Risks are all events that may cause a delay or failure to achieve business objectives.
In the organizational model of A.ST.I.M. Srl, some macro-categories of risks have been identified to be particularly considered:
- STRATEGIC: are the risks related to the reference market and its changes;
- FINANCIAL: are related to investments made, to exchange rate fluctuations, to the change in demand;
- OPERATIONAL: they are linked to the main processes of the organization (customer acquisition, design and development, production/delivery of services, supply management, etc.);
- TECHNOLOGICAL: these are all the risks that can be traced back to technology, its obsolescence and its evolution;
- COMPLIANCE: this category includes all risks related to failure to comply with internal company regulations as well as legal regulations (from Occupational Safety to environmental regulations, from tax obligations to contributions, until compliance with specific sector or product regulations);
- SECURITY AND PROTECTION OF ASSETS: are the risks related to the maintenance of corporate assets, in all its forms, movable and real estate;
- HUMAN RESOURCES: this category includes all the risks that are attributable to the organization of people in the company, such as delegation of powers, assignment of responsibilities and activities, career paths, age in the company, in an expression the risks related to the management of human resources.
Because of the obvious importance that these risks can have for growth, the business organization cannot ignore a correct approach to the Risk Management Process.
The purpose of the business procedures adopted is therefore to define the rules and procedures for the Risk Management and the implementation of the Opportunities of the Business Processes of the company, ensuring the dissemination of methodologies, metrics and tools for the correct analysis and management of risks, with the aim of ensuring the creation and protection of the value of projects and preserving over time the business value, operations and interests of stakeholders.
Audit: Based on business processes, context and stakeholders, the risk and opportunity assessment is carried out periodically through the following actions:
- Determination of internal and external risks
- Verification of the applicability of individual risks within the process under analysis.
- Risk classification.
Based on the evaluations carried out, the actions to be implemented, the times, the managers are defined and the necessary resources are made available to achieve the goal with the aim of minimizing risk and implementing opportunities for improvement.