To support decision making and guide the implementation of prevention, risk mitigation and crisis management actions that, together with compliance activities, seek to protect the resources, corporate reputation, operational continuity, legal and regulatory compliance, employee safety, and trust building with the stakeholders.
|Integrate risk management into the corporate strategy.||
The risk maps of Grupo Nutresa and its business units were updated, having as a starting point the corporate strategy and the Materiality Matrix, connecting them to the tactical and operational levels.
Best practices for corporate governance were included from the “Código País” regarding risk management within the functions of the Board of Directors and its support committees, and in the Integral Risk Management Policy.
|Strengthen the risk management culture within the Organization.||
More than 500 employees were trained nationally and internationally in risk and crisis management and business continuity.
|Increase organizational resilience.||
The first cycle of the Business Continuity Project was concluded in the principal production plants in Colombia; this included tests related to the Disaster Recovery Plan (DRP) for information technology systems.
|A crisis management protocol for social media was developed.|
|Monitor and ensure legal and regulatory compliance.||
Legal surveillance management for the protection of personal data, competition, and labor, tax and environmental regulations, among others, was consolidated.
The consolidated quarterly Financial Statements, prepared under the International Financial Reporting Standards (IFRS), were presented to the market.
Progress was made in implementing the management system to prevent and control the risk of ML/FT with awareness activities in international operations.
Risk and crisis management is fundamental to carry out proper long–term planning and maintain a sustainable organization over time. Hence, the need for an integral risk management process that considers the assessment and management of risks, communication and monitoring activities, and that is also efficiently complemented with the internal control system to meet existing regulations and standards.
In this context, ensuring integration among the strategic, tactical and operational levels of risk management allows the construction of a holistic vision of the Organization and increases the effectiveness of the processes to identify and analyze current and emerging risks. To mitigate eventual integration problems of this methodology, complementary approaches have been adopted to assess risks at the different levels and reach the critical processes of the value chain.
Furthermore, proper communication and appropriation by employees of the risk management culture contributes significantly to avoiding the materialization of risk and crisis events. So, awareness and training plans have been implemented for employees, providing tools to report events; the Three Lines of Defense Model for risk management was developed with the participation of process leaders and the Risk Management and Internal Auditing departments.
In addition, monitoring regulations and industry operation standards avoid noncompliance and increased sanctions that affect reputation and competitiveness. For this reason, surveillance activities were developed to foster strict compliance with current regulations and the management systems in the different operating environments were strengthened in the different Grupo Nutresa Companies.
The consolidation of the integrated risk management system as a key input for planning and decision making at the different levels of the Organization is a strategic priority for Grupo Nutresa and one of its biggest challenges.
This challenge involves ensuring that the risk and crisis management culture is internalized in all processes of the businesses, where their development should be promoted in accordance with the Company’s constant dynamics.
For this reason, developing the risk and crisis maturity model will continue, as well as encouraging awareness and training strategies to identify, assess and report risks, incorporating virtual tools that help extend the reach of this initiative throughout the Organization. Likewise, the risk and control processes will be strengthened, under the Three Lines of Defense Model, promoting the active participation and implementation of controls by process leaders and integrating surveillance functions of the Risk Management department, and the independent assurance of Internal Auditing.
In compliance management, a complete evaluation and diagnosis will be conducted in terms of the legal and regulatory environments applicable to operations, in order to undertake a deliberate process to close gaps and adopt best global practices in the matter, thus ensuring the Organization’s sustainability.
Grupo Nutresa obtained the highest score in the world in the food sector in risk and crisis management in the Dow Jones Sustainability Index (DJSI) 2015.
A noteworthy success story is the 750 assessments of financial, strategic, operational, human rights, climatic and natural risks conducted in all Grupo Nutresa companies.
In 2015, the integral risk management process consolidated the focus of assessing risks through the Top–Down corporate strategy, which has connected Senior Management’s identification and analysis activities to the tactical and operational levels, to build a comprehensive vision of the Organization, strengthen the effectiveness of the process and treat current and emerging risks.
As a result of the implementation of this focus, more than 750 risk assessments were completed, which comprised the eight business units, transversal companies and international operations, analyzing financial, strategic, operational, climatic and natural risks, and human rights. G4-SO3 SDG 16 G4-HR9
Regarding the generation of a risk management culture, more than 15,330 direct and temporary employees and contractors G4-SO4 SDG 16 participated in awareness and training programs to prevent and control the risks associated with Money Laundering and the Financing of Terrorism (ML/FT), which strengthened the human capital. Likewise, more than 500 employees in all Grupo Nutresa businesses were trained in risk and crisis management and business continuity.
In order to contribute to the protection of corporate reputation, the definition and socialization of a protocol for crisis management in social media was developed. Moreover, the first cycle of the Business Continuity Project was concluded under a self-established methodology supported in the ISO 22301 standard and in best international practices.
As a result, recuperation strategies were defined and tests were conducted for the principal production plants in Colombia and in Servicios Nutresa, including those related to the Disaster Recovery Plan (DRP), which strengthens the response to events that affect both physical capital, and technological systems and communications.
Looking ahead, one of the greatest challenges in integral risk management consists of consolidating it as a key input for strategic planning and decision making at all levels. For this, advancing in the risk and crisis maturity model will be a priority, as well as promoting initiatives to generate culture and strengthen the internal control system.
The dynamic environmental conditions generated by the advancement of knowledge and globalization result in frequent changes in the regulatory frameworks for Grupo Nutresa, which could involve direct impacts on its financial capital. Therefore, the Organization has information and analysis systems, supported by surveillance through specialized entities, external consultants and trade associations. Also, Grupo Nutresa participates proactively in the construction of new regulations through mechanisms of national and international public consultations.
Several initiatives were implemented to ensure compliance of the regulations applicable to the companies, among which the following are highlighted:
In the short term, compliance management will be strengthened with the diagnosis and definition of initiatives that permit complementing the current scope in the Organization; likewise, the process to report financial information using the Extensible Business Reporting Language (XBRL) will begin. Implementation of the system to prevent and control the risk of ML/FT, will continue in line with current regulations, providing instruments for each company to manage its own risks, with emphasis on business processes and consolidating controls in the supply chain.