Expedeon is in development stage acting on a complex and rapidly changing environment with specific constraints and risks customary in this industry.
Expedeon defines risk as a danger that hinders the company to achieve his goals and prevent the company from implementing the considered strategies.
Expedeon is convinced that several instruments are necessary to build an efficient risk management system:
- The risk policy
- The organisational structure (stakeholders, responsibilities etc)
- The operational structure (processes, instruments, documentations etc.)
We believe that with the controlled exposure to risks Expedeon gains considerable competitive advantages. For Expedeon it is important to have the risk management implemented as a living system and to accept it as an additional control-instrument that has to be actively managed. Risk management is perceived as contribution to the value of Expedeon’s operations.
The effectiveness of a risk management system is impacted by the risk and control culture that is manifested in the skills, the attitude and the behaviour of the employees. The corporate culture is the common ground for every detail of the risk management system. It is understood as the common and basic values and standards that drives the behaviour of the employees. Expedeon aims for a strong corporate culture, which can act as a guide in uncertain situations and serves as unwritten rule. The basic principles of a corporate wide risk culture are stated below.
Expedeon is committed to a risk policy based on a concept that business shall be conducted honestly, fairly and legally. All employees of Expedeon and its affiliated companies are expected to share that commitment to high moral, ethical and legal standards.
Expedeon is conscious of the fact that the success of the corporation is a reflection of the professionalism, conduct and the responsible attitude of its management and employees. Training and development on a skill and personal level of the people are crucial for success.
Expedeon is committed to a policy of opportunity for all. As such, Expedeon will reward appropriately, all employees who demonstrate qualities such as initiative, hard work and loyalty and encourages continuous improvement especially professional skills through training at all levels in the organisation.
Expedeon is committed to address any adverse impact and internal threads arising from its business activities.
The organizational structure
The Management Board represents the overall authority for risk management and is held responsible for the monitoring of risks and actions taken against these risks. The main topics that the Expedeon management intends to regulate are:
- The stakeholders and their responsibilities (company organisation structure)
- The evaluation of risks and documentation of risks, risk management process (operational organisation)
A main role in the risk management system is held by the risk owner. Usually these are members of the Management Board, VPs or directors that are responsible for a certain risk field. For an appropriate monitoring of the risks, every risk owner implements its own risk management organisation and processes within his responsibility. The risks have to be evaluated in agreement with the evaluation guidelines; and counteractions and retaliatory actions against these risks have to be developed. The process has to be performed at least quarterly documented and the document has to be discussed with the risk controlling.
The Management Board has to be updated by the risk controlling on a regular basis and agree with the processes in a documented form. On the other hand, the risk controlling has to assure a careful and thorough focus on these processes.
To assure a proper and independent control of the risk management system, regular audits under the supervision of the Management Board will take place to assure an optimal implementation of the risk management and a continuous improvement.
These organisations and processes are described in more detail below.
The operational structure
The basic risk management process of the Expedeon is kept as simple as possible. Expedeon differentiates five key stakeholders in the process: The executive and supervisory board, the risk owner, the community of employees and the risk controlling.
The Management Board is responsible for the overall risk management process especially for setting the policy and rules for the process. On the basis of the applicable laws the Management Board delegates the responsibilities for risk monitoring, analysis, evaluation and the implementation of retaliatory actions to the respective risk owners and risk controlling. Nevertheless the Management Board stays responsible to beware Expedeon of every possible risk that threads the company. To do so, the Management Board is responsible for the overall risk management system, for the evaluation process especially for the thresholds in the evaluation, for the documentation and the implementation of retaliatory actions to balance and countermeasure severe risks.
The Expedeon Management Board assumes that every employee is interested in keeping away risks of the company and held everybody responsible in doing so. The risk owners are responsible for the collection the input of the employees as well as for a thorough evaluation of the risks. They are free in their decision to settle the best ways for gathering and evaluation. The process has to be documented. The documented risks have to be announced to the Management Board.