In connection with all of the above, transparency and integrity is also achieved through our assessment of both risks and opportunities at Amadeus. We continually monitor the most significant risks that could affect the organisation and the companies that make up the Group, as well as its activities and objectives.
The Group’s general policy regarding managing and monitoring risk is intended to allow the Group to:
With this in mind, the general policy for managing and monitoring risk is carried out through procedures, methodologies and tools such as the Corporate Risk Map, which permit Amadeus to achieve the following objectives:
The ultimate goal is to have a record of the most significant risks that could compromise the achievement of the goals set out in our strategic plan. This risk analysis is a fundamental element of our Group’s decision-making processes, both within the governing bodies and in the management of the business as a whole.
The Risk Map at the Group level defines the twenty most critical risks related to the business and achievement of objectives of the Group, mong which the following are highlighted: technological risks, operational risks that could affect the efficiency of business processes and services, commercial risks that could affect customer satisfaction, reputational risks and compliance risks.
Due to its universal and dynamic character, the system allows the inclusion of new risks affecting the Group as a result of changes in the environment or revisions of objectives and strategies.
The following bodies are responsible for working on or supervising Amadeus’ risk management model:
Audit Commitee: The Audit Committee is an advisory body to the Board of Directors whose main function is to provide support to the Board in its oversight duties by, among other actions, periodic review of internal control and risk management so that main risks are identified, managed and disclosed properly.
Executive Management Commitee: The Executive Management Committee determines the overall risk policy of the Group and, where appropriate, establishes management mechanisms that ensure risks are maintained within the approved levels.
Risk and Compliance Office: The Risk and Compliance Office develops the Risk Map, establishes the control procedures for each of the identified risks in conjunction with each owner responsible for each designated risk and monitors them. The risks resulting from the analysis as well as controls are reported periodically to the Executive Management Committee and the Audit Committee.
Internal Audit Unit: The Internal Audit Unit focuses on the evaluation of existing controls related to major risks in order to ensure that all potential risks that could affect the achievement of the Group’s strategic objectives are identified, measured and controlled at all times.