Risk and compliance

ico cumplimiento y riesgo




Collaborators Novaventa. El Carmen de Viboral, Colombia.

Collaborators Novaventa. El Carmen de Viboral, Colombia.


To support decision making and guide the implementation of prevention, risk mitigation and crisis management actions that, together with compliance activities, seek to protect the resources, corporate reputation, operational continuity, legal and regulatory compliance, employee safety, and trust building with the stakeholders.

Strategy and Progress 2015

Strategy Progress 2015
Integrate risk management into the corporate strategy. verde1

The risk maps of Grupo Nutresa and its business units were updated, having as a starting point the corporate strategy and the Materiality Matrix, connecting them to the tactical and operational levels.


Best practices for corporate governance were included from the “Código País” regarding risk management within the functions of the Board of Directors and its support committees, and in the Integral Risk Management Policy.

Strengthen the risk management culture within the Organization. verde2

More than 500 employees were trained nationally and internationally in risk and crisis management and business continuity.


Raising awareness and training on the risks associated with Money Laundering and Financing of Terrorism (ML/FT) was conducted with more than 15300 G4-SO4 SDG 16 employees and third parties.

Increase organizational resilience. verde3

The first cycle of the Business Continuity Project was concluded in the principal production plants in Colombia; this included tests related to the Disaster Recovery Plan (DRP) for information technology systems.

verde3A crisis management protocol for social media was developed.
Monitor and ensure legal and regulatory compliance. naraja

Legal surveillance management for the protection of personal data, competition, and labor, tax and environmental regulations, among others, was consolidated.


The consolidated quarterly Financial Statements, prepared under the International Financial Reporting Standards (IFRS), were presented to the market.


Progress was made in implementing the management system to prevent and control the risk of ML/FT with awareness activities in international operations.

Risks and Opportunities

Collaborators Compañia de Galletas Noel. Medellín, Colombia.

Collaborators Compañia de Galletas Noel. Medellín, Colombia.

Risk and crisis management is fundamental to carry out proper long–term planning and maintain a sustainable organization over time. Hence, the need for an integral risk management process that considers the assessment and management of risks, communication and monitoring activities, and that is also efficiently complemented with the internal control system to meet existing regulations and standards.

In this context, ensuring integration among the strategic, tactical and operational levels of risk management allows the construction of a holistic vision of the Organization and increases the effectiveness of the processes to identify and analyze current and emerging risks. To mitigate eventual integration problems of this methodology, complementary approaches have been adopted to assess risks at the different levels and reach the critical processes of the value chain.

Furthermore, proper communication and appropriation by employees of the risk management culture contributes significantly to avoiding the materialization of risk and crisis events. So, awareness and training plans have been implemented for employees, providing tools to report events; the Three Lines of Defense Model for risk management was developed with the participation of process leaders and the Risk Management and Internal Auditing departments.

In addition, monitoring regulations and industry operation standards avoid noncompliance and increased sanctions that affect reputation and competitiveness. For this reason, surveillance activities were developed to foster strict compliance with current regulations and the management systems in the different operating environments were strengthened in the different Grupo Nutresa Companies.

Future Perspectives

The consolidation of the integrated risk management system as a key input for planning and decision making at the different levels of the Organization is a strategic priority for Grupo Nutresa and one of its biggest challenges.

This challenge involves ensuring that the risk and crisis management culture is internalized in all processes of the businesses, where their development should be promoted in accordance with the Company’s constant dynamics.

For this reason, developing the risk and crisis maturity model will continue, as well as encouraging awareness and training strategies to identify, assess and report risks, incorporating virtual tools that help extend the reach of this initiative throughout the Organization. Likewise, the risk and control processes will be strengthened, under the Three Lines of Defense Model, promoting the active participation and implementation of controls by process leaders and integrating surveillance functions of the Risk Management department, and the independent assurance of Internal Auditing.

In compliance management, a complete evaluation and diagnosis will be conducted in terms of the legal and regulatory environments applicable to operations, in order to undertake a deliberate process to close gaps and adopt best global practices in the matter, thus ensuring the Organization’s sustainability.

Remarkable Achievements

Grupo Nutresa obtained the highest score in the world in the food sector in risk and crisis management in the Dow Jones Sustainability Index (DJSI) 2015.

Logo Dow Jones Sustainability Indices

icono estrella calidad

A noteworthy success story is the 750 assessments of financial, strategic, operational, human rights, climatic and natural risks conducted in all Grupo Nutresa companies.

Collaborators Meals of Colombia. Bogotá.

Collaborators Meals of Colombia. Bogotá.

