Risk management

Risk management

The Company has established a risk management system and several risk management processes and resources to support a proactive and systematic approach to risk prevention and mitigation.

The essence of business management is a set of structured and integrated risk management activities designed to achieve business objectives, financial strength, flexibility and business sustainability. Understanding the importance of this, the Company’s Board of Directors initiated improvements to the integrated risk management, internal audit and compliance functions. The Board of Directors then appoints the Risk Management Unit (RMU) to execute the initiatives.

The RMU’s responsibilities include:

  • Proposing a risk appetite statement and its revision to the RMC and the Board of Directors;
  • Facilitating periodic risk assessments and formulating risk matrices and mitigation plans;
  • Proactively ensuring ERM compliance at all Company levels, together with the compliance and line management functions;
  • Periodically reviewing risk management activities and mitigation plans.

Following a series of discussions and workshops involving the Board of Directors, the Board of Commissioners and other related parties, it was determined that a Company Risk Mitigation Committee (RMC) was required in the risk governance structure. The RMC helps the Board of Commissioners oversee overall risk management, including the framework, and submits periodic risk assessment results reports, and related recommendations to the Board of Commissioners.

PT Vale Enterprise Risk Management Framework 

Enterprise Risk Management (“ERM”) guidelines in the form of a Risk Management Policy and Risk Management Manual, sets out the following risk management frameworks:

  • The RMU facilitates periodic risk assessments based on input from the Line Management, and produces a risk register for review with the Audit Committee and the Board of Directors.
  • The RMU is responsible for proactively requesting and collecting information from the Line Management regarding operational and non-operational issues that may impact existing risks, in order to decrease the risk levels that are adequately controlled by current control mechanisms.
  • Line Management is responsible for monitoring and acknowledging increases in unresolved or new issues, both internally and externally, and submitting this data to the RMU for further risk review. Line Management is also rsponsible for proactively consulting the RMU on risk compliance in accordance with internal and external regulations.
  • The RMU proactively provides Internal Audit feedback as a reference in preparing the Audit Plan.

The ERM guidelines also regulate the seven stages of the process the Company must follow for managing risks. This process enables the Company to identify business risks, risk levels, control efforts, action plans and recommendations to lower risk levels. The overall process involves collaboration between organizational functions, however, most of the stages are under the RMU and Line Management.

PT Vale Risk Management Process Flow