The business risk management in the EDP Brasil Group considers the following principles:
- Risk and risk tolerance are key points in decision making for the execution of business activities, functions and processes;
- The ability to manage risks as a lever of value for assets, projects and business opportunities, as well as safeguard human lives, the environment, the well-being of employees and reinforce innovation;
- Transmitting business confidence to shareholders, employees, customers, suppliers and the communities where the Company operates;
- The assessment of risks and opportunities for the generation of long-term value, considers the economic, social and environmental impacts, direct and indirect of the operations;
- The constant evolution and improvement to ensure compliance with the best international risk management practices;
- Identification of efficient mitigators to ensure the alignment of the Company's strategy;
- Risk management as the responsibility of everyone, from the Board of Directors to the individual employee.
1.1. Internal Audit
The EDP Group takes on the commitment of transparency, trust and integrity of information, as well as compliance with internal legislation, policies, norms and procedures, ensuring a system of internal controls aligned with best practices in the market.
In order to monitor these commitments, independent evaluations of the processes and controls that support the business will be carried out to ensure an effective system of internal controls with mitigated risks.
Internal auditing uses a systematic and disciplined approach to assessing and improving process effectiveness, always focusing on relevant and material risks.
1.2. Corporate Risks
In order for all risks to be covered, the EDP Group promotes an integrated risk management program, which includes a comprehensive, disciplined, continuous and transparent process, where risks are identified, analyzed, managed, reported and accepted, provided they are In accordance with the appropriate levels of tolerance to all interested parties.
1.3. Compliance Risk
Compliance risks result from non-compliance with international and national legislation, internal policies and standards that regulate the execution of employees' daily activities. It is the responsibility of all employees to know the risks related in their area of operation. The EDP Group encourages all stakeholders not to be involved in situations that characterize their non-fulfillment of their obligations.
1.4. Financial Risks
The EDP Brasil Group has the following commitments:
- Do not expose yourself to financial risks that are not intended to support the Company's business, establishing conditions and limits of tolerance to market, liquidity and credit risks;
- To address financial risks in such a way that they do not negatively impact operating activities, keeping cash levels adequate for day-to-day and investment needs, thus promoting the best risk / return ratio for the Company;
- Manage risks, involving the identification and measurement of financial risks, definition of limits, design and implementation of mitigation instruments, as well as their monitoring, monitoring and reporting.
1.5. Image and Communication Risk
The EDP Group recognizes communication as an essential item for interaction with its various stakeholders, aiming at strengthening its institutional image. Accordingly, the EDP Brasil Group undertakes to:
- Provide information in a clear and precise way, making the company internally and externally recognized as exemplary in its ethical conduct and in its processes, maintaining consistency in speaking and doing with the integrity of the information provided;
- Self-regulate the use of marketing instruments and the whole set of practices aimed at promoting brand acceptance and services, generating effects not only on their specific market, but also on society as a whole, and on each individual in particular, influencing Among other things, their values, opinions, aspirations and worldviews;
- Ensure respect for public spaces and contemplate mechanisms that avoid misleading or abusive advertising and information dissemination and incite violence, which exploits fear or superstition, that takes advantage of the child's or others' lack of judgment and experience Vulnerable groups, which disrespects environmental values or is capable of inducing the public to behave in a way that is harmful or dangerous to their health or safety.
1.6. Credit Risk and Energy Risk
All customers and suppliers with whom we have operations are evaluated from the point of view of credit risk and / or energy risk. In credit risk, all operations follow deadlines and guarantees that generate the lowest risk exposure for the EDP Brasil Group. In energy risk, all operations have their simulated incremental risk, and the total portfolio must follow maximum exposure limits that guarantee the control of energy risk for the EDP Brasil Group.
1.7. Information Security Risk
The commitment of the EDP Group with the correct handling of physical or digital information and for all types of public is based on the following principles:
- Confidentiality: Ensure access to information only by authorized persons and when it is really necessary;
- Availability: Ensure that information is available to all authorized persons;
- Integrity: Ensure that information is intact without undue changes, regardless of its nature.
1.8. Asset Management Risk
The EDP Group adopts an asset management system that aims to acquire, maintain and operate physical assets of generation, distribution and electric energy services, meeting the needs of interested parties, seeking continuous improvement in processes and better allocation of investments, Considering:
- Compliance with regulatory requirements and legal aspects related to quality, reliability, safety, environmental aspects and asset accounting;
- Optimization of operating costs;
- The registration through the patrimonial control systems;
- Recognition and return of investments made.
1.9. Regulatory Risk
The EDP Brasil Group is committed to complying with regulations issued by regulatory agencies. Regulatory risk mitigation is accomplished by monitoring scenarios involving stakeholders in their business. The EDP Brasil Group acts in the discussion of the topics of its interest, providing studies, theses and experiences to public opinion makers.