Keywords: Operational Risk, Non-Financial Companies, Risk Management, Risk Mitigation. ... Acting this way, they are exposed to new management, business, ...
OPERATIONAL RISK MANAGEMENT IN NON-FINANCIAL INSTITUTIONS: CASE STUDIES IN BRAZILIAN COMPANIES Luiz Carlos Jacob Perera, Universidade Presbiteriana Mackenzie, São Paulo, Brazil Herbert Kimura, Universidade Presbiteriana Mackenzie, São Paulo, Brazil Roberto Borges Kerr, Universidade Presbiteriana Mackenzie, São Paulo, Brazil Fabiano Gasti Lima, Universidade de São Paulo, Ribeirão Preto, Brazil
ABSTRACT This article uses the concepts of risk management, widely advertised and adopted by financial institutions to investigate the possibility of using these techniques and suggestions for companies in the non-financial sector. The work aims to highlight the importance of managing operational risk in non-financial companies, as well as illustrate their actions against the inherent risk in operating activities. The aim is to identify the mitigating actions for operational risk through the management reports, as these actions may convey greater certainty in the relationship with stakeholders (shareholders, investors, analysts, suppliers, regulators, etc.). In methodological terms, we chose a qualitative exploratory research that resembles a multiple case study. The work was developed through the analysis of institutional reports of the companies studied. Although there is a requirement of regulatory bodies to create specific control of operational risk or disclosure, we found evidence of actions taken to mitigate and disclose the main risks inherent to the activities of enterprises. In general the analyzed companies were concerned about managing their operational risks, without, however, detail the measures taken. Keywords: Operational Risk, Non-Financial Companies, Risk Management, Risk Mitigation.
1 INTRODUCTION The current business environment, internal and external for organizations, is dynamic and uncertain, and could be subjected to various types of risk. Managers are usually committed to numerous responsibilities and goals to be met concurrently and often conflicting. The requirement of making decisions for daily demands requires the use of tools that minimize the risks and therefore assures greater security and stability operations. The control is the key to direct the companies’ operation. For the past decade when many financial scandals have emerged as the cases of Enron, World.Com, Tyco, Arthur Andersen, as others, the control of companies’ operation has evolved to a more dynamic and secure practices. The rules in this area culminated in 2002 with the creation of the Sarbanes Oxley Act, which aims through tighter operational controls and other corrective measures, to provide to investors and the market the reliability and quality of financial statements of the public companies. Even with tighter control imposed on public companies, the crisis in the U.S. financial system in 2008 quickly spread to other countries and sectors of the global economy. Centenary companies, considered stable by the market, as Lehman Brothers, General Motors and Chrysler, and the Federal National Mortgage Association (FNMA) - known as Fannie Mae (1938) - declared bankruptcy, sighting management problems and effective control problems of the risks involved in its operations. Although this disappointing page in economic history started in the United States and quickly impacted Europe and Asia, Brazil didn’t escape unscathed. The strength of the global economy and ease in obtaining local and international credit made many Brazilian companies divert the focus of their main object to risky operations in the financial market, featuring a serious operational risk. The question-problem in this research was: How do non-financial companies manage and disseminate operational risks which they incur? The aim was, through an exploratory study to show how the nonfinancial companies assess the operational risks, affect their management and disseminate relevant information to stakeholders. This study is structured as follows: introduction that contextualizes the risk environment; theoretical summary addressing the topics of operational risk; study methodology; then evaluates the latent
operational risks in the companies: Natura, Petrobras, Sadia and Vivo. Finally, it presents the final considerations with the contributions, limitations and suggestions for further study.
