Corporate Governance and Transparency

Risk Management

GRI 102-11

Algar Telecom’s risk management is guided by our Policy on Strategic Management of Risks and was structured based on international best practices and standards, such as those issued by the Committee of Sponsoring Organizations of Treadway Commission (COSO).

The processes devised for this purpose identify risk factors (causes), map mitigating internal controls, assess the impact and probability of occurrence, set limits and implement action plans.

Accordingly, our Risk Matrix provides a comparative view of our risks according to their impact and probability rating, with risk factors classified into five categories:

Key Risks

External factors can lead to disruption of local and global logistics and supply chains, causing shortages of essential products and services. A risk also exists that suppliers could face problems, such as attempts at commercial retaliation by governments, which may keep them from selling their products and services. We periodically monitor these risks, anticipating decisions to mitigate potential impacts on the results of the business.

We do business in an ecosystem that is widely exposed to cybersecurity risks. To mitigate these risks, we use solutions that protect us from willful or accidental contamination, malware and viruses, and we have a structure that detects abnormalities in our internal and external networks, cyberattacks and abnormal traffic. We also use tools to control access to confidential data. In compliance with the General Data Protection Law (“LGPD”), we adjusted our internal processes and policies, disseminated changes across the board and implemented a data leak protection system, with a view to meeting the applicable legal requirements and reinforcing our cybersecurity environment.

The availability of our services depends on technologies, systems, processes and people, as a result of which any weakness in any of these links may potentially affect our customer service. To reduce these risks, we identified and prepared action plans to address key internal or external factors. Network and service elements are continuously monitored by the Network Operations Center, which has technologies, systems and skilled professionals to identify and handle any incidents and fast as possible, thus reducing service unavailability times and their impacts on the lives of customers and on our Company.

The litigation risk is represented by the possibility of change in the degree of risk of tax, labor, regulatory, civil and other litigation due to any such changes in case law as may adversely impact the business. Lawsuits are monitored by the Legal department in conjunction with the law firms retained, with periodic reports to the Executive board. Actions plans are devised with the teams involved as a way of addressing the root cause of risks.

This risk is represented by the possibility of breach of the laws governing relationships with government entities, which can lead to fines and damages to the Company’s image and reputation. Our associates are better prepared to tackle dilemmas concerning public bidding processes thanks to our dissemination and training in specific rules. Compliance area realised the risk assessment of this process with the envolved stakeholders.

As a response to the mapped risks, measures were designed to mitigate them. However, if any associate should engage in any illegality, we have an effective Compliance Program implemented.