Integrated governance, risk and compliance model
Risk management within the BLG Group is based on an integrated governance, risk and compliance model, which facilitates responsible management of risks and opportunities.
First line of defense: operational management
Operational management of the individual business areas and central departments forms the front line of defense.
They manage and are responsible for their processes, while identifying and assessing risks locally at the level of the operating companies. Countermeasures are rolled out promptly and the residual potential impact is assessed. Material risks are reported in the risk management system on the basis of the published internal risk management guideline. The outcomes are continuously incorporated into risk reporting, thereby also providing the Board of Management with an overall picture of the current risk situation over the course of the year through the documented reporting lines.
Second line of defense: central risk management system, compliance management system, internal control system
Central risk management is closely integrated with the two other governance control systems: the compliance management system and the internal control system. All three systems are designed to support and systemically monitor operational management. These three core governance control systems provide the organizational framework and control the implementation of the framework guidelines in the operational processes, thereby ensuring compliance with laws and the company’s internal corporate standards and rules. In consideration of the findings from the other two control systems – the compliance management system and the internal control system – central Risk Management draws up the central risk map and acts as an important node for passing on relevant information to the Internal Audit department as well as for preparation of the annual financial statements. In order to meet the increasing regulatory requirements, BLG LOGISTICS continuously monitors these aspects and systematically develops the processes in the second line of defense.
Third line of defense: audit by the Internal Audit department
The Internal Audit department provides support with overseeing the various divisions and business units within the Group on behalf of the Board of Management. It regularly reviews the early risk identification system and the structure and implementation of risk management as part of its independent audit activities. Internal Audit also carries out independent process audits. In these process audits, Internal Audit also reviews elements and controls of the ICS.
Fourth line of defense: audit by the independent auditor
The risk management system and the ICS are assessed with regard to the accounting process by the independent auditor within the scope of the audit of the annual financial statements.