Risk Management

GRI G4 14 | 45 | 46 | 47
DENTIFICATION,
ASSESSMENT
AND MITIGATION

Risks are managed through corporate bodies’ decisions, following the guidelines set by the Risk Audit and Management Committee

Dealing with market uncertainties, technological innovations and regulatory aspects is an integral part of telecom companies’ routines in Brazil. Risk Management is meant to support decision-making, thus helping us sustain business performance and manage potential losses more effectively. The process identifies, assesses and mitigates internal and external factors that may affect the Company’s goals and strategies.

Algar Telecom’s Board of Executive Officers manages risks through corporate bodies’ decisions, following the guidelines set by the Risk Audit and Management Committee and set forth in the Corporate Policy for Risk Management, approved by the Board of Directors. Each risk is managed by a particular Officer, who uses specific methodologies, measurement models and controls, and adopts the best set of mitigation actions in cooperation with other departments.


Principles and Guidelines

Risk indicators integrated to the BSC

Decision-making facilitated

Risks assessed in short- and long-term projections

Goals adjusted

Risks included in assessment tools

Decisions made assertive

Significant deviations reported to Holding

Alignment and protection

Risks monitored

Management enhanced

Risk management incorporated into goals and variable compensation

Commitment strengthened


RISK MAP

Strategic Risks

Governance
  • Relationship with Shareholders and Creditors
  • Communications and Reporting
  • Institutional Relationship
Strategy
  • Political and Economic Environment
  • Behavioral Change
  • Competition
  • Image
  • Investment Decisions
  • Innovation

Operations

Management
  • Planning and Budgeting
  • Performance Indicators
  • Project Execution
  • Outsourcing
Processes
  • Operational Capacityand Efficiency
  • Business Continuity
  • Business Practices and Pricing
  • Dependence on Suppliers
IT
  • Access and Confidentiality
  • Availability and Performance
  • Information Integrity
People
  • Attraction and Retention
  • Development
  • Executive Succession

Financial Value

Market
  • Exchange
  • Exchange rates
Liquidity
  • Access to Capital
  • Cash Flow
  • Debt Acceleration
Credit
  • Default
  • Revenue Concentration

Compliance

Laws and Standards
  • Occupational Health and Safety
  • Taxation
  • Civil
  • Industry Regulations
  • Capital Markets

STRATEGIC RISKS

Governance

Risk to the sustainability and longevity of the business due to an inability to set rules of coexistence, succession of shareholders and executives, as well as institutional relations, thus leading to the company take the wrong direction and reducing its market value. The governance risk management initiatives are described in detail in the Governance section.

Strategy

This risk is related to strategy development and our assessment of the assumptions that serve as a basis for long-term planning and investments. On a yearly basis, we develop, evaluate and discuss scenarios considering regulatory aspects, macroeconomic prospects for the telecommunications industry, competition and the risk factors that arise from them. After evaluating these scenarios, we develop the strategic plan, with goals and plans to achieve them. A major risk in this category is the entry of new business competitors, with the possibility of a drop in margins connected with efforts to protect our client base. Consequently, we monitor the competition environment, assess potential impacts and outline strategies to safeguard our concession area and continue growing in our expansion area.


OPERATIONAL RISKS

Management

Management risk arises if the companies’ performance, time limits and/ or adherence to the strategic plan are poorly monitored, and/or strategic projects are executed unsuccessfully with regard to projected results. In this category, we highlight the risk of depending on suppliers, due to the possibility that the supply of services and equipment relevant to the company may be interrupted. We have introduced the BSC–Balanced Score Card management methodology to integrate strategies and operations. The purpose is to allow the executives to discuss the performance of all areas vis-à-vis the strategic goals set, as well as propose alternatives when needed. This tool allows us to extend the strategy to all company levels, thus aligning the organization, executing the strategy in a more disciplined manner and, consequently, mitigating management risk. Another management practice we use is PMO-Project Management Office, intended to ensure that all projects follow our business strategy and are executed with discipline. We evaluate projects regularly and prepare recommendations to correct errors. We mitigate our dependence risk by classifying suppliers according to how much of our purchased volume they account for and how difficult it would be to replace the services they provide. Afterward, we monitor their financial health and seek to develop providers of equipment or services considered critical.

