BRK sets up programs, controls and monitoring across several operations and including the involvement of senior management.
Accounting for ethics and the reputational impact of incorporating ethics in the decision-making process is one of the ways organizations show their commitment to conducting business with integrity. By structuring mechanisms to ensure good ethical practices, organizations reaffirm that the way business is conducted is as important as the business itself.
BRK is entirely committed to this ethos and has therefore designed a robust Ethics Risk Assessment (ERA) system.
The Ethics Risk Assessment consists of identifying, reviewing and evaluating the ethics risks to which the organization may be potentially exposed. At BRK, these steps follow the criteria contained in the COSO-ERM, an internationally recognized standard for ethical business.
The Company’s risk management process follows internationally recognized standards and consists of eight steps:
1. Context
Consider and understand the company’s short- and long-term strategic objectives as well as the internal and external setting in which it operates.
2. Mapping
Identify risk factors and implications in projected processes and objectives through benchmarking against other companies in the market, interviews with key people in the company and reviewing complaints received through the Confidential Complaint Channel.
3. Impact
Evaluate the impact on financial forecasts and the likelihood of given risks.
4. Risk Appetite
Prioritize and determine the level of risk the company is willing to assume.
5. Risk Response
Determine how the company will addresses risks in accordance with risk factors, for example eliminating or accepting a given risk.
6. Action Plans
Set of initiatives implemented by “risk owners,” employees assigned to monitor risks, so as to adopt a risk response appropriate to exposures and approved limits, and subject to periodic follow-up.
7. Communication
A continuous and interactive communication plan for all stages of the Risk Management Process so that all interested parties can share, provide or obtain information concerning the process.
8. Monitoring
Initiatives adopted to detect external and internal changes that may require a revision of or changes to currently adopted actions and priorities, which may lead to:
• Identifying emerging risks; • Obtaining additional information to improve the Risk Management Policy, structure and process, changes, trends, successes and failures; • Ensuring that design and operation controls are effective and efficient.
This practice provides managers with the necessary information to help them learn of, anticipate and prevent incidents that have not yet occurred and can thus be avoided. By understanding the nature and impact of risks the company faces, our organization can design more effective programs and develop better controls to mitigate them.
Our initial survey took into account the organization’s history, current guidelines and legislation to best identify, review and evaluate each risk. It covered a wide range of compliance and ethics risks, including those that impact company liability, regulatory exposure, ethics and how business is conducted, and the reputation of both the organization and our employees. Priority was placed on information concerning anti-trust practices, accounting, taxation, bribery, corruption, money laundering, fraud, political influencing, lobbying, intellectual property rights, and human rights violations.
Following this process, BRK mapped a matrix consisting of 10 macro-risks subdivided into 36 specific risks .
A list of BRK’s 10 mapped risks. Each risk is managed by an “risk owner” and periodically monitored by the company’s Risk Management Department.
1. Bribery of public officials.
2. Bribery of private individuals.
3. Conflicts of interest.
4. Collusion.
5. Money laundering.
6. Political influencing.
7. Human rights violations.
8. Intellectual property rights violations.
9. Accounting and financial fraud.
10. Other types of fraud.
These risks are monitored by designated employees across the company who are known internally as “risk owners.” Risk owners provide the Risk Management Department with information regarding the risks and their related controls.
The Risk Management Department compiles and periodically updates all the information it receives in the Corporate Risk Matrix. It then monitors the risks contained in the matrix.
Carrying out consolidated risk assessments offers several benefits:
• Integrated assessment;
• Standardized criteria, processes and information;
• A more complete range of identified risks that correlate to ethics;
• Effective mitigation strategies that can be better developed for complementary processes;
• Encouraging the belief that ethics and compliance are central to all of the organization’s activities;
• Increased quality of risk-based information upon which strategies and decisions are made.
BRK’s corporate governance adopted a compliance program that follows the best national and international market practices and that sets out the guidelines for incompany and outside relationships involving all employees, managers, directors, board members and shareholders.
