The Risk and Compliance Office is in charge of monitoring the most significant risks that could affect the organisation and the companies that make up the Group, as well as its activities and objectives. The methodology used is Enterprise Risk Management (ERM) based in COSO.
The ultimate goal is to have a record of the most significant risks that could compromise the achievement of the goals set out in our strategic plan. This risk analysis is a fundamental element of our Group's decision-making processes, both within the governing bodies and in the management of the business as a whole.
The Risk & Compliance Office has the duty to analyse and identify the top ten risks at Group level by developing a Corporate Risk Map. The most critical risks related to the business and achievement objectives of the Group are highlighted and are categorised as: operational risks that could affect the efficiency of business processes and services, commercial risks that could affect customer satisfaction, reputational risks and compliance risks.
Due to its universal and dynamic character, the system allows inclusion of new risks affecting the Group as a result of changes in the environment or revisions of objectives and strategies.
The Group's general policy regarding managing and monitoring risk is intended to allow the Group to:
With this in mind, the general policy for managing and monitoring risk is carried out through procedures, methodologies and tools such as the Corporate Risk Map that permit Amadeus to achieve the following objectives:
The Risk & Compliance Office has also developed a Crisis Framework, and is putting together crisis plans in the organisation to make sure we improve our response time in the solution of such crisis as well as we communicate with our customers, investors and relevant bodies in a crisis event.
The following bodies are responsible for working on or supervising Amadeus' risk management model:
Risk and Compliance Office: The Risk and Compliance Office develops the Corporate Risk Map, establishes the control procedures for each of the identified risks in conjunction with each person responsible for designated risk (risk owner) and monitors them. The risks resulting from the analysis, as well as controls, are reported periodically to the Executive Management Committee and the Audit Committee.
Executive Management Committee: determines the overall risk policy of the Group and, where appropriate, establishes management mechanisms that ensure risks are maintained within the approved levels.
Audit Committee: The Audit Committee is an advisory body to the Board of Directors whose main function is to provide support to the Board in its oversight duties by, among other actions, periodic review of internal control and risk management so that the main risks are identified, managed and disclosed properly.
Group Internal Audit Unit: The Group Internal Audit Unit focuses on the evaluation and adaptation of existing controls related to major risks in order to assist the Risk & Compliance Office in its function of ensuring that all potential risks that could affect the achievement of the Group's strategic objectives are identified, measured and controlled at all times.