Risk management and internal control are an important part of Patria’s management and control systems. Risk management and internal control do regular assessments to ensure appropriate reporting, risk management, integrity, ethical business conduct and compliance with laws and regulations as well as Patria guidelines and processes. Through integrity, compliance and high ethical standards of business conduct Patria reputation and value of its assets are also ensured.
Risk management framework
Patria has a risk management and internal control policy, approved by the Board of Directors, which specifies the related tasks, objectives, components, responsibilities and authorities. The Board provides the ultimate oversight and direction for risk management and internal control and has allocated main responsibility for these actions to the Audit Committee appointed by the Board. The Audit Committee consists of board members that have specific understanding of the various topics that are in the scope of the Audit Committee responsibilities as per the Audit Committee Charter. Specific focus is on ensuring ethical and compliance business practices and conduct.
The primary responsibility for risk management and internal control lies with the business units and Patria Group functions in their area of responsibility. The President & CEO of Patria is responsible for the proper functioning and monitoring of risk management and internal control.
Patria’s Group functions provide guidelines for risk management and internal control and perform monitoring on different levels. An internal audit function and the internal and external auditors, security and quality auditors, evaluate the effectiveness of risk management and internal control. In addition, Patria customers executive different audits and perform different control activities to ensure compliance by Patria with the customer requirements.
Risk is understood as the effect of uncertainty, negative or positive, on objectives of Patria’s operations, profitability and other areas. Risk management is a process which ensures that the risks and opportunities are identified, assessed and treated in an appropriate way and extensively enough. Risk management helps to ensure achievement of the objectives and avoidance of losses to the resources.
Risks are categorized in strategic and business risks, operational risks, financial risks and safety, security and hazard risks. Risk management in Patria is based on the COSO ERM framework, ISO 31000:2009 standard and industry specific standards and requirements.
Internal audit and external audit
Patria has an Internal Audit function outsourced to an independent operator that evaluates and contributes to ensuring the efficiency and feasibility of risk management and internal controls, the reliability of financial reporting, ethical and compliance business conduct, and compliance with the applicable legislation, regulations and guidelines. The audit function report regularly s to the Audit Committee nominated by the Board of Directors. The Audit Committee and Board issue, from time to time, instructions for the Internal Audit to perform specific audits or other control actions and the findings of the Internal Audit are regularly reported to the Audit Committee as well as Patria Board of Management. Patria management is responsible for implementing the corrective actions and development items instructed by the Audit Committee.
Due to the risks involved in the defence industry sector, specifically, special focus is on ethical business conduct, anti-corruption and anti-bribery.
Both the internal auditors as well as the external auditors comply with the International Standards for the Professional Practices regarding Auditing. Internal Audit reports on its activities and findings to the Audit Committee and Patria’s management. The Audit Committee confirms the internal audit plans and the external audit plans annually.
The company’s external auditors report their observations and findings at least once a year to the relevant business units and to the Group’s financial management, as well as to the Board of Directors and the Audit Committee. The external auditors also submit a statutory auditors’ report to the company’s shareholders.
More information on risk management, main risks and opportunities in Patria's Annual Review