The central document of the Compliance Program is the Code of Ethical Conduct, the basic internal regulatory guideline that serves as the basis for all other procedures and policies. The key topics addressed in the Code of Ethical Conduct include:
• Protection of assets, resources and data;
• Accuracy of books, records, documents and public disclosures;
• Duties to customers, shareholders, suppliers, competitors and others;
• Conflicts of interest and personal behavior;
• Positive workplace / setting;
• Environmental, social and governance (ESG) management;
• Compliance with laws, rules, regulations and policies.
Company employees are advised to read the provisions of the Code of Ethical Conduct carefully and to annually fill out a declaration of compliance, which is retained by the Compliance Department. The company’s regulatory documents are periodically reassessed to ensure they are up-to-date, efficient and relevant to the company’s current operations and to the risks to which it is subject.
The Compliance Program aims to consolidate all the initiatives to promote and strengthen a culture of ethics, integrity and risk mitigation through mechanisms to prevent, detect and respond to illegal and objectionable acts.
As such, the company constantly monitors business risks so as to prevent potential negative impacts to operations and, in so doing, seeks to ensure all business is conducted in a safer, more relevant and more efficient manner.
BRK has adopted controls to reduce and manage the risks identified, including those that are part of the company’s general governance. They range from compliance with legislation such as the SOX Act to actions designed specifically to prevent and detect misconduct, suspected fraud and corruption.
Controls include:
• Accurate books and records;
• Effective procurement processes;
• Effective payment processes;
• Prudent hiring and compensation practices;
• Computerized systems for efficient management of operational and managerial activities;
• Implementing systems for approval based on employee level;
• Due diligence for investigating issues related to anti-bribery and human rights, among others;
• Separation of functions and payment approval by more than one person.
BRK’s primary risk controls include participation of senior management and channels open to all employees and third parties. Our primary risk controls include:
Risk Commission
The Risk Commission is a consultative body that supports the Risk Management Department and consists of five senior BRK employees: the vice-president of corporate and regulatory affairs, vice-president of shared services, head of compliance, head of investor relations and head of engineering.
The Risk Commission’s primary task is to submit quarterly opinions, at the request of the Risk Management Department, on topics related to the calculation of risk appetite, risk matrix, action plans and risk quantification.
Ethics and Integrity Committee
In addition to the Risk Commission, BRK has also set up an Ethics and Integrity Committee whose primary objective is to ensure dissemination of the principles and values contained in the Code of Ethical Conduct, to encourage compliance, and to publicize our culture of integrity and risk mitigation. The committee comprises eight members, including BRK’s CEO, vice-president of finance, vice-president of operations, vice-president of corporate and regulatory affairs, vice-president of shared services, head of compliance and head of HR and the controlling shareholder’s director of compliance.
Compliance Program monitoring and audits, as well as the status of action plans to mitigate identified risks, are presented quarterly to the company’s senior management. And the results of investigations into complaints received through the Complaint Channel are presented to the Ethics and Integrity Committee, which is responsible for deciding on corrective actions, when applicable, and monitoring implementation thereof.
Confidential Complaint Channel
In order to ensure that employees and third parties feel comfortable filing reports of possible violations, the Company has set up a the Confidential Complaint Channel to receive both anonymous and identified complaints. This channel is operated by a specialized and independent third-party and is available 24 hours a day, 7 days a week, in any language spoken where BRK operates. Complaints are investigated independently by the Internal Audit Department.
The whistle blowing Confidential Channel was created to strengthen the company's ethics and compliance Fighting corruption is a priority The Compliance Program guarantees integrity in all processes Asset Management guarantees reliability and quality of water and sewage treatment processes We adopt plans to react to atypical and emergency situations, ensuring the continuity of operations Tax planning and control to promote investment capacity and transparency Ethics Risks Assessed and Monitored New Asset Management Program Incorporates Key Global BenchmarksSee too
