Enterprise Risk Management System

Status: 2008 Registration Document

One of Management’s fundamental goals is to foster an effective Internal Control (“IC”) and Risk Management (“RM”) environment at EADS. In 2008, EADS began implementation of a new group-wide Enterprise Risk Management (“ERM”) system that further develops and builds upon the achievements of the previous IC and RM system. The new ERM system seeks to provide Management with an enhanced tool for effectively dealing with the uncertainty and associated risks inherent in EADS’ business and to track opportunities. At the same time, the ERM system seeks to ensure compliance with corporate governance requirements and best practices in the Netherlands, France, Germany and Spain with respect to IC and RM. EADS’ ERM system is based on the Internal Control and Enterprise Risk Management Frameworks of the Committee of Sponsoring Organisations of the Tread way Commission (COSO II).

The ERM system serves as the basis for all sub-ERM, sub-IC and sub-RM procedures present throughout EADS at the various organisational levels such as the divisions, business units and headquarters departments. It encompasses a hierarchical bottom-up and top-down reporting procedure to help ensure greater transparency of the risks and opportunities faced by the Group. The internal controls process consists of regularly up-dated documentation and assessment of the effectiveness of the individual controls for all applicable processes.

See “Risk Factors” for information on certain principal risks to which the Group is exposed.

No matter how well designed, all ERM systems have inherent limitations, such as vulnerability to circumvention or management overrides of the controls in place. Consequently, no assurance can be given that EADS’ ERM system and procedures are or will be, despite all care and effort, entirely effective.

During 2008, EADS sought primarily to apply the newly developed ERM approach to IC and RM, seeking to combine the two subjects into a more effective management tool. Building on the comprehensive ERM review and evaluation procedures carried out in 2008, EADS will assess the results over the course of 2009.

Moreover, reviews of the ERM systems were performed by internal audit to substantiate the self-assessment during 2008. As a result of the ongoing monitoring activities of the ERM system’s effectiveness, further modifications to the ERM system and integration efforts are expected throughout 2009.

As the new ERM system (and relevant aspects referred to in the Dutch Code) is currently being implemented throughout the Group, the Board of Directors has not yet made a declaration on the adequacy and effectiveness of the Group’s IC and RM systems (whereas provision II.1.4 of the Dutch Code recommends that such a declaration be made).

Further, under the Revised Code which will become applicable in respect of financial years starting on or after 1 January 2009, the recommendation that a declaration be made on the adequacy and effectiveness of the IC and RM system will be replaced by a statement that the IC and RM system provides reasonable assurance that the financial reporting does not contain any errors of material importance and that the risk management and control systems worked properly in the year under review. Based on the progress of the implementation of EADS’ ERM system during the financial year 2009, the Board of Directors will assess whether such a statement can be made or explain why such statement cannot be made in the board report for the 2009 financial year.

The core policy, objectives and procedures that define EADS’ ERM system are communicated throughout the Group in a manual referred to as the “EADS ERM Policy”, which sets forth:

The EADS ERM Policy constitutes the framework for all existing IC and RM guidance and practice throughout EADS. The EADS ERM Policy is applicable throughout EADS to all divisions, business units and headquarters’ departments. Joint ventures may also operate separate ERM systems, though the fundamental principles of the EADS ERM Policy generally apply.

The “EADS ERM Policy” is supplemented by:

External standards influencing the EADS ERM System include the IC and ERM frameworks of COSO, as well as industry-specific standards as defined by the International Standards Organisation (ISO).

For further information relating to financial market risks and the ways in which EADS attempts to manage these risks, see “Notes to Consolidated Financial Statements (IFRS) — Note 35A: Information about Financial Instruments — Financial risk management”.

Responsibility for the ERM system is as follows:

The ERM system is designed to provide reasonable assurance to the Board of Directors, the Chief Executive Officer and the Chief Financial Officer regarding the achievement of the following objectives:

To enhance its effectiveness and operational reliability as well as to satisfy compliance requirements, certain mandatory procedures exist:

ERM at EADS seeks to cover all types of risk such as operational, functional (e.g. strategic, compliance, reputational risks) and process risks, both quantifiable and unquantifiable, potentially affecting EADS short-, middle- and long-term as well as opportunities.

The recurring Risk and Opportunity Management procedures comprise several components:

The detailed processes and associated procedures will vary according to the size and nature of the programme/project or function, but the principles apply in any case. Local tailoring may be performed according to the internal business constraints and/or customer specific requirements.

EADS has established formal ERM self-assessment mechanisms, to be applied by each identified process/control owner on a regular basis, who must assess his operational and functional risks as well as the operating and design effectiveness of the internal controls in place for his process. The progress is monitored by the respective division, business unit and headquarters department and reported to EADS headquarters. To verify the successful implementation of the remediation actions, the remedied controls are periodically re-assessed. The relevant risks are subject to a management discussion process at the Group level. Each year, corporate audit provides an independent review of the status of the ERM systems in selected divisions, business units and headquarters departments.

Based on the ERM self-assessments, management of each division, business unit and headquarters department prepares a formal representation letter as to the adequacy and effectiveness of the ERM systems within their scope of responsibility. Joint ventures, such as MBDA, operate separate IC and RM systems. Alignment with the EADS ERM system is facilitated, inter alia, through EADS’ presence on such affiliates’ supervisory and management bodies (e.g., Board of Directors, Audit Committees).

In addition to regular monitoring activities at the divisional, business unit and headquarters levels, assessments about the adequacy and effectiveness of the ERM system are discussed between the Chief Executive Officer and Chief Financial Officer and the respective division, business unit or headquarters department heads. These discussions serve to prioritise potential issues at the EADS level, define and implement appropriate actions, if needed, and derive conclusions for the overall EADS ERM report.

Every year, identified significant deficiencies and material weaknesses are reported in sub-representation letters. The sign-off process requires the Chief Executive Officer and Chief Financial Officer confirm to the Board of Directors, to the best of their knowledge, whether:

The Chief Executive Officer and Chief Financial Officer’s ERM statement is mainly based on the self-assessments, reviews (including internal audits) and management discussions described above, and is substantiated by sub-representation letters provided to the Chief Executive Officer and Chief Financial Officer by all divisional and business unit management.

European Aeronautic Defence and Space Company EADS N.V.
Mendelweg 30 · 2333 CS Leiden · The Netherlands

EADS Deutschland GmbH · 81663 Munich · Germany
EADS France S.A.S. · 37, boulevard de Montmorency · 75781 Paris Cedex 16 · France
EADS CASA · Ava. de Aragón, 404, 28022 Madrid · Spain