2 LITERATURE REVIEW The interest of deeply analysis of operational risk management is given by the development of the global economic scenario, in which companies have gradually expanded their focus, scope and geographic reach to survive. Acting this way, they are exposed to new management, business, environmental and policies situations, including, even, different rules than those known in their own businesses. 2.1 Risk Definitions Risk is naturally associated with any adverse situation of danger, but also something that must be overcome for a certain goal to be reached. In terms of the social sciences the risks are automatically associated with the costs of obtaining returns. When it comes to human relationships, the risks are easily associated with the individual who has an aggressive profile in the management of their activities. Opposed to this profile is the individual who has conservative characteristics. Risks can be classified in several ways: market risk, credit, interest rate, real estate, commodity prices, operational, payments, liquidity, insolvency (Herstatt risk), regulatory, systems, disasters, legal, macroeconomic, efficiency, purchasing power, financial, etc.. Figure 01, based on Shimpi (1999), illustrates the global environment of risks and their possible classifications.
GLOBAL RISKS
Market Insurance Commodities Interest Change Credit
Operational Personal Accidental Consequence Criminal Data
Politics War Social Terrorism Regulatory Political fragmentation Climate changes Population explosion Fundamentalism Nuclear weapons Pandemics Business Risk
Legal Contracts Professional Statutory
Hazard
Figure 01 - The Global Risk Environment Source: Integrating Corporate Risk Management, Shimpi (1999)
According to Damodaran (1997) the risks in a traditional sense, tend to be seen as harmful. Moosa (2007) notes that risk can be defined as the act of being exposed to danger or accident, which means uncertainty. For the investor, we can say that the risks are a greater reward, which is potentially associated with a risk in the same proportion.
Assaf Neto (2003) summarizes the risks as being directly associated with likelihood of achieving particular outcomes in relation to a particular expectation. In addition, Vaughan (1996) conceptualizes risks as a condition in which there is the possibility of adverse deviation from the expected results. 2.2 Operational Risks There is no single definition for operational risks. But we can say that they are about possible problems that can disrupt the normal conduct of certain activities associated with the operations of businesses, even financial, commercial, industrial or service. To Crouhy, Galay and Mark (2004) the concept of operational risks can be difficult to be defined and differentiated from natural hazards that can be faced by companies in their day-to-day. Some companies still believe that operational risks should be understood as something that can’t be included as market or credit risks. However, the definition that best fits the understanding of operational risks is that it represents the risk of loss resulting from inadequate or failed internal processes of a company, in human actions, systems or due to external events. Culp (2001) agrees when he argues that the problems related to operational risks arise because of inadequate attention given to the processes and systems, or because people fail in their performance, or their functions are poorly clarified. Operational risks are difficult to define because of the broad spectrum of potential loss events it covers. According to the segment where the company acts this may be subject to various operational risks inherent to the business. Table 01 - Operational Risk, presented above, lists, in the view of the British Banking Association (BBA), the main aspects of operational risk to be considered and controlled. Aspects of Internal Operational Risk include People, Processes and Systems, while External Operational Risk presents categories and subcategories accepted by researchers. This study followed the vision of operational risk adopted by the BBA.
External
External Risk
Physical
Table 01: Operational Risk Internal Risk People Processes Systems Fraud Accounting errors Data quality Employee error Risk capacity Programming errors Loss of key employees Risk of contract Problems with insurance Loss of employees Deceptive sales Strategic risks (platforms and Employee loan Project risk supplies) Legal dispute with employees Reporting errors System capacity Health and safety Payment errors System compatibility Industrial action Transaction errors Delivery system Lack of knowledge and skill Validation errors System failures System adequacy Source: Brittish Bankers' Association (Jorion, 2007)
Legal Money laundering Outsourcing Political problems Regulation Supplier risk Taxes Fire, theft, terrorism Natural disasters Physical security
2.3 Operational Risk Management According to Moosa (2007), the operational risk management should not be seen as a new idea or even as something that companies do not bother until then. Operational risk has always been considered by the companies, as can be seen in insurance policies and all the security actions adopted in favor of the business and employees.
Vaughan (1996) supports this statement by reminding that from the beginning, human species, exposed to risk and adversity, behaved in a way to deal with the risk factors for staying the course of its own existence. From the initial reasoning, it could be possible to conclude that it was reasonable to believe that risk management is one of the oldest activities in the world, because without it the human race and other species would have perished.