Progress 2015


In 2015, the integral risk management process consolidated the focus of assessing risks through the Top–Down corporate strategy, which has connected Senior Management’s identification and analysis activities to the tactical and operational levels, to build a comprehensive vision of the Organization, strengthen the effectiveness of the process and treat current and emerging risks.

As a result of the implementation of this focus, more than 750 risk assessments were completed, which comprised the eight business units, transversal companies and international operations, analyzing financial, strategic, operational, climatic and natural risks, and human rights. G4-SO3 SDG 16 G4-HR9

Operations Centers Subject to Evaluation in Human Rights G4-HR9

Operations Centers Subject to Evaluation in Human Rights

Regarding the generation of a risk management culture, more than 15,330 direct and temporary employees and contractors G4-SO4 SDG 16 participated in awareness and training programs to prevent and control the risks associated with Money Laundering and the Financing of Terrorism (ML/FT), which strengthened the human capital. Likewise, more than 500 employees in all Grupo Nutresa businesses were trained in risk and crisis management and business continuity.

In order to contribute to the protection of corporate reputation, the definition and socialization of a protocol for crisis management in social media was developed. Moreover, the first cycle of the Business Continuity Project was concluded under a self-established methodology supported in the ISO 22301 standard and in best international practices.

As a result, recuperation strategies were defined and tests were conducted for the principal production plants in Colombia and in Servicios Nutresa, including those related to the Disaster Recovery Plan (DRP), which strengthens the response to events that affect both physical capital, and technological systems and communications.

Looking ahead, one of the greatest challenges in integral risk management consists of consolidating it as a key input for strategic planning and decision making at all levels. For this, advancing in the risk and crisis maturity model will be a priority, as well as promoting initiatives to generate culture and strengthen the internal control system.



Collaborators Compañia Nacional de Chocolates. Rionegro Plant, Colombia.

Collaborators Compañia Nacional de Chocolates. Rionegro Plant, Colombia.

The dynamic environmental conditions generated by the advancement of knowledge and globalization result in frequent changes in the regulatory frameworks for Grupo Nutresa, which could involve direct impacts on its financial capital. Therefore, the Organization has information and analysis systems, supported by surveillance through specialized entities, external consultants and trade associations. Also, Grupo Nutresa participates proactively in the construction of new regulations through mechanisms of national and international public consultations.

In 2015, Grupo Nutresa and its companies did not receive significant sanctions or fines for noncompliance with regulations and legislation. G4-EN29 SDG 16 G4-SO8 SDG 16 G4-PR9 SDG 16

Several initiatives were implemented to ensure compliance of the regulations applicable to the companies, among which the following are highlighted:

  • Diagnosing compliance with regulations related to the protection of personal data (Habeas Data) in all companies abroad.
  • Analyzing the Colombian regulations on competition to train the managerial and sales teams in the companies in Colombia in this matter.
  • Training sales and marketing teams of the companies in Colombia on changes that were made in 2015 on regulations that establish the procedures necessary to develop promotional activities.
  • Raising awareness of the Good Governance Code in the Grupo Nutresa companies abroad, which incorporated the Policy to Prevent and Control Money Laundering and the Financing of Terrorism (ML/FT).
  • For the first time, presenting the consolidated quarterly Financial Statements prepared under the International Financial Reporting Standards (IFRS), addressing the requirements of the Colombian Financial Superintendency, providing relevant information to support the decision making of Grupo Nutresa investors.
  • Working closely with tax authorities in the countries where Grupo Nutresa operates, in preparing and analyzing the bills that modify taxes, in order to find regulations that permit greater growth and fiscal efficiency. To this end, Grupo Nutresa has signed six Legal Stability contracts with the Colombian State, which have given transparency to the entire fiscal process and ensure the timely compliance of all obligations.
  • In environmental matters, Grupo Nutresa has legal matrices as guidance and consultation elements which, in turn, allow the companies to evaluate potential risks that they could face in possible gaps for full compliance of the requirements that apply to them and reduce their impact on natural capital.
  • With regard to labor issues, Grupo Nutresa has a policy for all companies, aligned with the International Labour Organization (ILO) and the constitution and legislation of each country where it operates. Compliance of this policy is ensured through ongoing training of all employees, surveillance, and the advice provided by the Servicios Nutresa labor legal team, to ensure respectful working conditions with our human capital.


In the short term, compliance management will be strengthened with the diagnosis and definition of initiatives that permit complementing the current scope in the Organization; likewise, the process to report financial information using the Extensible Business Reporting Language (XBRL) will begin. Implementation of the system to prevent and control the risk of ML/FT, will continue in line with current regulations, providing instruments for each company to manage its own risks, with emphasis on business processes and consolidating controls in the supply chain.