(103-1) Enterprise Risk Management is intended to support decision-making in the organization from the establishment of a process that enables identification, measurement, treatment and monitoring of those situations that could affect the achievement of goals, so as to reduce uncertainty, be proactive, maintain a sustainable organization over time, create and protect the generation of value and preserve the image of the organization vis-à-vis its stakeholders.
(103-1) Grupo Argos, as an investment matrix, is exposed to its results being impacted by the risks of its affiliates. For this reason, the Enterprise Risk Management. Risk Management System (ERMS) establishes the methodology and guidelines for the management of its own risks and the strategic risks of affiliates, ensuring the unity of judgment and a common process for management in order to allow the analysis of the risks as a conglomerate through consolidation in the Corporate Risk Map.
For more information about the impacts and mitigation plans of strategic and emerging risks, see Data Enhancement.
(103-2) The corporate risk management policy establishes the elements and the overall framework of action for Enterprise Risk Management of any nature that the Business Group faces.
(103-2) In 2016 the policy was supplemented with the incorporation of governance in risk management, where the organizational structure is set with instances, roles and responsibilities that help ensure the proper functioning of ERMS and follow international best practices related to this matter. The responsibility of the Boards and Senior Management of each company on its ERMS and its responsibility for the monitoring of the implementation with consolidated view is noted.
In addition, a corporate methodology for strategic risk management was developed, which considered international standards, primarily ISO 31000 and COSO.
(103-2) Methodological application and the adoption of actions for the management of identified risks is assured through the defined governance.
- Ensure the adoption and proper implementation of a ERMS.
- Approve the Enterprise Risk Management Policy, the risk appetite of each organization and the responsibilities matrix for managing the risks.
- Evaluate and monitor risks in the context of strategic goals and propose corrective actions in accordance with the defined tolerable level, periodically monitoring those actions.
- Assist the Board of Directors in all responsibilities related to risk management oversight.
- Review the effectiveness of ERMS by monitoring risk maps, dashboards, limits and indicators, and formulate improvement initiatives as needed to align the risk profile with the strategic goals and defined appetite.
- Follow-up to the implementation of ERMS with consolidated vision as a Business Group, ensuring that the corporate risk profile is aligned with the overall risk appetite defined for the conglomerate.
- Responds to the Board of Directors and shareholders for the implementation of the ERMS.
- Actively manages all inducers and factors that enhance risks in order to anticipate their occurrence with concrete action plans.
- Reports on the risk profile of the Business Group, the status of the mitigation plans and overall, the implementation status of the ERMS.
- Inform about the operation of the ERMS and alert about new identified risks.
- Report on the operation of the ERMS in their companies and report on risk status and the mechanisms adopted to manage them.
- Ensure the implementation of ERMS in their companies.
- Report to the Audit, Finance and Risks Committee and to the Board of Directors on the risk profile, progress status of the mitigation plans and overall ERMS implementation status.
- Actively manage with concrete action plans, anticipating trends and occurrences.
- Designs and leads the implementation of ERMS policies, general processes and corporative methodologies that allow permanent identification, measurement and treatment of the risks the Business Group is exposed to.
- Monitors effective management of risks that can affect the strategy of the business, individually and as a group, and promotes a corporate risk management culture.
- Lead the implementation of ERMS in their companies, adopting corporate policies and methodologies adjusted to the internal and external context of each entity.
- Monitor effective management of risks that can affect the strategy of each company, and support corporate management to strengthen the risk management culture. Their responsibility includes the implementation of the methodology at a strategic, tactical and operational level.
- Responsible for the application of Enterprise Risk Management in the processes under their responsibility according to policies and methodologies defined for this purpose.
- They are designated employees in each department to facilitate implementation of the ERMS.
- Apply Enterprise Risk Management in their processes according to defined policies and methodologies.
- Must alert about the risks that might affect the normal development of work and report events of risks that may have materialized.
- Evaluate the efficiency and efficacy of the ERMS, generate recommendations for improvement, track the effectiveness of the actions taken to manage risks and evaluate the operation of key controls.
- Contribute to the identification of new risks during the development of their audit activities.
- Lead the implementation of activities for the prevention and detection of the risk of fraud, corruption, money laundering and terrorist financing.
- Monitor effective management of compliance risks that could affect each company, and support corporate management to strengthen ethics and transparency.
Efforts will be focused in the implementation of corporate software for the management of strategic risks, processes, facilities and projects, in Grupo Argos, Cementos Argos, Celsia and Odinsa.
This will be done by economic analyses of impacts on major strategic risks, monitoring all reputational risks, having a single map for the entire Argos Corporate Group.
Strengthening of the Risk Culture shall continue, establishing a corporate training plan that includes not only Grupo Argos employees, but also those of Cementos Argos, Celsia and Odinsa.
Active risk management impacting the compensation of those responsible will be measured, carrying out a plan with visualization of future trends and scenarios.
Quantitative risk assessment models are expected to be defined.