###### THE AIRPORT COMPANY
GOVERNANCE STRUCTURE
###### The corporate governance framework established in AIA is
regulated by and construed in accordance with the provisions
###### of the Airport Company's constitutional documents, i.e.
the Articles of Association, the provisions of the ADA and
Law 2338/1995 – Government Gazette A' 202/14.9.1995,
as amended by Law 4594/2019 – Government Gazette A'
29/19.2.2019. This framework includes a number of specific
###### processes and procedures, aiming to forge a robust
governance structure and approach, which is in line with the
###### provisions of Law 4548/2018 as in force, together with the
OECD Principles of Corporate Governance.
###### The General Meeting of the Shareholders is the supreme
body of the Company and decides on corporate matters,
The Airport Company incorporates stakeholder feedback into
###### its business operations, allowing trends to be identified in
good time, external knowledge to be leveraged and potential
conflicts to be defused.
TOOLS
- Membership in professional networks (Industry Affairs and
Sustainability)
- Participation in the "Airports for Innovation" ideas platform
###### along with Aeroporti di Roma, AENA, Nice Côte d' Azur,
Dallas Airport
- Key figures sharing via webtools (i.e. official website, AIA
social media accounts)
###### • Target process: "Operational Audits and Consultation
Engagements", "Concession Audits", "Sponsorships
& Donations", "Direct Marketing/Sales Promotion &
CRM", "Passenger Comments", "Airport Stakeholder
Information Provision", "Market Surveys", "Communications
###### Management", "Media Relations", "Publicity Management",
"Media Information Management", "Risk Management",
"Corporate Controls", "Contract Performance Monitoring",
"Crisis Planning & Management", "PRM Assistance Services",
###### "Airport Information Services", "Third Party Interfaces",
"Single Focal Points (Concessionaires / AIA)" among others.
submitted to it by the Board of Directors, with regard to any
amendment(s) of the Articles of Association, the election of the
Board of Directors, the approval or modification of the annual
financial statements prepared by the Board of Directors and
the distribution of the Company's net profits, the release of the
Board of Directors and of the auditors from any responsibility
###### during the previous corporate fiscal year, the approval of
the report of the auditors on the audits performed on the
Company's books and accounts, the issuance of bond loans,
###### the appointment of liquidators in the event of dissolution of
the Company, the taking of court actions against members
of the Board of Directors or the auditors for breach of their
duties and any other corporate matter in accordance with the
###### Company's Articles of Association and the Law 4548/2018
as in force.
--NEW-PAGE--
###### Board Committees
**Audit Committee:**
K. Kollias (Chairman)
S. Erler (Member)
P. Tampourlos (Member)
###### Chief Officers
**Finance Committee:**
S. Erler (Chairman)
R. Lambiris (Member)
R. Goebbels (Member)
E.P. Poungias (Member)
C. Sinaniotou (Member)
###### Dr. Ioannis N. Paraschis
CHIEF EXECUTIVE
OFFICER
###### Mr. Alexandros M. Aravanis
CHIEF OPERATIONS
OFFICER
###### Mr. George A. Kallimasias
CHIEF STRATEGY
OFFICER
**Personnel Committee:**
R. Goebbels (Chairman)
R. Lambiris (Member)
E.P. Poungias (Member)
###### Mr. George P. Eleftherakos
CHIEF DEVELOPMENT
OFFICER
###### Mr. Panagiotis K. Michalarogiannis
CHIEF FINANCE &
ADMINISTRATION OFFICER
**Investment Committee:**
E.P. Poungias (Chairman)
R. Lambiris (Member)
D. Diakopoulos (Member)
S. Erler (Member)
--NEW-PAGE--
###### AIA Organisational Structure
ATHENS INTERNATIONAL AIRPORT
ELEFTHERIOS VENIZELOS
**Board**
**of Directors**
Airport Commu-
Planning nications &
Marketing
External
Business Legal
Internal
Develop- Affairs
Audit
ment
**Chief** **Chief**
Corporate Data
& Strategic **Strategy** **Executive** Protection&
Projects **Officer (CSO)** **Officer (CEO)** Compliance
G. Kallimasias Dr I. N. Paraschis
Corporate
Sustainability Control
Strategic
Planning &
Reporting
**Chief**
**Chief** **Chief**
**Finance &**
**Operations** **Development** **Administration** Corporate
**Officer (COO)** **Officer (CDO)** Security
**Officer (CFO)**
A. Aravanis G. Eleftherakos
P. Michalarogiannis
Security
Operations
Environmental
Services
Informa-
tion Technol- Human
Aviation ogy & Telecom- Corporate Resources
Business munications Finance Administra-
Unit Business Unit tion
Unit
Business
Control
Technical
Services
Energy
& Asset
Management
Consumers Property
Business Business
Unit Unit
Business
Control
--NEW-PAGE--
OUR APPROACH TO RISK MANAGEMENT
###### Risk Management at AIA is an integral part of the decision
making process which supports all arrangements made to
protect the Airport's value, improve its operational performance
and secure the achievement of its financial objectives. For this
###### purpose, an enterprise risk management system has been
established which is embedded in all principal Airport processes
and services across the airport business to provide oversight
###### and governance of the associated risks. Thus, risk-taking is
based on a careful assessment of all challenges currently faced
while upcoming and emerging risks are carefully monitored.
