The Group annually evaluates the risks that might compromise the achievement of its business objectives, including its sustainability objectives.
The company’s Board of Director must ensure an adequate risk management, establishing controls and responsibilities to prevent and/or mitigate them, including social, labor, governance and ethical risks, among others.
The Internal Control Department is in charge of supervising and coordinating the process of identification and evaluation of corporate risks at the corporate level and of each company, as well as of checking compliance with the established action plans to reduce, mitigate, eliminate or transfer risks. These are raised and/or updated in an annual exercise aimed at reviewing sustainability risks, and those associated to key business, financial commercial, technological (included in 2016) and operational processes and functions. To that effect, CAP has applied the methodology based on the international ISO 31000:2009 and NTC 525 standards.
During 2016 training was provided to the Board of Directors (with external consulting services) and the internal process of identifying and evaluating risks was thus completed. At the end of the same year, a computerized data processing system was launched in order to manage the risks of each company and each area. This will allow each of them to update their risks and action plans at the moment deemed necessary, without waiting for the annual review.
The Group carries out internal audits on the basis of those processes and functions linked to the issues of greater relevance shown in the annual risk maps. These functions and processes encompass all the areas of the company, including sales, the processing of accounts receivable and payable, cash flow, operations, sustainability and people, among others.
Compliance with committed activities is followed-up on the basis of an annual scheduling. Additionally, external audits are carried out on Internal Control Areas, responsible for the audits.