Es In
      Contacto      Fundación Promigas      Proveedores      Nominaciones      Extranet

 Editor de contenido ‭[1]‬

Risk Management​​

Integrated Risk Management simplifies the decision-making process for achieving the organization’s goals by enabling top management to have a full view of the risks to which the organization is exposed. 

Promigas has implemented a ‘three lines of defense’ model which aims to manage risks effectively by clearly allocating risk, control and supervision responsibilities, thereby reinforcing the organization’s risk culture and control environment.      

Promigas and its companies have a corporate Integrated  Risk Management policy for guaranteeing effective management of risks that could cause deviations from the achievement of strategic objectives and the carrying-out of processes.

The integrated  risk management model for Promigas and its associated companies adheres to and is based on the requirements established in the Risk Evaluation component of COSO 2013 and in NTC ISO 31000 Risk Management, and on other specific requirements requested by shareholders or the Board of Directors.​

The corporate integrated risk management methodology defines guidelines for identifying, evaluating, monitoring and controlling risks deriving from the strategy determined by the company. This methodology also covers operational and strategic risks, by project and by process. ​


The first human rights risk identification and evaluation workshop was held with leaders of the processes involved  cthe ten principal risks were evaluated and the current mitigation controls for each one were established, based on the standards defined in the Dow Jones sustainability index for best social, environmental and corporate governance practices.

The Asset Laundering and Financing of Terrorism (LAFT) and Anti-Bribery and Anticorruption (ABAC)  risk matrices were updated, in accordance with internal policies and current regulations.

Assistance was provided to the metrology laboratory in its NTC-ISO 17025:2017  certification process. The laboratory’s risks matrix was updated, in line with regulatory requirements.

A start was made on implementing the Corporate Governance, Risks and Compliance (GRC) model, which is defined as the overall supervision, risks management and compliance functions and skills in the organization, in order to reliably achieve business goals. 

The first session to identify and appraise risks related to climate change was held, and this was attended, among others, by Sustainability and Environment management and Maintenance management. 
Implementación de boletines informativosThe second supply chain risk exercise was carried out, based on gaps detected in the voluntary evaluation that was carried out as proposed in the Dow Jones Global Sustainability Index. 

A risk session was included in Sustainability Weekwhen the basic concepts of effective risk management were reinforced in a dynamic and interactive way with Promigas personnel. 

The 37 inherent risks with the greatest impacton Promigas were presented to the Promigas Audit Committee.

Implementation of the corporate third-party risk management (TPRM) methodology, in order to identify, evaluate, deal with, monitor and administer third party risks and their formal relationship with Promigas and its associated companies

The following emerging risks have been monitored at Promigas​: