Risk management

The Leonardo risk governance, in line with the Corporate Governance Code adopted by Listed companies, the Organization, Management and Control Model as per Leg. Decree 231/01 and the Leonardo’s Anti-Corruption Code, as well as in line with national and international standards and best practices, provides that:

  • Board of Directors oversees internal control and risk management system and defines its guidelines so that the main risks are correctly identified, assessed, managed and monitored in an adequate manner, and the nature and level of risk (Risk Appetite) are determined and consistent with the strategic objectives and the sustainability of the business over the long-term period,
  • Control bodies (Control and Risks Committee, Board of Statutory Auditors, Surveillance Body) have access to information and an adequate overview over risk management control systems, consistently with their monitoring responsibilities,
  • Second tier functions define processes, procedures and methodologies so that company activities be deal with a “risk based” approach,
  • Business units, technical and support functions identify, evaluate and, taking into account the relevant Risk Appetite, treat enterprise and project risks, with reference to defined objectives and managed processes, giving adequate information to higher reporting levels,
  • Internal Audit systematically acquires the results of the activities of risks assessment and monitoring, to perform the related evaluations so as to plan the control activities under their responsibilities
    responsibilities.


In the Leonardo organizational model, the Risk Management unit, in close collaboration with the Corporate and Division structures, ensures the dissemination of methodologies, metrics and tools for the correct analysis and management of risks, with the aim to guarantee the creation and protection of the value of projects and to preserve over time the business value, the business operations and the interests of the stakeholders.

The operational management of risks in Leonardo:

  • involves continuously the whole organization in the areas of enterprise risks and project risks,
  • is supported by the Enterprise Risk Management (ERM) and Project Risk Management (PRM) processes,
  • is structured in the phases of Identification, Evaluation, Treatment and Monitoring of risks and related response plans.

For the management of enterprise and project risks, Leonardo uses TERRA (Tool for Evaluating Risks and Response Actions), a proprietary IT tool that supports the process implementation, including Reporting, allows the involvement of all internal stakeholders and guarantees the archiving of risks historical information.