|Recommendation III: The Board of Directors must provide for a comprehensive business risk management policy and monitor its proper implementation|
Inform or Explain: Please refer to Principle II.1.1.8.
Inform or Explain: The Policy mentioned in Principle II.1.1.8 sets out responsibilities and methods for business risk assessment, and the procedure is conducted with the assistance of the Audit Committee, which is in charge of supervising assessment procedures and implementing related measures.
Inform or Explain: The Policy also provides for the role of a Risk Manager, who is responsible for: (i) including in its annual programs all the necessary tests for detecting business risk indicators and signals; (ii) monitoring the effectiveness of the process as a whole, and safeguarding compliance with and oversight of this policy; (iii) informing the CEO and the Audit Committee of the risk management process; and (iv) following up on the implementation of action plans to ensure that corrective measures are taken once a risk is detected. Moreover, the manager in charge of internal control assists the Board to keep the risk matrix updated, identifying and assessing risks, as well as following up with the action plan, if required, and keeping the CEO and Audit Committee informed of this process.
Inform or Explain: The Business Risk Management Policy is reviewed on an annual basis to detect improvement possibilities, and updated if necessary. The risk manager submits any applicable improvement possibilities to the consideration of the Audit Committee.
Inform or Explain: The results from this risk assessment procedure are communicated to the different departments and disclosed in the Annual Report.