McLorrain (2000, apud MOOS, 2007) reiterates the contributions of Vaughan (1996) and argues that the leading expert in risk management is the Mother Nature, because the species were able to survive and thrive even when faced with challenges arising from predators and climate change. While it may be
understood as a poetic vision of treatment with risk, these authors really lead to a clear vision of risk management that can be applied both in a day-to-day life of the individual, and in the corporate world. Duarte Jr. (1996), experienced professional and recognized academic in the Brazilian domestic market, said that operational risk is related to possible losses as a result of inadequate systems and / or controls, management failures and human error. In his view operational risk can be divided into three main areas: i) organizational risk, related to inefficient organizations, b) the risk of operations, related to problems with overloads systems, processing and storage of data which are subjected to fraud and errors, incorrect confirmations, etc., c) personal risk, related to problems with non-qualified employees or poorly motivated ones, etc... More recently, Mengla (2003) argues that risk management is to ensure the following tasks: i) define the responsibilities of risk management, ii) obtain, analyze and report quantitative information on the risk of the business, iii) develop and strengthen standards, limits and controls, and iv) identify and resolve problems associated with the risks inherent to business units. Whereas the process of risk management, the Bacen (Brazilian Central Bank, as Federal Reserve for the US) issued Resolution 3380 of 2006, which deals with the structure of operational risk management. Briefly, it consists of the following steps: i) determination of objectives, ii) identification of risks, iii) risk assessment, iv) to consider the alternatives and choose the best resource for the treatment of risks; v) implementation of decisions, including means of implementing the requirements and vi) evaluation and review processes. 2.4 The Basel Committee and the Operational Risk Management for Financial Institutions The activities of risk have been studied with great intensity by financial institutions. In particular, the banking sector which is organized globally with the paradigm of directives issued from the committee on banking supervision of the Bank for International Settlement in Basel (BIS). In 1988 the Committee introduced the Basel Capital Accord, as a framework for measuring credit risk, which has become a world standard, accepted by all the central banks of developed economies. The original agreement has improvements in its structure, and in the late 2006 launched a review of the original agreement, known as Basel II. The standards suggested it has intended to give more transparency to the various types of risks faced by international banks limiting the possibility of contagion in a crisis and strengthening the infrastructure of global financial as a whole (BIS, 2009). A major focus of Basel II is called Operational Risk. Table 02: Imminent Risks in Financial Institutions Kind of Risk
Risk Event
Internal fraud
Reports with information intentionally altered, employee theft, etc..
External fraud
Theft, forgery, loss of external access to computers of banks (hacked), etc..
Employment practices and safety in the workplace
Labor claims, violation of work rules and health of employees, discrimination complaints, etc.. Exposure of sensitive customer data, improper trading activities, lav of money, etc..
Business, customers and products pratices Loss of property
Terrorism, vandalism, fire, flood, etc..
Disruption of operations and system failures
Flaws in software and hardware, telecommunication problems, etc..
