Internal Control and Risk Management Systems

Status: 2006 Registration Document

One of Management’s fundamental missions is to foster a positive Internal Control (“IC”) and Risk Management (“RM”) environment at EADS, in line with corporate governance requirements and best practices in the Netherlands, France, Germany and Spain. Having recognised that continuing changes in the multi-jurisdictional legal and regulatory provisions applicable to EADS required a strategic approach to IC and RM, EADS began to implement a group-wide IC and RM system at the beginning of 2004. This system is based on the Internal Control and Enterprise Risk Management Frameworks of the Committee of Sponsoring Organisations of the Treadway
Commission (“COSO”).

The IC and RM system provides Management with a framework for attempting to manage the uncertainty and associated risks inherent in EADS’ business. It serves as the basis for all sub-IC and sub-RM procedures present throughout EADS at the divisional and Business Unit (“BU”) levels.

No matter how well designed, IC and RM systems have inherent limitations, such as vulnerability to circumvention or management overrides of the controls in place. Consequently, no absolute assurance can be given that EADS’ IC and RM procedures are, despite all care and effort, entirely effective.

During 2006, EADS’ main objective with respect to its IC and RM system was to increase awareness of IC and RM principles at the divisional, BU and Headquarters (“HQ”) level. This included the rollout across several Divisions and BUs of standardised IC and RM training covering basic and refresher concepts. In addition, process coordinators benefited from individual coaching sessions and workshops relating to the performance of yearly IC procedures. Working groups were also established throughout 2006 in order to enhance crossdepartmental and cross-organisational knowledge exchange.

During the second half of 2006, most Divisions, BUs and HQ departments conducted a self-assessment of their IC systems to evaluate the design and operational effectiveness of internal controls. The results are currently in the process of being analysed. The independent review process launched in 2005 to substantiate the self-assessments and to assess the effectiveness of the IC and RM systems also continued during 2006.

Finally, following the purchase of BAE Systems’ 20% minority stake in Airbus in October 2006, the appointment of common chief executive officer (“CEO”) and chief financial officer (“CFO”) at EADS and Airbus and the production difficulties encountered with the A380 in 2006, EADS is currently reviewing the IC and RM system in place at Airbus in order to further align it with that of the group as a whole. Prior to BAE Systems’ divestment of its stake, Airbus operated an IC and RM system, customised to their specific business. As a wholly owned subsidiary, Airbus’ IC and RM system will be further integrated with that of the group over the long-term.

Building on the comprehensive IC and RM review and evaluation procedures carried out in 2006, EADS will assess the results over the course of 2007. As a result of the ongoing monitoring activities of the IC and RM systems’ effectiveness, further modifications to the IC and RM systems are expected throughout 2007.

Overall responsibility for the IC and RM system and the related reporting to stakeholders lies with the EADS Board of Directors (“BoD”). EADS’ CEOs and CFO are responsible for ensuring that the IC and RM system and related procedures are implemented throughout the Group. In addition, the Audit Committee oversees the group-wide functioning of the IC and RM system.

A general management principle at EADS is the delegation of entrepreneurial responsibility and powers to the operational units. This principle of subsidiarity entails a clear separation of responsibilities between EADS Headquarters and the Divisions or BUs. EADS Headquarters sets the overall strategic and operational targets for EADS and assumes the ultimate responsibility. The Divisions and BUs retain responsibility for all operational matters and activities within their scope, subject to audit.

Consequently, the responsibility for operating and monitoring the IC and RM system and for risk and IC reporting lies with the respective management of the Divisions, BUs and HQ departments. They must seek to ensure transparency and effectiveness of their local sub-IC and RM systems and the adherence to the objectives defined by the EADS BoD. The management of Divisions, BUs and HQ departments is responsible for the implementation of appropriate mitigation activities to reduce the probability and impact of risk exposures and for the communication of risks which affect others within EADS.

In principle, risk and IC management as well as ensuring overall effectiveness of the IC and RM system is the responsibility of all members of the staff. The Group seeks to integrate risk and IC management into all activities when conducting business transactions.

The core policies, procedures and thresholds that define EADS' IC and RM environment are communicated throughout the Group through:

External standards influencing the EADS IC and RM system include the IC and Enterprise Risk Management (ERM) Frameworks of COSO, as well as industry-specific standards as defined by the International Standards Organisation (ISO).

European Aeronautic Defence and Space Company EADS N.V.
Le Carré · Beechavenue 130-132 · 1119 PR Schiphol Rijk · The Netherlands

EADS Deutschland GmbH · 81663 Munich · Germany
EADS France S.A.S. · 37, boulevard de Montmorency · 75781 Paris Cedex 16 · France
EADS CASA · Ava. de Aragón, 404, 28022 Madrid · Spain