Risk management

Corporate Governance

Risk management

The Company is aware of the importance of risk management in every aspect of the business. The Company has applied the risk management system which considers ISO 31000, ISO 55001 and COSO-ERM on Risk Management and Asset Management. This system is used for management of risks that are strategic/business or operational which affect the entire organization and have a negative impact on the business objectives of the Company.

The Company implemented the 3 lines of defense concept as an effort to improve risk management and control. This concept distributes duties and responsibilities to 3 lines of defense with each having specific duties and responsibilities, but a single objective to support achieving the Company’s business purposes through effective risk management.

3 Line of Defenses Concept in the Implementation of the Risk Management of the Company

PT Vale Enterprise Risk Management Framework

First Line of Defense is the party who directly interacts with risk on a daily basis and acts as risk owner. With support from the Internal Control, Front Line Management serves as the First Line of Defense to ensure the execution and effectiveness of precautionary measures and mitigation controls as well as work plans to reduce risk.

Second Line of Defense duties are to support senior management in the implementation of risk management measures and provide technical skills to monitor First Line of Defense in risk management and control. Second Line of Defense includes the Risk Management Unit, Health Safety & Operational Risk Department, Operational Planning & Geotechnical Department, Operational Excellence Department, and Governance Officer.

The Risk Management Unit was established on May 4th, 2016 and is responsible for facilitating the Company’s risk process. The Risk Management Unit’s duties include risk assessments, preparing preventive controls and risk mitigation plans, monitoring preventive controls and mitigation plans, evaluating risk management processes, and preparing reports to the Board of Directors and the Risk Mitigation Committee.

Third Line of Defense is an independent party outside the Company administration. Its function is to ensure consistent performance of the First and Second Lines of Defense in accordance with the Company stakeholders’ expectations. This function includes Internal Audit and Corporate Integrity Division.