Source: the authors, based in BIS, 2004
The Committee defines operational risk as the risk of loss resulting from improper practices or failures in internal processes, failure of personal and systems, or coming from external events. This definition also includes legal risk and excludes strategic risk and reputation risk. Table 02 - Imminent Risks in Financial Institutions, below, classifies and identifies the main risks to which a financial institution is subject to. The existence of an international committee on banking supervision strengthens the control of the activities of the financial industry, which does not exist for other sectors of the global economy. However,
successful practices of this sector should be adopted by non-financial sectors with the aim of preventing joint ventures in other business sectors. To illustrate this it is transcribed below, in summary form, the principles guiding the policy of management of operational risk for financial institutions. See Table 03 Recommended Principles by BCBS for Operational Risk Management (ORM). Table 03: Principles recommended by the BCBS for Operational Risk Management (ORM) * Appropriated Environment to the Risk Management 1. The institution must have an adequate definition of operational risk and structure to implement it; 2. The structure of effective ORM should comprehensively and subjectly to independent internal audit; 3. A senior administrator must be responsible for all risk structure approved by the board. * Risk Management: Identification, Evaluation, Monitoring, Mitigation and Control 4. The FIs should identify and assess operational risk in all its activities, products, processes and systems; 5. The FIs should monitor the operational risk profile that may subject it to material losses; 6. The FIs should have policies, processes and procedures to control and / or mitigate the operational risks; 7. Banks must have contingency plans for business to ensure its ability to continue operating steadly (ongoing basis) and to limit their losses in case of severe disruption. * Role of Regulatory Elements 8. Regulators should require all banks to have a structure able to identify, assess, monitor, control and mitigate operational risks as part of a larger framework of risk management; 9. Regulators should lead directly or indirectly independent assessments of policies, procedures and practices relating to operational risk. * Role of Disclosure 10. Banks should make adequate disclosure to the public, to enable market participants to access their approach to ORM. Source: adapted from BIS, 2003 - in Perera, 2009
3
Methodology
The methodology used for research resembles a multiple case study. The case study, according to Yin (2006) is one of several ways of performing research in social sciences, and it is an empirical investigation, or investigates a phenomenon within its context. Research faces a unique situation and should be based on multiple sources of evidence and benefit from the development of data collection priory. The case study can be used as a research strategy to contribute to the knowledge of individual, organizational, social, and political group phenomena. Yin (2006) reiterates that the choice of design of a single or multiple cases depends on the research plan to which the researcher is beginning to investigate. When it comes to the issue of operational risk management in non-financial institutions, the research strategy adopted was to examine four large companies, leaders in their markets and belonging to different industries, which were: Vivo, Petrobrás, Sadia and Natura. All listed in the BOVESPA, with available information for shareholders, stakeholders and everyone. The appearance diversification was essential to the researcher to have a wider view of the treatment of operational risk in the market. The survey consisted of a thoroughly analysis of institutional information within five years (2004 to 2008), including financial statements, management and performance reports, relevant facts, companies’ website and other available publications such as periodicals (magazines and newspapers), widely circulated in the media. After reading and material was selected, a scan was performed of the information in order to select topics that were related to evidence management, control, actions, and even projects or concerns about operational risk situations. Specifically, the websites of the Brazilian Securities and Exchange Commission, CVM (2009) and Brazilian Stock Exchange, Commodities and Futures Exchange, BM&F (2009) and also the periodicals Valor Econômico and Estado de São Paulo were consulted, in the period covered by the survey. Thus, we opted for exploratory type of structure, through which was possible being made a comparative analysis of the chronological-regarded companies in the survey. 4
Presentation of Data Analysis
From Table 04, below, it could be possible to realize that all companies are publicly traded and sprayed sufficiently to be significantly traded on BOVESPA. Companies are consolidated and the youngest is about ten year’s operations, while the others are more than forty years. All are leaders in their market segments and have significant revenues. Petrobras is the largest Brazilian company and one of the largest in the world. The companies’ equities, as well as their number of employees are significant, justifying their representation for their inclusion in the study. Table 04: Sociographic Business Information VIVO
PETROBRAS
SADIA
NATURA
1998
1953
1944
1969
S/A Traded 50% Telefônica 49% PT Moveis
S/A Traded Brazilian Government 32%
S/A Traded
S/A Traded
Founders - 25%
Founders - 73%
Telecommunications
Petrochemical
Food
Cosmetic
Leader 29,80%
Leader 91,00%
Leader 24,80%
Leader 25,00%
Revenue (31/12/2008)
R$ 21 Billion
R$ 266 Billion
R$ 12 Billion
R$ 4 Billion
Equity (31/12/2008)
R$ 8 Billion
R$ 138 Billion
R$ 0,4 Billion
R$ 0,7 Billion
8.386
55.199
60.580
5.698
Constitution Type of Company Stock Control Sector Market Share
Employees (31/12/2008)
Source: the authors, based in Institutional Reports