Processes

This risk is related to operational capacity and continuity, mainly of critical services for clients, resulting from incidents on sites; networks and towers; or obsolete, or a lack of redundant, equipment. These situations may lead to interruptions of service; equipment losses; or damage to, or ceasing profits for, third parties. This risk is monitored by using processes, systems and indicators at the Network Operations Center (NOC), a structure designed to detect and handle incidents. Indicators are reported to ANATEL on a monthly basis. Since 2010, we have had a Crisis Manual, which covers situations that may affect our reputation, such as interruptions of service, accidents with associates and third parties and strikes. The contents were revised in 2014, with the introduction of a Telecom service continuity plan to serve as a governance guideline and ensure operational continuity and disaster recovery.

Information Technology (IT)

This is the risk of system outages that may affect the continuity of the Company’s service or lead to interruptions of critical processes, mainly those that support customer service. It is also connected with unauthorized access to data and information, vulnerabilities in logical access controls, lack or breach of policies and statements of responsibility, external attacks or improper disclosure of information. To ensure that systems and services are available at all times, we mapped all systems critical for the operation and introduced availability indicators and goals, which are monitored to prevent interruptions. Concerning security, our associates have an Information Security Policy, in addition to monitoring, backup and restore routines for data and systems.

People

This risk arises from a difficulty in attracting and retaining talents with the necessary skills due to external and internal factors, such as competition and the organizational climate. The risks related to attracting and retaining people, and executive development and succession are monitored through turnover indicators and an annual Climate and Engagement Survey to assess the effectiveness of our initiatives to improve the work environment, associate satisfaction and retention. We seek references in the market to remain attractive and regularly update our compensation and benefits plans and other factors that improve associate satisfaction, such as flexible hours.


FINANCIAL RISKS

Market

Market risk is the possibility of a decrease in our investment capacity due to changes in exchange rates and an increase in interest expenses due to changes in interest rates. Part of the Company’s investments are used to purchase equipment priced in U.S. dollars. A change in the exchange rate could lead to the need to increase investments or review priorities in projects already approved. Seeking to anticipate potential impacts, we monitor exchange rate fluctuations and evaluate scenarios continuously. Concerning the interest rate risk, we monitor trends in interest rates and expected deviations, which are measured statistically. Mitigation actions include lengthening the debt maturity and using subsidized credit lines to minimize the effects on financial expenses.

Liquidity

Liquidity risk is defined as the Company’s inability to honor its obligations due to either a shortage of cash in the market, or the Company’s low attractiveness to investors, or else a cash flow mismatch. Liquidity risk is also connected with the Company’s debt level, which may lead to a failure to meet covenants (clauses in loan contracts and debt instruments), a deterioration in the Company’s financial health and increased business risk. In this regard, we introduced conservative financial health indicators in comparison with those covenants. A basket of indicators is monitored continuously to ensure that it meets the covenants.

Credit

Credit risk is the possibility of losses if the counterparty fails to comply with its obligations. It also involves miscalculating limits, guarantees and sureties, thus leading to costs in renegotiating debts or recovering receivables. In sales of postpaid services, we perform a rigorous credit analysis on clients before activating the product. We also adopt procedures that help mitigate risks, such as invoice payments by direct debit and client loyalty initiatives. With these and a series of other procedures, our credit risk has remained within the limits established.


COMPLIANCE RISK

Laws and Standards

Compliance risk refers to non-compliance with environmental, labor and tax laws or regulations and a lack of good practices, thus exposing the Company to legal action by regulatory bodies. Industry regulation risks are a matter of great concern for the telecommunications industry due to the obligation to comply with existing regulations or the introduction of new rules. This exposes the Company to penalties such as fines, damage payments to third parties and impacts on the Company’s image. To reduce exposure, we seek to participate in discussions with ANATEL, other operators and industry associations. Based on those discussions, we design strategies and plans to mitigate risks.