Risk management

Find out how we guarantee the sustained growth of Brisa Group’s business.

Brisa Group's risk management is a crucial tool in supporting decision-making as an active and dynamic process that leverages sustained value creation throughout the organization.

The process involves the heads of the business units - the first line - within the scope of their areas of activity, which ensures that a cross-cutting culture takes root, orientated towards risk management in the relevant business processes.

The current model of risk management is periodically reviewed with a view to alignment with best national and international practices as well as the applicable legislation. It consists of a systematic, methodical, and structured approach that promotes:

• Suitability of the mission, values, strategy and performance of the Brisa Group
• Definition of strategic objectives taking into account the level of risk appetite approved by senior management and the internal and external context
• Identification, characterization and assessment of risks, as well as the definition of response mechanisms, controls and mitigation measures
• Regular monitoring, and consequent internal and external communication of the risks managed in the Brisa Group companies

Senior management is responsible for approving and monitoring the Brisa Group’s Risk Management Policy, in order to ensure the adoption of an effective risk culture in the organization.

The risk management model is based on the Three Lines paradigm:

1^st line – Business Units

Identify and assess risks in the business areas
Run the risk management process
Define and implement internal controls

2^nd line – Supervision

Define and implement policies, processes, and procedures
Ensure the alignment of risk management with strategic objectives
Monitor the adequacy and effectiveness of the risk management process and the internal control system

3^rd line - Auditing

Carry out independent assessments
Identify opportunities for improvement
Report to senior management

At least once a year, the responsible parties for the Brisa Group’s companies are subsequently asked to identify and describe the main risks that may affect their respective areas.

The risk owners will also be responsible for determining the quantitative and/or qualitative likelihood of occurrence and the impact to the Group of each potential threat (based on the assessment criteria defined and implemented by the Group), enabling the setup of priorities for treatment/response purposes.

The risk management team compile the main risks identified and assessed within the Group and communicate the Group’s risk profile to the BoD and relevant stakeholders.

In close cooperation with the business areas/risk owners, the risk team also monitors, in a continuous manner, the risks identified and assessed, performing the following tasks:

Superintend the degree of execution/implementation of action plans;
Assess the efficiency and effectiveness of internal controls;
Detect changes in the internal and external context and identify emerging risks;
Analyze any risk events’ changes, trends and new threats/opportunities that may affect the expected performance level.

For further details on the most relevant risks in the Brisa Group’s operations, please consult the Integrated Report.

Monitoring

The Brisa Group monitors the main risks and market trends to guarantee that identified risks also reflect the macroeconomic context.

To this end, a watchlist is created, maintained and updated with the topics which, due to their relevance, are under continuous monitoring by the Brisa Group’s operations.

Additionally, the risk quantification and risk appetite processes are being reviewed and adjusted in line with best international market practices.