4.1 Vivo S.A. Vivo is one of the companies operating the mobile service in the country. It currently is the leader in its segment, but the entry of new players in the market and the adoption of the law of portability should require the company greater control of operational risks inherent to its activities. From the analysis of the information disclosed by the company over the past five years, there could be highlighted four main findings of operational risk and its management: People: for being a service provider, this item is an evidence of a very strong operational risk, because much of the company’s activities deal directly with the end consumer. For greater customer satisfaction, has been conducting training programs and qualification of personnel with emphasis on developing supervisors for its Call Centers and Back Offices with a focus on solving problems by the first phone call from the client. These actions allowed, during the periods analyzed, the reduction in number of complaints and lawsuits. Systems: the company is totally dependent on modern systems to meet the innovations of a highly competitive and demanding. Given this need, we find some actions such as the construction of new CPD (Center for Data Processing), the deployment of new network with GSM (Global System for Communications), the development of new types of IT (Information Technology) and the creation of IT governance to enhance the credibility of its operations. Such measures contributed to greater efficiency and reduction of fraud and cloning of cell phones. Rules: the intensification of Anatel supervision, the national regulatory agency for telecommunications, has led the company to intensify the training of personnel with focus on reducing service time. Another important aspect is the actions undertaken by the company aimed at meeting the requirements of the Sarbanes-Oxley Act of 2002. From 2008 the company has included in its annual reports the 20-F form, which attests that internal controls were subjected to an evaluation process in accordance with the American regulatory rules. Natural Disasters: concerned about the environment, the company has developed campaigns for recycling of batteries and old cell phones.
Partial Conclusion: The financial statements presented are in line with international accounting standards, with great volume and detail of information distributed by subject. The valuation of the company in its market, considering the internal and external environments, contributed to analysis and identification of evidence of operational risks. Even though there was no explicit note about it. 4.2 Petrobrás S.A. Petrobrás is the largest Brazilian company and one of the largest oil companies in the world. It is in the open market, and the largest shareholder is the Brazilian government, which favors the company in terms of competition and market reserve. Among the main activities of the company, there are: exploration and production of oil, gas and power production, refining, transportation, storage and distribution of fuel oil. From the analysis of the information disclosed by the company in the last five years, we highlight the main evidence of operational risk and its management: People: the company has about 60.000 employees, working in various companies. Its main subsidiaries are: Transpetro, Liquigás, Refap and Petroquisa. The high number of staff allows for errors that may harm the development of its operational activities. To control the inherent risk, the company maintains an extensive training program and training of employees, both those working on land, as those working on offshore platforms. Process: Due to the enormity of the company and the large number and diversity of processes, it is affected daily by the risk inherent in its administrative and extractive operations. The tasks performed are affected much by human, mechanical and systemic factors. For the mitigation process and other risks of the company, there is a corporate governance structure composed of the Board and its Committees. Risk management procedure is effectively controlled by the Committee for Risk Management and identification, quantification, response and risk management systems. Systems: There is a possibility of the company's operations being paralyzed by transmission problems and loss of information. In order to mitigate this risk, the company maintains strict computer controls, and has a quota of qualified staff, support of internal and external consultants. It also has contingency plans and redundancy for file and control information. Legal: Petrobrás and its subsidiaries are involved in legal proceedings in civil, tax, labor and environmental. The Company recorded provisions for such procedures like the opinion of its legal counsel and external affairs, sufficient to cover probable losses. For processes that Petrobrás judges as possible or remote risk of loss, the value is not provisioned. It follows the rules of the Securities and Exchange Commission. Political Issues: The Company is a public-private company and has the federal government as its main shareholder and manager of day-to-day operations. The government tries to maintain a professional management in the Company, and intend that this should not be influenced by partisan political interests, among others. However, one can consider the possibility of undue interference from government as an operational risk. Rules: Just as in the case of Vivo, Petrobrás is also heavily monitored by a regulatory agency, the ANP (Brazilian National Petroleum Agency). Although it is very important to external audit as a way to mitigate risk, the ANP and the federal government, also behind the company's operational risk, investigates the company due to possible tampering of the company and all the domestic oil market. Fire, Theft, Physical Security and Terrorism: The Company is exposed to operational risks related to the possibility of one of its refineries or offshore platforms are the target of fire, robbery or even terrorist activities, as support projects in high-risk countries, such as Libya, Iraq and Iran. To mitigate these risks the company has insurance against fire and stops operating for facilities, equipment and products in stock. However in the case of terrorism can not have a control and this risk is inherent in the company's operations. Natural Disasters: The Company is very susceptible to problems and operation stops due to natural disasters, especially in the case of their offshore platforms. In such cases the insurance company hires for its tankers, supplies vessels, fixed platforms, floating production systems and drilling rigs at sea.
