives regular reports on the effectiveness of the RMS/ICS.

Three Lines of Defense

As an integral part of our structures and procedures, our RMS is embedded in the day-to-day business processes of the Volkswagen Group. It adopts the “Three Lines of Defense” approach:

  • The first line is the essential task of the divisions, companies and brands. Thanks to reports during the year via the paths documented above, the Board has an overall picture of the current risk situation at all times. The minimum requirements for the RMS/ICS are laid down in a single guidance document for the entire Group. This also includes a process for timely notification of significant risks.
  • The second line is the Group Governance, Risk & Compliance (GRC) department. This sets standards for the RMS/ICS and coordinates the annual GRC control process. In this, the brands, major companies and individual functional areas identify risks and verify the effectiveness of the RMS/ICS. This serves as a basis for updating the overall picture of the potential risk situation and assessing the effectiveness of the system as a whole. The Group Board of Management receives a report on significant risks, defined in terms of quantitative and qualitative assessment criteria and a probability rating.
  • The third line is Group Internal Audit, which makes regular checks on the structure and implementation of the risk management system as part of its independent audit procedures.

Significant Risks

The biggest risks – i.e. risks with a high probability of occurrence and a large financial impact – may arise from

  • adverse unit sales and market trends for vehicles and genuine parts
  • development and creation of products not suited to demand and
  • potential quality problems.


Environmental Risks

Risks that could impact on the financial result of the Volkswagen Group also include general environmental risks and climate change risks. Under the RMS these are identified, assessed and controlled by the Group’s divisions and companies. Examples of such risks include the following:

  • Extreme weather situations, storms or floods leading to failure of information and communication technology, supplier failure with production standstill or general production downtime in one of our more than 100 production facilities worldwide.
  • Regulatory measures, especially sanctions resulting from failure to achieve CO2 emission targets for the fleet or comply with emission standards required by cities and municipalities. Emission requirements for vehicle taxation also play an important role here.

Alongside the risks described, the development of new drive technologies (hybrid and electric) may result in advantages compared with our competitors. In view of a broad change in public awareness based on the depletion of fossil resources and a growing desire to protect the environment, these technologies promote the Group’s sales opportunities.

For more information on RMS/ICS and on economic, political, financial and operational risks, see the risk report in the 2013 Management Report. 9