Risk Management and Monitoring
GRI 2-12, 2-13
At KUO we acknowledge the fundamental role of Risk Management in the continuity and security of our operations. Therefore, we operate under strong Policies and Procedures enabling us to identify and mitigate risks that may affect our objectives as a business.
Based on the Enterprise Risk Management-COSO (ERM-COSO) methodology, we perform risk management, allowing us to identify and assess events that may have an impact on the Group’s operational continuity in the areas of strategy, operations, reporting, compliance, finance, reputation, cybersecurity and the environment, among others, thus guaranteeing their comprehensive management from an organizational perspective.
Additionally, based on this methodology (ERM-COSO), we have adopted the “Three Lines of Defense” approach, which involves different teams, with specific roles and responsibilities, working together to strengthen our Internal Control System in relation to risks.
Based on the Enterprise Risk Management-COSO (ERM-COSO) methodology, we perform risk management, allowing us to identify and assess events that may have an impact on the Group’s operational continuity in the areas of strategy, operations, reporting, compliance, finance, reputation, cybersecurity and the environment, among others, thus guaranteeing their comprehensive management from an organizational perspective.
Additionally, based on this methodology (ERM-COSO), we have adopted the “Three Lines of Defense” approach, which involves different teams, with specific roles and responsibilities, working together to strengthen our Internal Control System in relation to risks.
Front Line
Composed by key directors and process managers from the Group's businesses, the Shared Services Unit and the Corporate Unit, with its main function being to comply with the general Internal Control guidelines of KUO and its day-to-day management.
People responsible for the operation of Internal Control processes are divided into two large groups:
People responsible for the operation of Internal Control processes are divided into two large groups:
- Corporation and Shared Services Unit: are responsible for complying with the general KUO guidelines on treasury, financing, capital investments, financial information, consolidation, legal affairs, sustainability, communication, tax, human capital, information technology, foreign trade, central negotiation, accounting, accounts payable, fixed assets, database catalogues, travel expenses and payroll, among others.
- Group businesses: are responsible for complying with operational control guidelines for sales, billing, logistics, collections, procurement, inventory, recruitment, production, maintenance, quality, occupational health, safety and hygiene, customer service, among others.
Second Line
It is made up of the General Management, with the support of the Assistant General Management in charge of the Legal Area, as well as the Assistant General Management and Finance, the KUO Comptroller's Office and the respective Finance and Comptroller's Office areas of each of the Group's businesses. In compliance with article 44, section XII of the Securities Market Law, it is responsible for the implementation of the Internal Control System that allows the verification of the Group's actions and operations, in accordance with the regulations established through laws, policies and procedures.
Third Line
The Board of Directors, with the support of the Audit Committee and the Internal and External Audit area, in accordance with Article 28, Section V of the Securities Market Law, is responsible for the independent supervision and oversight of the application of the Group's Internal Control processes, as well as providing recommendations for improvements in the established controls, minimizing possible impacts on our operations..
The Internal Control System is an integral part of KUO's activities, and aims to provide a reasonable degree of certainty regarding the achievement of objectives related to the effectiveness and efficiency of its operations, compliance with laws and regulations, as well as policies and procedures, reporting and safeguarding of its assets.