Partial Conclusion: During the analysis of Petrobrás, it was found that relevant information is disclosed about the risks of the enterprise. Petrobrás, due to its size, scope and diversification of its activities, is the company that registered the highest number of risks analysis. There are many types of risks that are common between Petrobrás and large companies in general, as the risk of failure of people, processes, systems and legal. Note, however, the major specific risks, such as regulatory risk due to the influence of the government. However, the risks of natural disasters, which are linked to potential problems in its oil platforms, refineries and pipelines, are difficult to assess and quantify, because the information in this area is scarce. Its coverage and protection is due to the insurance companies. 4.3 Sadia Sadia is one of the largest food companies in Latin America, a national leader in the food derived from meat and one of the largest exporters of the country. The company is in the open market since 1971, and also Sadia launched in 2001 its ADRs - American Depository Receipts on the New York Stock Exchange and enrolled in Level 1 of Corporate Governance in BOVESPA. In 2004, the company became part of Latibex, index of Latin American companies of the Madrid Stock Exchange. For operational risks found in the analysis of the information disclosed in the last five years, the company may be cited as follows: People: both those who deal directly with animal husbandry as final consumers are subject to a variety of risks, including disease, contamination. Despite making reference to the risks of people through the company's website, it does not disclose anything related to these risks and their ways of management and mitigation in their financial statements. Rules: food producers in Brazil, including the company, are subject to strict environmental laws and regulations by federal, state and municipal governments for, among other things, human health, the handling and disposal of waste and discharges of pollutants into the air and water. The company website mentions only the relevant risks, but no information management and mitigation of risks are evident in its financial statements. The company takes all necessary measures to comply with Brazilian environmental legislation. It discloses clearly and in detail the formation its committees of environmental management, responsible for management of environmental risks related to its operations. As well as the development of prevention of accidents and draw up contingency plans to deal with possible emergency situation. Natural Disasters: the company's operations involve breeding, which is subject to a variety of risks, including diseases. The meat is subject to contamination in the manufacturing plants and distribution. The contamination in the process of industrialization can affect a large number of products of the company and consequently generate a significant impact on their operations. As a company involved with raising and slaughtering of poultry and pigs, Sadia develops activities with positive effect on environmental impact, especially in relation to pollution of water resources, treatment of animals and deforestation. Partial Conclusion: It is noted in regard to the disclosure of managing operational risk, the company did not disclose any information about what methods are used to manage and mitigate them. In a uniform manner the disclosure of market and credit risk are widely disseminated and highlighted. It appears that Sadia shows concern in managing their operational risks, but only highlights the requirements of regulatory bodies such as the BOVESPA and the CVM. 4.4 Natura Natura operates in the cosmetics domestic market, fragrances and personal hygiene. One of the reasons the company is the constant search for excellence of its products and services essential for the establishment and maintenance of quality in relation to their audiences. The company maintains and develops a social-environmental management charge, supported on two pillars: the ethics and sustainable development. From the analysis of the information disclosed by the company over the past five years, we highlight five main evidences of operational risk and its management: People: One of the key actions for the management of staff is the relationship with the company for its consultants, which concentrate the greatest strength of the company's sales in Brazil, are about 5,700 employees and 850 thousand dealers. In recent years, Natura has invested heavily in training and in the intensification of contacts with retailers through meetings, workshops and launching events, resulting in reducing the turnover. The company acknowledges, however, that there are opportunities for improvement in that relationship, especially in providing services to consultants. Currently, Natura has
