Omitir los comandos de cinta
Saltar al contenido principal
                            

RISK MANAGEMENT

By allowing top management to have a full vision of the risks the organization is exposed to, Comprehensive Risk Management facilitates the decision-making process for achieving the organization’s goals.


​In order to strengthen the control environment and risk culture in the organization, Promigas has implemented the three lines of defense model, which aims to administer risks effectively by assigning clear risk, control and supervision responsibilities. The second line of defense consists of Corporate Risk and Compliance Management, or the equivalent risk areas in each company in charge of such duties, which are required to carry out continuous follow-up on all risk-related obligations.

Promigas and its affiliated companies have a corporate comprehensive risk management policy which aims to ensure effective administration of risks that could cause deviations with respect to compliance with strategic goals, Inherent Major Impact Risks (RIMI), and processes.    

13 strategic risks and 18 RIMI were identified, appraised and monitored in 2020 by evaluating the design and operation of controls associated with the respective risks.

There is also a governance, risks and compliance model which permits Comprehensive Risk Management for Promigas and its affiliated companies to perform risk management and monitoring duties and responsibilities. This consists of the following:

​Similarly, as part of the reinforcement of Corporate Governance, the Corporate Risk and Compliance Committee was set up as an entity that communicates with and reports to top management on comprehensive risk management. This committee, which consists of the Presidency, Vice-Presidencies and Risks and Compliance Management, meets at least once per year and its responsibilities include following up on risk management and issuing guidelines and recommendations.     

The Comprehensive Risk Management model for Promigas and its affiliated companies complies with, and is based on, the requirements established in the ‘Risk Evaluation’ component of COSO 2013, in NTC ISO 31000 Risk Management, and other requirements as requested by shareholders or the Board of Directors.  

The Comprehensive Risk Management corporate methodology consists of a cycle with six stages


​Which is a transverse stage. Possible deviations from the goals established can thus be administered correctly.





Risk evaluation is carried out by appraising impact and probability. Bearing in mind some key elements of the strategy, impact criteria are defined by the company as follows:


The criteria for appraising probability that have been defined by the company are as follows:


Top management establishes priorities for dealing with key risks, based on the results of the residual appraisal, and the following criteria are established for defining additional mitigations.

In the case of risks classified as extreme, additional mitigations have to be defined in order to reduce the probability of the risk occurring or to absorb the consequence associated with the risk materializing. When risks are classified as high or moderate, top management or the process leader can propose additional risk mitigators, in accordance with the analysis of whether it is viable to introduce them, where applicable, and if the nature of the risk so permits, such as with regulatory risks.   ​


​​
 ​Success with risk management depends on all stages of the aforementioned cycle being applied; partial application does not contribute to achieving the company’s strategic goals.



Reinforcement of risk monitoring in 2020 paved the way for the evaluation of inherent high-impact, strategic, and information security risks. Part of this monitoring included helping the first line of defense to identify changes in risks and controls in their processes because of the pandemic.   

Similarly, the phase relating to the identification and evaluation of third parties and intermediaries as a segment of implementing the corporate third-party management methodology (TPRM/TPI) was completed, and a virtual third-party risk management training session was held. This was attended by 61 third parties considered critical for the company, and transportation and distribution companies. It was part of activities under the risk culture reinforcement program entitled ‘Promigas Connections, More United with our Suppliers’. A start was also made on regulatory risk management, in the form of structuring the Regulatory Compliance Program, the purpose of which is to administer the risk of default on internal and external standards and regulations that are binding on the company. The respective policy and procedures were drawn up for execution.  

With a view to strengthening and evaluating risk management and identifying trend, behaviors and how risks evolve over a period of time, Key Risk Indicators (KRI) and Key Performance Indicators (KPI) have been implemented.​


The following emerging risk was identified for Promigas::​

Changes in consumer behavior throughout the value chain that could affect the demand for natural gas. 

Develop new lines of business with a high financial impact that will enable our operations to expand into the renewable energy segment and new geographies.

Expanding renewable energy business in view of limited regulatory and market stimuli for promoting mass use.

Use of intellectual property assets to generate competitive advantages in our businesses.

UPDATE ON EMERGING RISKS



​​Carry out surveillance actions and technological feasibility analyses (rational, opportunity and impact - ROI) and technical feasibility analyses (financial impact, risk and execution - FIRE) in order to verify opportunities to implement new technologies and their potential impact on Promigas business units.​

In 2020 we carried out 1,675 appraisals of strategic ricks, high-impact inherent risks, operating risks, projects, financial risks SOX, and human rights, climate change, anti-bribery, anti-corruption and LAFT risks.

RISK MITIGATION ACTION PLAN COMPLIANCE (%)






Administering risks and opportunities from an integrated vision 

Based on an integrated thought vision, we connect strategy, risks and opportunities in relation to economic, governance, social and environmental aspects as conductors of value creators in order to boost internal capabilities in each business group in the short, medium and long term for the organization and for our interest groups.

We analyze our risks in light of our strategic goals and material issues, in order to guarantee that they will not affect compliance with the value promises made to our interest groups.    ​