Vittia Annual Report 2022
VITTIA
For the protection and management of these
risks, we follow the risk management model
of the COSO Committee of Sponsoring
Organizations of Treadway Commission, COSO
2013, the ABNT ISO 31000: 2009 standard
and the Guidance Guide for Corporate Risk
Management of the Brazilian Institute of
Corporate Governance (IBGC).
Risk management activities comprise five
major steps:
▸ Identification of risks.
▸ Analysis and understanding of each risk.
▸ Assessment of which risks need treatment
and prioritization for treatment and
implementation.
►Treatment (involves selecting one or more
options to modify risks, as well as adopting
and implementing those options).
► Critical monitoring and review to ensure
that controls are effective and efficient.
The risk management framework is based on the
three lines of defense methodology, as follows:
First line of defense
►Comprised of operational managers from
the business and support areas.
▸ Effectively manages and owns risks..
Second line of defense
Formed by the areas of Compliance, Internal
Controls and Risk Management.
► Focuses on risk prevention and supervision,
with emphasis on internal controls and
compliance.
Third line of defense
Composed of the Internal Audit.
► Provides senior management and governance
bodies with structured assessments of
mapped risks.
We are advancing and revising our Risk Matrix,
covering all the risks identified in our operations
and in our business, in order to evolve in our
mitigation and management processes.
Annual Report 2022
35View entire presentation