Skip Ribbon Commands
Skip to main content

Risk Management

Risk is the effect of uncertainty on organizational objectives, manifested in many ways and potentially impacting all dimensions of the business. Business risk management focuses on the relevant potential risks that, if any, could impact people, communities, the environment, operational continuity, reputation and the achievement of the company's overall business objectives.

Vale has an integrated Risk Management Governance flow, based on the concept of Lines of Defense, which represents how periodic reviews are performed to ensure alignment between strategic decisions, performance, definition and monitoring of risk tolerance limits approved by the Company's Board of Directors, upon recommendation of the Executive Board.

Risk management governance in our company is evolving to strengthen the safety of people and operations.

Lines of Defense

Risk Governance

A very relevant step for our governance was to open the Risk Executive Committee in 5 executives committees with different scopes of activity, one of them entirely dedicated to geotechnical risk management.

We also fortified our defense line model with the new Safety and Operational Excellence Executive Board, which has a work plan in place.

In our dam assessments and management, we are implementing a very high level of rigor, with the most conservative methods

1st Line of Defense

Consist on the risk owners, who are directly responsible for keeping the risks within the tolerance limits defined by Vale, and the process executors of operational, commercial, project, support and administrative areas. They hold the primary responsibility and directly manage the risks, identifying, evaluating, treating, preventing and monitoring their risks in an integrated way. Among other assignments, they are in charge mainly for:

  • They must implement and enforce effective prevention and mitigation controls, ensure adequate definition and execution of action plans and establish corrective actions for the continuous improvement of risk management; 
  • Continuously assess the applicability of the risks of the Integrated Risk Map to the activities and geographies under its responsibility;
  • Regarding imminent risk to the 1st line of defense, to adopt immediate and proactive corrective actions deemed suitable, without need to attain prior authorization. Afterwards, if any support above the scope provided is required, send the respective request directly to the Board of Executive Officers;
  • Establish and implement Crisis Management protocols and Business Continuity plans for the risks entailed, classified as Very Critical and Critical severity (regardless of likelihood) and, for other risks, whenever applicable, and for risks with Very Critical and Critical impacts (regardless of likelihood), drills must be carried out in order check the effectiveness and efficiency of Crisis Management protocols, and the periodicity of the drills must be decided by the 1st line of defense according to criticality, in observance of local rules and law specifics;
  • Establish minimum technical, technological and management standards defined by 2nd line of defense.

2nd Line of Defense (Enterprise Risk Management (ERM) - Integrated Business Risk Management)

The 2nd Line of Defense has the following main responsibilities:

  • Develop and implement policies, methodologies, processes and infrastructure for integrated risk management;
  • Provide support to the work of the 1st Line of Defense, providing qualification and instrumentation for risk management and prevention; o support and promote the exchange of knowledge and information, in order to spread the management culture and organization’s risk prevention;
  • Support and monitor the fulfillment of the business risk governance model;
  • Support the external disclosure of official information regarding business risk management; consolidate the deliberations of Business Risk Executive Committees to send to the Board of Executive Directors, in addition to following the conclusion of recommendations, and it is up to the 2nd Specialized Line of Defense to evaluate the technical effectiveness, when applicable.

The operational risk management, under the responsibility of the Executive Board for Safety and Operational Excellence, corresponds to its performance as the 2nd Line of Specialist Defense on potential risks with impacts on the Occupational Health, Occupational Safety and Process Safety dimensions, and also on the potential geotechnical risks, whose responsibilities are: (i) to perform as technical axis in the definition of standards for managing Occupational Safety, industrial processes and geotechnics; (ii) to perform as regulatory and inspector roles in the critical assets management process; (iii) to maintain the integrated management system in order to ensure uniformity in the application of standards and good operational management practices. Besides the responsibilities described above, the areas under the Executive Board for Safety and Operational Excellence hold the following attributed responsibilities, as described below, to the 2nd Lines of Specialist Defense.

In addition to the Safety and Operational Excellence Executive Office, which is the 2nd Line of Defense for Operational Risks, there are areas such as the Environment, Corporate Integrity and Information Security that should also act as 2nd Line of Defense Specialist for the respective potential risks. All 2nd Specialized Lines of Defense include the following assignments:


  • Establish minimum methodologies, technical, technological and management standards, risk indicators and asset reliability to be adopted by the 1st Line of Defense;
  • Equip and qualify the 1st Line of Defense, supporting its evolution in management and prevention of specific risks; 
  • Define the prioritization of critical control elements and test their integrity;
  • Support the identification of deviations and risks and issue recommendations, support the implementation of the model and risk and asset management and prevention standards;
  • Inspect the application of standards and indicators and assess the performance of operational, commercial, project, support and administrative areas (1st Line of Defense), with independence and transparency;
  • Assess the effectiveness of controls, related to potential relevant risks, performed by the 1st Line of Defense and, in case of critical deviation(s), has the power define immediate actions to be implemented by the 1st Line of Defense, with the power to decide on stopping the asset operation.

The definition of which areas of the organization will act as the 2nd Specialist Line of Defense is delegated to Vale's Board of Executive Officers.

3rd Line of Defense

The 3rd Line of Defense comprises areas with full administrative independence, in other words, the Audit Committee (which was deployed on March 2020, with the election of its members and approval of the internal regiment). After the statutory reform of April 30, 2020, its composition and assignments were regulated by the Vale's Articles of Incorporation, and purposes of addressing the rules of the Statutory Audit Committee regulated by the CVM and the New Market Regulation, in addition to the Audit Committee rules applicable to the Brazilian companies with ADRs listed in the American market). The Audit Committee supervises the Compliance Office which, in turn, manages the areas of Corporate Integrity, Reporting Channel and Internal Audit. These areas, observing their respective areas of operation, carry out evaluations, inspections, by means of control tests and investigation of complaints, of risk and determination of complaints, providing exempt assurance, including on the effectiveness of risk management, internal controls and compliance.

Risk management organizational structure

Risk management organizational structure Risk management organizational structure

Key risks are periodically monitored, as well as the effectiveness of their key prevention/mitigation controls and the implementation of their treatment strategies. As such, Vale seeks to have a clear view of its main risks, acting on them in a systematic manner through the adoption of protection or mitigation measures.

To this end, the Company has an operational structure to check and monitor the policy and internal controls, with the Board of Directors being the body responsible for approving the Vale risk policies. The Board of Directors is supported by advisory committees that, in general, are responsible for monitoring the scope of action and the effectiveness of the risk management of the business by the Board of Executive Officers, aligned with the guidelines set out by Vale's Board of Directors.

Permanently, they are: the Financial Committee, Sustainability Committee, Committee for Operational Excellence and Risk, People and Governance Committee, and the Audit Committee (installed in March 2020). And, non-permanently, the Independent Committee for Extraordinary Advice on Dam Safety ("CIAE-SB").

In order to fully understand the responsibilities of our Defense Line, click here and access our Policy.

Read Also

Imagem Gestão de Resíduos


Follow the progress of our reparation efforts

Read more
Imagem Biodiversidade

Board of Directors and Leadership

Meet our top leaders

Read more