Regular GRC Process
The regular GRC process covers the assessment, documentation and management of the main systemic risks which are inherent in the respective business model and may occur recurrently. The process aims at providing an overall picture about the potential risk situation as well as the effectiveness of the risk management and internal control system to the management.
Roles and responsibilities
As part of the regular GRC process the employees responsible for risks, usually heads of divisions or departments, record the relevant systemic risks for the entities in scope. Risks from potential compliance violations are integrated in this process just as strategic, business, and reporting risks. Subsequently, existing measures for the management of risks as well as controls on management level are documented and tested on their effectiveness by those employees responsible for tests. The main systemic risks, the corresponding measures, and the results of the tests of effectiveness are reported in the relevant bodies of MAN SE and its subgroups. In case the regular process uncovers any weaknesses, appropriate measures for their settlement will be implemented and monitored.