The Airbus Group is one of the world’s leading international aeronautical, space and defense industry companies. The organization has a holding group governance structure based on four divisions: Airbus, Astrium, Cassidian and Eurocopter. Airbus Group is a multi-national and multi-cultural company which relies on a unique community of passionate people united under a common entity, driven by innovation and pride in its world-class products.
“It is fair to say that following the rollout of Active Risk Manager, Airbus Group risk management will be supported by an easy to use risk management tool to help it reach a new and higher level of flexibility, transparency and efficiency throughout the whole Airbus Group.”
The Challenge before Active Risk Manager
The Airbus Group was formed from a number of existing European companies all with a different approach to risk management. This resulted in numerous risk silos each with its own ecosystem, language and practices. This fragmented view of risk led to duplication of work especially when a group-wide view of risk was required.
Therefore in 2008, Airbus Group management introduced a mission for true enterprise risk management (ERM) to address:
- The need for higher risk consciousness, meaning that risk and opportunity management should be a part of the corporate culture and understood as everyone’s task
- The need for a common language for risk to save time and confusion
- The ability to overcome isolated risk pictures – to get a full view of risks in multiple programes, functions and processes to provide an aggregated group view of risk
- The need to have common objectives and understand the impact of potential risks on those objectives
The Solution with Active Risk Manager
One pillar to reach these goals was the decision to use a group wide IT tool to support the Enterprise Risk Management approach within Airbus Group. As a result Airbus Group selected Active Risk Manager (ARM) from Sword GRC to help consolidate and integrate enterprise risk management across the group, to present a meaningful view of risk and to assist management decision making.
Following a pilot phase, in 2010 ARM 5 provided the functionality and security The Airbus Group required to pull together risk management information across multiple networks and entities. Security was important to Airbus Group, because of its many government contracts in the military sector where certain principles have to be met.
Active Risk Manager is now the first group-wide standard software implementation with the same base configuration within Airbus Group. The solution achieves the objectives set out in the mission for enterprise risk management for integration both at a risk and company level.
Benefits from using Active Risk Manager:
- Active Risk Manager will support thousands of users on a daily basis which means it is a robust and well accepted system
- The aggregation and consolidation of data over many networks and server systems delivers an integrated risk management and reporting process
- A common risk language saves time and ensures accuracy of data
- The flexibility and security of Active Risk Manager supports the specific needs of customers especially those in the military sector
- ARM supports the COSO standard which was mandatory in a programe-driven company such as Airbus Group
- ARM enables compliance with the legal requirements of the Dutch corporate governance code (Airbus Group is registered in The Netherlands)
The Results from Using Active Risk Manager
The Airbus Group has built a strong risk management network based on Active Risk Manager. The Group has achieved greater transparency and as a result has reduced duplication and now benefits more from strong best practice and knowledge sharing. ARM provides a full view of risk in programes, functions and processes. Risk is aggregated to provide a meaningful picture to facilitate improved decision making, therefore maintaining business value while adding competitive advantage. ARM ensures that the corporate objectives set out in the mission for enterprise risk are being met for raised risk awareness, a common risk language and risk objectives and the ability to provide an accurate consolidated view of risk.