STRATEGIC RISKS
Governance
Risk to the sustainability and longevity of the business due to an inability to set rules of coexistence, succession of shareholders and executives, as well as institutional relations, thus leading to the company take the wrong direction and reducing its market value. The governance risk management initiatives are described in detail in the Governance section.
Strategy
This risk is related to strategy development and our assessment of the assumptions that serve as a basis for long-term planning and investments. On a yearly basis, we develop, evaluate and discuss scenarios considering regulatory aspects, macroeconomic prospects for the telecommunications industry, competition and the risk factors that arise from them. After evaluating these scenarios, we develop the strategic plan, with goals and plans to achieve them. A major risk in this category is the entry of new business competitors, with the possibility of a drop in margins connected with efforts to protect our client base. Consequently, we monitor the competition environment, assess potential impacts and outline strategies to safeguard our concession area and continue growing in our expansion area.
OPERATIONAL RISKS
Management
Management risk arises if the companies’ performance, time limits and/
or adherence to the strategic plan are poorly monitored, and/or strategic projects are executed unsuccessfully with regard to projected results. In this category, we highlight the risk of depending on suppliers, due to the possibility that the supply of services and equipment relevant to the company may be interrupted. We have introduced the BSC–Balanced Score Card management methodology to integrate strategies and operations. The purpose is to allow the executives to discuss the performance of all areas vis-à-vis the strategic goals set, as well as propose alternatives when needed. This tool allows us to extend the strategy to all company levels, thus aligning the organization, executing the strategy in a more disciplined manner and, consequently, mitigating management risk. Another management practice we use is PMO-Project Management Office, intended to ensure that all projects follow our business strategy and are executed with discipline. We evaluate projects regularly and prepare recommendations to correct errors. We mitigate our dependence risk by classifying suppliers according to how much of our purchased volume they account for and how difficult it would be to replace the services they provide. Afterward, we monitor their financial health and seek to develop providers of equipment or services considered critical.
Processes
This risk is related to operational capacity and continuity, mainly of critical services for clients, resulting from incidents on sites; networks and towers; or obsolete, or a lack of redundant, equipment. These situations may lead to interruptions of service; equipment losses; or damage to, or ceasing profits for, third parties. This risk is monitored by using processes, systems and indicators at the Network Operations Center (NOC), a structure designed to detect and handle incidents. Indicators are reported to ANATEL on a monthly basis. Since 2010, we have had a Crisis Manual, which covers situations that may affect our reputation, such as interruptions of service, accidents with associates and third parties and strikes. The contents were revised in 2014, with the introduction of a Telecom service continuity plan to serve as a governance guideline and ensure operational continuity and disaster recovery.
Information Technology (IT)
This is the risk of system outages that may affect the continuity of the Company’s service or lead
to interruptions of critical processes, mainly those that support customer service. It is also connected with unauthorized access to data and information, vulnerabilities in logical access controls, lack or breach of policies and statements of responsibility, external attacks or improper disclosure of information. To ensure that systems and services are available at
all times, we mapped all systems critical for the operation and introduced availability indicators and goals, which are monitored to prevent interruptions. Concerning security, our associates have an Information Security Policy, in addition to monitoring, backup and restore routines for data and systems.
People
This risk arises from a difficulty in attracting and retaining talents with the necessary skills due to external and internal factors, such as competition and the organizational climate. The risks related
to attracting and retaining people, and executive development and succession are monitored through turnover indicators and an annual Climate and Engagement Survey to assess the effectiveness of our initiatives to improve the work environment, associate satisfaction and retention. We seek references in the market to remain attractive and regularly update our compensation and benefits plans and other factors that improve associate satisfaction, such as flexible hours.
FINANCIAL RISKS
Market
Market risk is the possibility of a decrease in our investment capacity due to changes in exchange rates and an increase in interest expenses due to changes
in interest rates. Part of the Company’s investments
are used to purchase equipment priced in U.S. dollars.
A change in the exchange rate could lead to the need to increase investments or review priorities in projects already approved. Seeking to anticipate potential impacts, we monitor exchange rate fluctuations and evaluate scenarios continuously. Concerning the interest rate
risk, we monitor trends in interest rates and expected deviations, which are measured statistically. Mitigation actions include lengthening the debt maturity and using subsidized credit lines to minimize the effects on financial expenses.
Liquidity
Liquidity risk is defined as the Company’s inability to honor its obligations due to either a shortage of cash
in the market, or the Company’s low attractiveness to investors, or else a cash flow mismatch. Liquidity risk is also connected with the Company’s debt level, which may lead to a failure to meet covenants (clauses in loan contracts and debt instruments), a deterioration in the Company’s financial health and increased business risk. In this regard, we introduced conservative financial health indicators in comparison with those covenants. A basket of indicators is monitored continuously to ensure that it meets the covenants.
Credit
Credit risk is the possibility of losses if the counterparty fails to comply with its obligations. It also involves miscalculating limits, guarantees and sureties, thus leading to costs in renegotiating debts or recovering receivables. In sales of postpaid services, we perform a rigorous credit analysis on clients before activating the product. We also adopt procedures that help mitigate risks, such as invoice payments by direct debit and client loyalty initiatives. With these and a series of other procedures, our credit risk has remained within the limits established.
COMPLIANCE RISK
Laws and Standards
Compliance risk refers to non-compliance with environmental, labor and tax laws or regulations and a lack of good practices, thus exposing the Company to legal action by regulatory bodies. Industry regulation risks are a matter of great concern for the telecommunications industry due to the obligation to comply with existing regulations or the introduction of new rules. This exposes the Company to penalties such as fines, damage payments to third parties and impacts on the Company’s image. To reduce exposure, we seek to participate in discussions with ANATEL, other operators and industry associations. Based on those discussions, we design strategies and plans to mitigate risks.
