Description of Risk system
Start of main content
The DIA Group has a Risk Management Model (RMM), which it uses to detect and respond to any incidents that could hinder the normal functioning of the institution, as well as the achievement of its objectives.
In keeping with the principles of its Risk Management policy approved by the Board of Directors, the company has an integral model applicable in all the countries in which DIA is present, which enhances the organization's ability to manage scenarios of uncertainty.
The DIA Group’s risk management process is based on the standard of COSO II, risk management methodology generally accepted in the market that has been adapted to the specific needs of the company.
To implement this methodology, the DIA Group has an IT tool in the areas in which it operates, which standardizes and facilitates risk management.
Based on COSO II methodology, the DIA Risk Policy is governed by the following principles:
- Risks must be managed throughout the organization, with no exceptions, in order to achieve the strategic objectives set. It is essential that the entire organization be involved in the risk management system.
- Risk management includes the identification, evaluation, response, monitoring or follow-up and reporting in accordance with the procedures designed for that purpose.
- Responses to risk must be consistent and broadly adequate for the business conditions and the economic environment.
- The DIA Group’s Risk Committee must, among other duties, carry out an annual assessment of DIA’s main risks and revise the risk tolerance level. This information gives rise to the annual updating of the Group’s risk Map, as well as the risk maps of the countries that make up the Group. The key Risk Map is validated by the Management Committee.
Organization and responsibilities
The Board of Directors, the Audit and Compliance Committee and the DIA Group Management Committee are in charge of ensuring the good functioning of the Risk Management system.
Periodically, a report is given to the Audit and Compliance Committee of the Board of Directors regarding the activities of identification, evaluation, response, monitoring or follow-up and reporting.
Each business unit has its own Risk Committee, in which all departments of the company are represented, with the director assuming direct responsibility for the management of each of the risks identified in his or her department.
These committees report directly to the DIA Group’s Corporate Risk Committee and the Management Committee. They meet on a quarterly basis.
End of main content
- Go up
- Download