Sustainability Report
Change font size
Chapter list


2 minute read
Risk Management Model



We believe that integrated and proactive risk management is essential for delivering safe and sustainable results. Our Business Risk Management Policy has as its fundamental principles respect for life in all its diversity, acting ethically and in compliance with legal and regulatory requirements, as well as full alignment and coherence with our strategic plan. Risk management is integrated with the guidelines for risk response actions that consider the possible impacts on our stakeholders and aimed at adding and maintaining value for shareholders and business continuity.


Our risk management process is coordinated by a corporate risk management area, responsible for defining a methodology based on an integrated and systemic vision, allowing for the standardization and uniformity of our analyses and the management of risk responsibilities, which are structured in accordance with the three-lines model. In this model, each group of managers that make up the lines plays a distinct role in the governance structure. This presupposes a set of continuous and integrated activities, supported by a structure that comprises, in practice, the Board of Directors, the Executive Board, members of the general structure and all employees, service providers, and other involved parties.


The identification, assessment and treatment of risks are carried out by the organizational units, in conjunction with the Risk Management Executive Department. Strategic risks, prioritized according to their relevance to meeting the company's strategic goals, are reported quarterly to the Executive Risk Committee (CE-Riscos), the Executive Board, the Statutory Audit Committee (CAE) and the Board of Directors (BoD) and high and very high severity risks are reported monthly to the CAE. The effectiveness of the risk management process is assessed by the Internal Auditors, a body directly subordinated to the Board of Directors.


Identification, assessment, and treatment of risks


The drafting of our Business Risk Matrix is coordinated by the corporate risk management area and involves all areas of our structure. In this process, employees with different expertises are involved so they can identify and report potential risks for our entire organization, considering any type of risks, including social, environmental, and economic risks. This process provides the identification of risks, their associated controls, their probability of occurrence and their impact assessment, in addition to propositions for the treatment thereof. The impact assessment considers four dimensions: Financial, Image/Reputation, Legal/Compliance, and Environmental/Life.

Read the chapter in its entirety
In this chapter