Risk
management
Risk
Risk management at Avibras is aligned with the standard ISO 31000:2009, Risk Management Principles and Guidelines. It is a strategic process for the company and is linked with strategic planning, supporting the pursuit of the organisation’s goals and targets.
The model aims to involve all the agents in the organisational structure, standardise concepts and practices, establish an efficient and dynamic information flow and increase transparency for stakeholders.
Risk management is directly linked with senior management, ensuring effective and dynamic corporate governance for the formulation of strategy and decision making at Avibras.
In the course of 2017 and 2018, 73 risks were identified and addressed in the company. Of these, 80% were mitigated, while the remainder are being monitored closely, due to the heavy investments involved.
The risk management process is ongoing and is constantly evolving. In 2019, the process gave Avibras executives greater visibility and awareness of the strategic, financial, regulatory, operational and information security risks the company faces.
Intelligent risk mitigation is an ongoing evolutionary process, which encompasses the internal dissemination of corporate risks, the incorporation of best market practices and the enhancement of risk management processes.
Risk management ensures effective and dynamic corporate governance for the formulation of the company’s strategy and decision making
The Internal Audit area is responsible for managing corporate risks and for the Avibras Ethics Channel. Corporate risks related to information security or the provision of support for investigations are handled by the Information Security area, which works in partnership with Internal Audit. In the event of a breach of the code of ethics, the audit area convenes the Ethics Committee to rule on the violation and also involves the Information Security area, should this prove necessary.
In addition to the identification of risks by those responsible for processes or by internal audit, the analyses conducted by the security information area may also detect security risks.
Information security is a strategic discipline for Avibras. The company recognizes and makes investments designed to ensure that cybernetic threats do not jeopardise its performance.
Information security measures are defined by means of a risk mapping process agreed on the with office of the CEO and implemented jointly with the Information Technology area. The measures are monitored periodically. Annual planning includes measures oriented to people, processes and tools, a fundamental investment to protect the value information has for the company.
Like other organisations, Avibras is subject to a significant volume of threats, which are countered by means of strong perimeter protection, segregated data networks, USB port blocks, restrictions to the use of image recording equipment, staff training, the updating of technologies, among other resources. The challenge is always to achieve a balance to ensure that the protection measures do not jeopardise business performance.
Measures to drive awareness of the importance of information security are part of a permanent process in the company’s culture. In 2018, Avibras organised awareness actions and training, involving talks, courses and the dissemination of best practices via diverse communication channels, in addition to interactive group dynamics. The objective is to prepare staff to identify threats, adopt preventive measures and report suspicious actions.
Due to the contracts the company has with the Armed Forces, Avibras is subject to specific legislation. In 2018, the company received security clearance for handling classified information from the Federal Executive Sphere.
Confident about its culture, attentive to the external conjuncture, and aligned with technological trends, Avibras continues to promote the preservation of knowledge to ensure the perpetuation of its business.