The Group’s Risk Management Framework is based on a continuous process of risk assessment, which is an integral part of the normal decision-making and management processes.
The Risk Management process is aligned with the ISO 31000 international standard’s recommendations, and seeks mainly to distinguish what is irrelevant from what is material, requiring an active management which involves the assessment of sources of risk, the probability of occurrence of a certain event, and the consequences of its occurrence within the context of the control environment.
The Group prepares and maintains an overall risk profile that lists all relevant operational and strategic risks, as well as the corresponding implemented mitigation and control mechanisms. The list is updated regularly with information from the on-going risk assessment processes.
Within the scope of the risk assessment processes, the Strategy and Risk Management Department coordinates an annual global review, in which, together with the first and second lines of defence (identified in point 52), an exhaustive analysis is carried out, including the internal and external conditions that influence the environment in which the Group operates. This exercise, which is part of Jerónimo Martins’ strategic and operational planning processes, ensures that the main risks and respective mitigating initiatives are duly identified and considered during planning. This process triggers the development of the alternatives under analysis as well as the identification of new activities that strengthen the defence of the targeted objectives.
The criticality level of each risk is determined based on the Group’s Risk Matrix which considers, at different levels, the probability of occurrence of certain events, as well as their expected impact on the defined indicators. Risks considered to be more critical and/or that may have a more relevant impact on the Group’s objectives are subject to a quarterly reassessment, in order to ensure that any relevant changes are duly considered.
The Strategy and Risk Management Department also maintains permanent contact with the main elements of the different lines of defence to update its assessment of risks and monitor mitigating initiatives, and constantly follows all changes that may influence the strategic and operational environments of the Companies.
Through the Risk Committee, which assists and advises the Managing Committee (as per point 51), analyses are carried out on the risks that most affect the Group, in a multidisciplinary approach and through which new forms of mitigation are stimulated and other forms of action are promoted.
Throughout the entire process, open and regular communication channels are ensured between all the elements that compose the organizational structure of Risk Management (listed in point 52).
Annually, the Board of Directors approves, after a favourable opinion from the Audit Committee, the budgets and strategic plans for the following year, taking into account the opportunities and risks considered.