intensified its relationship with its sales force, as the project-oriented consulting, which extends throughout Brazil. Natura intends to increasingly invest in the management of organizational culture, the development of employees and leaders to ensure the perpetuation of the values of the company. Process: According to the data analysis performed, the Company invests in innovative management, science and technology. For the company, technological development includes the mobilization of large social networks capable of integrating scientific knowledge with the wisdom of traditional communities, promoting at the same time the sustainable use of the nature and a large increase in productivity. The company intends to promote the development of the model and organizational design, adapting its structure to the main processes. Legal: the company, its shareholders, officers and members of the Audit Committee resolve through arbitration any dispute or controversy that may arise between them related to the validity, effectiveness, interpretation, violation and effects of the various legal devices that support the company's activities. There are assumed the legal provisions contained in Law No. 11638/07, published by the CVM rules and other regulations. Vendor: as a way of improving relations with Suppliers, the Company has expanded and improved its certification according to the concepts of quality, logistics, innovation, contract, service and traceability, classifying suppliers into categories in order to implement specific development plans. The industrial outsourcing policy provides the utilization capacity and production skills of providers, be they domestic or foreign. The result of this process will make the outsourcing a competitive advantage through the development of lasting partnerships. Natural Disasters: The Company believes that an environmentally responsible company should manage its activities to identify the impacts on the environment, seeking to minimize those that are negative and increase positive ones. Thus acts to maintain and improve environmental conditions, minimizing its own actions potentially harmful to the environment and spreading to other business practices and knowledge gained experience in environmental management. By taking the policy environment as an element in its policy of sustainability, Natura also seeks eco-efficiency throughout its value creation chain. In pursuing the eco-efficiency, promotes the development of biodiversity and its social responsibility. Partial Conclusion: Among the main actions on the environment, which focuses the entire business strategy and where they are stripped of resources and raw materials for the manufacture of their products, it is important to highlight: i) responsibility to future generations ii) environmental education, iii) management of the impact of the environment and the life cycle of their products and services, and iv) minimization of input and output of materials. Nature is worrying about the management of their risks as analysis of their reports and through actions to deal with natural hazards of its business.
5
FINAL CONSIDERATIONS
By that time there is not an extensive literature on operational risk in non-financial companies, even a specific committee which could determine minimum requirements for the mitigation of risk associated with each sector of the economy. However, it appears that the non-financial companies analyzed showed the concern for the safety of their operations and strong continuity of their business. Through the research it became clear that the companies surveyed have sought to mitigate their operational risks. In general the analyzed companies were concerned about managing their risks. Through the information gathered during the study period of five years, several actions have been proven to be developed for risks relevant to its own operations. Considering the ten principles set by the Basel Committee on management of operational risk, we can say that the evidence raised are practical and aligned parallel with the principles for the financial institutions. Whereas the main risks facing the companies analyzed, and based on partial conclusions, it appears that in the case of Vivo is the main concern with technology and processes, Petrobrás could be more affected by processes and systems, Sadia has the largest concern about the risks of natural disasters, epidemics and industrial pollution, and, finally, Natura would be more affected by personal problems because of its dependency on the large number of collaborators. The variety on the priority risks highlights the difficult task of managing risks considering the general non-financial companies. It is evident that risk
