2012 Annual Sustainability Report

Since it was introduced in 2009, Grupo Algar's Risk Management model has been based on the Enterprise Risk Management (ERM) methodology, adopted by the Committee of Sponsoring Organizations (COSO), a global organization that sets out and disseminates the best risk management, internal controls and fraud detection practices.

The risk identification process adopted by Grupo Algar started with a series of interviews with top executives. These interviews allowed identifying the events that may impact the short-, medium- and long-term strategic goals of each business, leading to regulatory, market, environmental risks among others.

Each risk was assigned an impact rating and a probability according to a pre-set scale. The Group's exposure level to them was determined by following these steps:

• Identifying risk factors with the help of the executives and designing the gross risk matrix (inherent risk);
• Mapping controls and indicators and designing the residual risk matrix (exposure considering the controls currently in place);
• Mapping action plans and designing the target risk matrix (exposure desired after action plans are in place);

Each risk is under the responsibility of an "owner", an executive with extensive knowledge of the issue who is in charge of suggesting and developing the optimal set of actions in response to the risk and coordinating these actions with other executives. On a quarterly basis, the company's CEO provides information about these actions and exposure to the Risk Audit and Management Committee.

Since they are some of the main components of the corporate risk management model, the matrices must be updated regularly to ensure that they reflect the risk of the company's operations and threats to their values and stakeholders accurately. Based on a periodical review of the strategies, significant changes in processes and the business environment, the map is revised so that it always reflects the best set of uncertainties.

The Board of Directors established in March 2011 a Corporate Policy for Risk Management, with roles and duties for all Grupo Algar's management levels, to provide support for this process and improve its corporate governance practices.

The Risk Audit and Management Committee, connected with the Board of Directors, is responsible for identifying, assessing, mitigating and monitoring exposure to strategic risks according to the limits approved by the Board of Directors. A new member with extensive experience in risk management joined the committee in 2012 to expand the knowledge pool.

Throughout 2012, the Group focused its attention on consolidating and improving its risk management practices within the risk management process, as planned. Both Algar Telecom and Algar Agro created Risk Management divisions with dedicated professionals. Algar Agro launched projects to assess market risks (commodity prices and exchange) and develop a specific Market Risk Management Policy for agribusiness. Engeset, a subsidiary of Algar Telecom, mapped a total of 13 strategic risks, continuing the introduction of the Risk Management process.

In 2013, the Committee is planning to: (i) create a corporate matrix with the risks of all businesses, considering the specific features and share of each segment; (ii) establish a corporate risk assessment methodology; (iii) assess the effectiveness of the controls of all mapped risks; (iv) review the companies' strategic risk matrix; (v) execute the mitigation plans previously developed and (vi) continue mapping the strategic risks of the other subsidiaries. In addition, the Corporate Risk Management Policy, approved in 2011, is scheduled to be updated for the first time, in compliance with the duties assigned for the risk management division, to improve the process.

Company	Total strategic risks
Algar Telecom	11
Algar Tecnologia	14
Engeset	13
Algar Agro	13