###### The ever-changing environment we operate in, further
transformed by the recent pandemic, has proven how such
a risk management approach should continually evolve and
be even more strongly embedded in the organisation.
The risk management system established at AIA comprises
of three distinct risk portfolios as follows:
###### • The Corporate Risk Portfolio which aims at identifying
all significant challenges faced by the Airport which are
duly addressed by senior management and reported to
the Board of Directors
- The Airport Emergency Plan (AEP) which sets out the plan
to provide a timely, measured and coordinated response
to, and initial recovery from, a major incident or emergency
at the Airport, and
###### • The Business Continuity Programme (BCP), which
encompasses continuity plans for the entire universe of
Airport systems, services, and elements of infrastructure
###### which have been assessed as critical to the Airport's
operation.
###### AIA Objectives
AIA applies Enterprise Risk Management (ERM) practices and
implements internal organisational arrangements as follows:
- The Internal Audit department with a mission to enhance
and protect organisational value by providing risk-based
and objective assurance, advice and insight.
- The Statutory Auditor, within the framework to audit the
Airport's annual statutory financial statements and, among
other procedures, to obtain an understanding of internal
controls.
###### • The Finance function implements an integrated and
coordinated approach to financial risks and financial
reporting.
###### • Operational managers who design, implement and
supervise the execution of procedures that serve controls.
###### • The Corporate Control department, assigned with Risk
Management responsibilities, provides management
with assistance in developing processes and controls
to manage risks and monitors the timely remediation of
potential deficiencies. The role is also responsible for
operational business continuity planning.
Corporate Risks are identified at the executive level ensuring a
comprehensive top-down approach to risk identification. The
aim of this perspective is to identify those issues which are
likely to 'materially' affect the company's ability to deliver on
its overarching objectives. These objectives are set out below:
- High-level airport services;
- Operational excellence;
- Cost-effectiveness;
- Achievement of viable returns for shareholders; and
- Socially responsible airport operator.
**High-level**
**airport services**
**Operational**
**excellence**
###### AIA OBJECTIVES
**Socially responsible**
**airport operator**
**Cost-effectiveness**
**Viable**
**shareholder returns**
--NEW-PAGE--
The quantitative assessment of the risks identified takes into
consideration the potential consequence these may have on
###### the economics, legal, operations and/or reputation of the
Airport and are rated according to the likelihood, duration
of the damage and imminency of occurrence by which the
risk may impact the Airport. Risks identified are distinguished
into industry risks and airport-specific risks. Such depiction
allows management and shareholder efforts to be directed at
these issues and thus make decisions on an informed basis.
The Management devises a plan of carefully drawn actions
for each of these challenges which minimise the impact to
the maximum possible extent.
Athens Airport, as a certified aerodrome, is required to have
an Airport Emergency Plan (AEP) which outlines management
###### arrangements in the event of an emergency (by way of
example, these may include aircraft accident, hijacking,
fire, terrorist attack, etc.) with respect to the governance,
coordination, roles and responsibilities of State Agencies
and communication with stakeholders. Such a Plan is
compliant with the requirements of the International Civil
Aviation Authority (ICAO) and the European Aviation Safety
###### Agency (EASA) (EU Regulation 139/2014, ADR.OPS.B.005,
"Aerodrome Emergency Planning"). It is important to note
that the AEP (a) is revised/updated on a regular basis, and
###### (b) is subject to the approval of the Hellenic Civil Aviation
Authority (HCAA).