management should be focused on more homogeneous sectors. This can be considered a positive contribution of this research. Continuity and improvement of this work, one must consider that the research was based entirely on secondary data. This further evidences the limitation, also signals the possibility of their improvement through face to face interviews or questionnaires of the focal elements. However, it should be noted the difficulty in achieving information from executives to answer questions of interest, as well as possible constraints due to the confidential information to our project. Operational risk issues certainly affect the value of the company. Another strand of research would be continued to deepen in companies belonging to the same sector, or along the value chain. Considering the main contributions of this research can be said that it highlighted the need for operational risks are analyzed by specific sectors, in which certain types of risk indicated preponderance. Another remarkable aspect is to have highlighted the lack of detail of the companies as to how they manage their operational risks. This is a matter of concern to stakeholders as a whole. It implies the very continuity of the company, its sustainability and social relationships. BIBLIOGRAPHY � � � � � � � � � � � � � � � � � � � � � � �
ASSAF NETO, Alexandre. Mercado Financeiro. 5ª ed. São Paulo: Atlas. 2003 BACEN. Resolução 3.380 de 29 de junho de 2006, Dispõe sobre a implementação de estrutura de gerenciamento do risco operacional. Disponível em: www.bcb.gov.br ; Acesso em: 30 de julho de 2009 Bank for International Settlements, BIS. International Convergence of Capital Measurement and Capital Standards, A Revised Framework, June 2004 - Basel Committee on Banking Supervision. Disponível em: http://www.bis.org/publ/bcbs107.pdf ; Acesso em: julho de 2009 ______. Banking supervision and financial stability. 2009. Disponível em: http://www.bis.org ; Acesso em: julho de 2009 ______. Sound Practices for the Management and Supervision of Operational Risk, February 2003Basel Committee on Banking Supervision; Disponível em: http://www.bis.org/publ/bcbs96.pdf ; Acesso em: 26 de julho de 2009 BMF&BOVESPA. Disponível em: http://www.BM&FBOVESPA.com.br; Acesso em: Julho 2009 Comissão de Valores Mobiliários, CVM. Disponível em: www.cvm.gov.br; Acesso : julho 2009 CROUHY, M ; GALAI, D.; MARK, R. Gerenciamento de Risco – Abordagem Conceitual e Prática. Rio de Janeiro: Qualitymark. 2004 CULP, Christopher L. Risk Transfer Derivatives in Theory and Practice. USA: Wiley, 2001 DAMODARAN, A. Avaliação de Investimentos – Ferramentas e Técnicas para a Determinação de Valor de Qualquer Ativo. Rio de Janeiro: Qualitymark. 1997 DUARTE JÚNIOR, Antônio M. Risco: Definições, Tipos, Medição e Recomendações para seu Gerenciamento(1996). Disponível em: www. Risktech.com.br. Acesso em: 30 de julho de 2009 JORION, Philippe. Financial Risk Manager, 4th. ed. USA: GARP, 2007 MENGLE, David. Regulatory Origins of Risk Management in Modern Risk Management: A History. UK: Risk Books, 2003 MOOSA, I. A. Operational Risk Management. New York: Palgrave MacMillan. 2007 Natura Cosméticos S.A. Disponível em: www.natura.com.br; Acesso de: abril a julho de 2009 PERERA, L.C.J. Risco Operacional. São Paulo: Working Paper, 2009 Petróleo Brasileiro S.A. Disponível em: www.petrobras.com.br; Acesso de: abril a julho de 2009 Sadia S.A. Disponível em: www.sadia.com.br; Acesso de: abril a julho de 2009 SHIMPI, Prakash. Integrating Corporate Risk Management. USA: Thomson Tex., 1999 Valor Econômico: Artigos publicados sobre as Empresas (Vivo, Petrobras, Sadia e Natura) no site do jornal Valor Econômico, de janeiro a julho de 2009. Disponível em: www.valor.com.br ; acesso de: janeiro a julho de 2009 VAUGHAN, Emmett. J. Risk Management. New York: John Wiley & Sons, Inc. 1996 Vivo Participações S.A. Disponível em: www.vivo.com.br ; Acesso de: abril a julho de 2009 YIN, R. K. Estudo de Caso – Planejamento e Métodos. 3ª ed. P. A.: Bookman. 2006
