Annual report and accounts 2016
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
190<br />
Spanish corporate governance <strong>report</strong> continued<br />
E. RISK CONTROL AND MANAGEMENT SYSTEMS<br />
E.1 Describe the company’s risk management system, including tax risks.<br />
The Group has an Enterprise Risk Management Policy approved by the IAG Board of Directors. This Policy establishes a<br />
common framework within the Group to manage <strong>and</strong> control the financial <strong>and</strong> non-financial risks the Group is exposed to,<br />
establishing the risk level that is considered acceptable.<br />
The IAG Board has ultimate responsibility for risk management <strong>and</strong> internal control, including the determination of the nature<br />
<strong>and</strong> extent of the principal risks it is willing to take to achieve its strategic objectives.<br />
The Audit <strong>and</strong> Compliance Committee reviews all enterprise risk management matters on behalf of the Board. This includes a<br />
six monthly IAG risk map review containing a robust assessment of the principal risks facing the Group <strong>and</strong> how these risks are<br />
managed or mitigated to reduce their incidence or their impact. The Audit <strong>and</strong> Compliance Committee also carries out deep<br />
dives on selected risks as <strong>and</strong> when requested. During such reviews the requirement for any changes to the Board’s risk<br />
appetite is considered. The Audit <strong>and</strong> Compliance Committee also monitors <strong>and</strong> reviews the risk management framework,<br />
satisfying itself that it is functioning effectively <strong>and</strong> that corrective action is being taken where necessary.<br />
Within this common framework, Enterprise Risk Management is led by the Management Committee of IAG supported by the<br />
Aer Lingus, Avios, British Airways, IAG Cargo, Iberia <strong>and</strong> Vueling Management Committees.<br />
Enterprise risk management<br />
There is a comprehensive risk management process <strong>and</strong> methodology ensuring a robust assessment of the principal risks facing<br />
the Group. All the operating companies have well established enterprise risk management systems that ensure that:<br />
a. Each risk is owned by a Senior Manager who is ultimately responsible for its management;<br />
b. All operating companies’ risks are discussed with the IAG risk management team.<br />
c. A central record is kept of all risks, their owners <strong>and</strong> mitigating actions in all of the operating companies.<br />
d. A risk map representing the likelihood <strong>and</strong> potential impact of each risk is reviewed at least every six months by the<br />
respective management committees;<br />
e. There are defined procedures for updating risks <strong>and</strong> the mitigating actions in place to manage those risks; <strong>and</strong><br />
f. There is active participation from both the Senior Managers managing the risks <strong>and</strong> the management committees.<br />
Risks are classified by their source in:<br />
a. Strategic: risks arising from the competitive <strong>and</strong> regulatory environment, major projects <strong>and</strong> strategic decisions;<br />
b. Business <strong>and</strong> operational: risks encompassing emergencies, information technology operations, major project<br />
implementation <strong>and</strong> airline operations;<br />
c. Financial: risks including liquidity <strong>and</strong> financing;<br />
d. Compliance <strong>and</strong> regulatory: risks associated with compliance with laws <strong>and</strong> regulation.<br />
Enterprise risk management in the Company<br />
At the Group level, material risks from the airlines, together with Group wide risks, are maintained in a Group risk map.<br />
The IAG Management Committee reviews the Group risk map twice a year in advance of reviews by the Audit <strong>and</strong> Compliance<br />
Committee. The IAG Board also discusses risks at a number of meetings, including a specific annual review of the Group’s risk<br />
map <strong>and</strong> risk appetite as well as in the context of discussions around strategy <strong>and</strong> the business plan.<br />
Tax risk<br />
Tax risk is explicitly included within the Group’s Enterprise Risk Management Policy. Tax risk is owned by the IAG Head of Tax<br />
<strong>and</strong> is <strong>report</strong>ed, as part of the overall risk review, to the IAG Management Committee <strong>and</strong> Audit <strong>and</strong> Compliance Committee<br />
twice a year. Tax risk is mitigated by an IAG Tax Policy which considers engagement between the tax department <strong>and</strong> the<br />
business; compliance with tax obligations; tax planning; reputation; <strong>and</strong> transparency.<br />
INTERNATIONAL AIRLINES GROUP<br />
<strong>Annual</strong> Report <strong>and</strong> Accounts <strong>2016</strong>