Process & Cadence

End-to-end risk management workflow, operating rhythm, and escalation model

ERM Foundation: Three Lines of Defense

Based on the IIA 2020 Three Lines Model and COSO ERM 2017 Framework — applied to HARMAN Automotive

1st Line

Operations

Own and manage daily risks. Implement controls. Identify early warning signals.

Program Managers
Sales / Commercial
Engineering Leads
Supply Chain Owners
Quality Managers

2nd Line

Risk Management Lead

Oversees, frames, and challenges the 1st line. Central intelligence engine.

Risk Identification & Aggregation
KRI Monitoring & Alerts
HD Lifecycle Management
Mitigation Oversight
Executive Reporting

3rd Line

Internal Assurance

Independent assurance on governance effectiveness and control adequacy.

Finance Audit
Compliance Review
Program Gate Reviews
Amplify Data Integrity
SLT Risk Validation

End-to-End Risk Workflow

Signal Detection

Risks are identified through KRI threshold breaches, cross-functional inputs from Program Managers, Sales, Engineering, and Supply Chain, or external market triggers such as tariff announcements or supplier downgrades.

KRI threshold breach

Cross-functional input

External market event

Customer escalation

Risk Intake

All identified risks are entered into Amplify using a standardized intake template. This ensures consistency in how risks are described, categorized, and assigned before assessment begins.

Standardized template

Amplify risk entry

Owner pre-assigned

Initial category tagging

Assess & Rate

Each risk passes through the 4-C Quality Gate (Clarity, Completeness, Currency, Credibility) and is rated using the Probability × Impact matrix. Only risks that pass the quality gate proceed to mitigation.

4-C Quality Gate

P×I Matrix rating

Financial quantification

Cross-functional review

Mitigate & Assign

A named owner is assigned with a defined milestone and deadline. The risk enters the HD lifecycle (HD1 → HD5). Mitigation options are developed, aligned internally, and then presented to the customer for agreement.

Named owner assigned

HD lifecycle entry

Milestone defined

Customer alignment plan

Report & Close

Mitigation effectiveness is tracked via the Executive Dashboard. The risk is closed only when financial realization is confirmed (HD5). Lessons learned are documented to strengthen the baseline risk driver library.

Executive Dashboard update

Financial realization confirmed

HD5 closure

Lessons learned captured

Operating Cadence

WEEKLY

KRI Dashboard Review

Monitor all 8 KRIs against thresholds; flag any new breaches for immediate escalation.

New Risk Identification

Cross-functional inputs reviewed; new risks entered into Amplify within 24 hours.

HD Status Update

All HD1/HD2 risks reviewed for progress; owners confirm milestone status.

Escalation Triage

Any KRI breach or stalled risk escalated to Risk Management Lead for action.

MONTHLY

Cross-Functional Risk Review

All functional leads review active risk register; new risks surfaced and rated.

Mitigation Effectiveness

HD2/HD3 risks assessed: are mitigation actions working? Adjust if not.

Financial Impact Tracking

Finance validates financial exposure estimates; P&L impact updated.

Customer Alignment Check

Status of customer-facing mitigation discussions reviewed across all regions.

QUARTERLY

SLT Executive Risk Report

Full risk landscape presented to Senior Leadership Team with mitigation status.

Risk Appetite Review

Risk appetite thresholds reviewed against business performance and market conditions.

Strategic Risk Assessment

Emerging risks (12-month horizon) assessed; baseline risk driver library updated.

HD5 Realization Audit

All HD5 closures audited to confirm financial realization was actually captured.

Escalation Ladder

Escalation is triggered automatically when KRI thresholds are breached or when a risk remains in HD1/HD2 beyond defined SLA windows (10 business days).

1st LineL1

Program / Functional Team

Trigger

Risk identified within normal operations

Action

Enter in Amplify; assign owner; begin HD1 assessment

2nd LineL2

Risk Management Lead

Trigger

KRI threshold breached OR risk stalled in HD1/HD2 > 10 days

Action

Aggregate, rate, drive mitigation; brief VP if high/critical

ExecutiveL3

VP Customer Excellence

Trigger

High or Critical risk; customer escalation; financial exposure > $1M

Action

Strategic decision; OEM executive engagement; resource allocation

EnterpriseL4

SLT / ALT

Trigger

Critical risk with enterprise-wide impact; exposure > $3M

Action

Enterprise-level response; strategic risk appetite adjustment

Technology Enablers

Amplify

Risk Register & HD Lifecycle Tracking

Signal Monitor

AI-Powered External Signal Detection

KRI Dashboard

Real-Time Threshold Monitoring & Alerts

Executive Report

Weekly/Monthly PDF for SLT & VP