How risks are managed
How risks are managed
In order to fulfill its value proposition for risk management, one of the targets of the Klabin 2030 Agenda, the Company is constantly challenged to keep its team committed to act responsively and participatively in the processes that involve the risks management. In 2022, several initiatives were developed to advance this culture of risks, among which the following stand out:
managers and coordinators participated in the Risk Management Workshop.
employees completed the risk management training on the ENK Portal.
How risks are managed
Klabin's Risk Management Policy is based on the principle of aligning the Company's strategic objectives with a structure referenced to the highest industry standards.
The governance structure assigns risk management responsibilities to the following entities: Board of Directors, Audit and Related Parties Committee, Executive Board, Risk Committee, Risk Management and Internal Controls Department, Business Areas.
According to internal methodology, Klabin's risks are classified as strategic; financial; operational; regulatory and legal; and social and environmental. The risks are assessed according to their level of criticality, defined based on two aspects: impact and vulnerability. The levels of each risk are established according to predefined criteria, standardized and validated internally. The approaches may be: reduce, transfer and/or share, retain or accept.
The steps described ahead are followed with the objective that the main risks inherent to Klabin's activities can be identified, assessed, addressed, monitored and communicated, both at the strategic and operational levels.
Klabin's primary internal control practices include the establishment of procedures, formal policies, authorization of approval levels, audit assessments, process mapping of departments, integrity assessments, including cybersecurity analysis.
In 2022, procedures for managing legal documents, such as licenses and permits. This action front has seeks continuous improvement in the process of impact on mitigating legal compliance risks.
An important part of the project was also completed, which included mapping processes, identifying and training those responsible for the processes in each area. The project, initiated in 2020, seeks to enhancing knowledge of internal controls within the Company, providing greater agility to the system's updates whenever a process needs to be altered.
60
processes mapped.
750
controls identified.
250
controls identified.
Klabin's Privacy and Data Protection Policy establishes the attributions of the various areas involved and regulations applicable to the protection, treatment and eventual sharing of data. Based on this policy, materials have been created for use in training and awareness activities, and is also available on Klabin's portals through the link Privacy Policy | Klabin.
In order to comply with the General Data Protection Law (LGPD), the main challenges in implementing projects are mapping and maintaining the flow of personal data within the Company; training and raising awareness among employees and departments that handle personal data; involving the entire supply chain; and meeting the deadline for responding to any requests from data subjects.