GRI 102-15, 103-2, 103-3
We consider it essential for our businesses to identify, assess and mitigate the risks raised in our surveys. Since 2016, we have followed the Enterprise Risk Management (ERM) Policy, which addresses the main risks in all corporate areas and operating units and equally is applied to subsidiaries and controlled companies.
We divided risks into four major topics: compliance; business risks (operational and strategic, including socio-environmental aspects, and project risk); internal controls; and financial risks. The risk matrix is reviewed annually to ensure it is always aligned with our strategic plans.
For risks considered critical and high, we draw up action plans with deadlines established for completion. Our risk monitoring actions involve, in addition to the area directly responsible for the topic, the Risks, Internal Controls and Compliance team, the Financial Executive Officer’s office, the Board of Directors and the Audit Committee. For risks under this classification, monitoring is conducted opportunely by the areas involved. The details of the risks we manage can be found in the 20-F form, submitted to the New York Stock Exchange and accessed at ir.nexaresources.com/regulatory-filings.
Business risk management model6
6 Model executed in 2019. However, during the year the review of the risk management policy and manual was initiated.
In 2019, we made progress in identifying operational risks and exposure to the market, as well as improving our internal control system, by simplifying the number of controls, which were reduced by almost half while maintaining the same effectiveness. We also train employees in the identification of risks, through visits by our risk management team to the units, educational lectures and the appointment of those responsible for each risk.
We publish an updated Risk Management Report three times a year, which outlines the main factors mapped in the operating units and corporate areas and the respective actions that are underway to mitigate them. Thus, we were able to give the Board and investors a broader view of all the initiatives and teams involved in the management of risks related to the business.
In 2019, we conducted training on the BWise tool for all our employees and migrated risk management information to the new platform. As of 2020, the risk assessment process will be carried out through BWise, in order to gain efficiency in our risk assessment and monitoring process.