The universe of airport systems, services and elements of
###### infrastructure is subject to a thorough risk assessment in
order to establish the extent of their criticality for Airport
operations. This assessment subsequently facilitates
the level of risk-taking which should be sought in the
associated outsourcing arrangements. Systems and services
###### considered critical are conscientiously accompanied by
strict contingency arrangements and comprise the Airport's
Business Continuity Programme (BCP). This system secures
###### a balanced approach to risk management and a rational
expenditure.
###### Significant challenges are communicated to the Board of
Directors via:
###### • The monthly Meetings of the Board where significant
developments giving rise to some risks are discussed;
- Quarterly Audit Reports to the Audit Committee of BoD
###### • Legal Affairs Quarterly Reports (for issues with legal
implications).
REGULATORY COMPLIANCE
###### Given the regulatory diversity of airport business, AIA
Management continues to uphold emerging legal and
regulatory landscape and furthermore adopts generally
accepted contemporary business practices beyond the
minimum acceptable threshold of compliance.
###### Aerodrome operations, finance, energy and environment,
information technology, cyber security, fire & life safety and
construction, are some of AIA's key areas where consolidated
and harmonized compliance controls are in place, protecting
passengers, personnel, infrastructure, as well as the company
from legal liability.
During the consultation period for new or updated laws and
regulations, potential compliance risks and vulnerabilities are
identified, and new requirements are embedded in related
business areas. Compliance is a dynamic process performed
###### by synergies among the accountable departments. The
corporate roadmap with regards to compliance efforts and
subsequent results is regularly reported to the CEO and the
###### Audit Committee of the Board of Directors, as mentioned
above. In 2022, no fines or instances of non- compliance
were identified.
ISO CERTIFICATION COMPLIANCE
###### AIA acknowledges the value of operating management
systems, in compliance with standards, created by the
International Organization for Standardization (ISO),
as global best practice. Organizations that conform to
ISO requirements and attain validation by independent
certification bodies, enhance their efficiency, productivity,
stakeholder trust and customer satisfaction.
###### AIA is certified for the implementation of the Energy
Management System according to EN ISO 50001:2018, the
Environmental Services Department for the implementation
###### of the Environmental Management System according to
EN ISO 14001:2015 and the Information Technology &
Telecommunications Business Unit for implementation of the
Quality Management System and the Information Technology
###### Service Management System according to standards EN
ISO 9001:2015 and EN ISO 20000-1:2018.
###### As part of the 3-year certification process, AIA conducts
systematic ISO internal audits to assess the maturity of
compliance and the effectiveness of each management
system, prior to external recertification or surveillance
activities by the independent certification bodies. AIA's
assigned personnel is trained and competent to perform
the relevant tasks.
PROCESS MANAGEMENT
AIA's process management system includes a set of corporate
policies and procedures, associated with various operating
manuals and other technical documents. This documentation
is a valuable corporate asset that reflects corporate values,
commitments and guidelines to ensure compliance with laws
and regulations, consistency in day-to-day operations and
###### roles of accountable personnel, while providing guidance
for managing incidents and crisis situations.
--NEW-PAGE--
Furthermore, AIA issues recommendations and procedures
related to Airport operations rules and regulations, addressed
###### to entities operating within the Airport Community,
encouraging our business partners to abide by the Policy
commitments. The so-called Guidelines for our Stakeholders
present details of how Airport users should operate.
###### A business process management system (Document
Management System) runs through a centralized corporate
repository that ensures proper document authorization and
###### versioning. The process flow methodology is provided by
a dedicated software modelling suite. All documents are
categorized as per classification policy and are available on
the Corporate Intranet.
INFORMATION AVAILABILITY
The Airport Company regularly publishes several reports that
cover all aspects of its operations and performance. AIA has
also developed a reporting system, which not only supports
the Management in its strategic decision-making, but also
###### fosters effective communication within the Company and
with external parties. Publicly available information regarding
the Airport Company is available on the Company's website
[(www.aia.gr).](https://www.aia.gr/company-and-business/)
MONITORING
###### The Airport Company continuously monitors planned
actions to ensure they are carried out properly and
identify key exceptions that may require review and swift
management action. Scheduled periodic audits, performed
by both external auditors and the Company's Internal Audit
###### department, aim to further assure the adequacy of the
internal controls system. Enhanced IT solutions for data
compilation & analysis also facilitate continuous monitoring
with appropriate performance indicators. Steadily reinforcing
###### the role of its Business Units, AIA's Corporate Scorecard
measures performance against predefined targets on both
###### financial and non-financial metrics and parameters (e.g.
systems' performance, quality of services, the safety of
operations, environmental responsibility, personnel safety,
training).