No categories assigned

4. Risk management

According to the ISO 31000 standard, risk management is a management task in which the risks of an organization are identified, analyzed and evaluated. A risk management system is an instrument for the early identification of risks with a significant influence on the company's net assets, financial position and results of operations with the aim of enabling suitable countermeasures to be taken in good time by informing the decision-makers.


The purpose of this Directive is to systematise internal controls within the framework of a risk management system.

This Directive applies to all sectors and disciplines.


As an integral part of the planning and controlling process, the risk management system (RMS) is assigned to the management.

As the central steering body of the RMS, a working group is to be set up in which the most important corporate divisions are represented.

Risk categories

Category Information obligation Supervision
Strategic risks

Risks threatening the continued existence of the company

Immediate information of
  • the upper management
  • the shareholder
Regular reporting to shareholders
Operating risks

Major risks

Immediate information of the upper management Monitoring by the upper management
Detailed risks Regular information of the management Monitoring by the responsible division managers