Risk management and internal control are an important part of Patria’s management and control systems. Risk management and internal control also help to ensure that operational and profitability targets can be achieved. Furthermore, risk management and internal control help to ensure appropriate reporting, compliance with laws and regulations and to protect Patria’s reputation.

Risk management framework

Patria has a risk management and internal control policy, approved by the Board of Directors, which specifies the related tasks, objectives, components, responsibilities and authorities.
The primary responsibility for risk management and internal control lies with the business units and Group services in their area of responsibility. The CEO of Patria is responsible for the proper functioning and monitoring of risk management and internal control. The Board provides the ultimate oversight and direction for risk management and internal control.

Patria’s Group services provide guidelines for risk management and internal control, and perform monitoring on different levels. Patria has a risk management steering group, which supports the Group and business unit management in the planning, development, and implementation of risk
management processes. The internal audit function and the auditor, security and quality auditors, as well as customers, evaluate the effectiveness of risk management and internal control.

Risk is understood as the effect of uncertainty, negative or positive, on objectives of Patria’s operations, profitability and other areas. Risk management is a process which ensures that the risks and opportunities are identified, assessed and treated in an appropriate way and extensively enough. Risk
management helps to ensure achievement of the objectives and avoidance of losses to the resources.

Risks are categorized in strategic and business risks, operational risks, financial risks and safety, security and hazard risks. Risk management in Patria is based on the COSO ERM framework, ISO 31000:2009 standard and industry specific standards and requirements.

Internal audit

Patria has an Internal Audit function outsourced to an independent operator that evaluates and contributes to ensuring the efficiency and feasibility of risk management and internal controls, the reliability of financial reporting and compliance with the legislation and guidelines applying to Patria’s operations. The audit function reports to the Audit Committee.

The internal auditors comply with the International Standards for the Professional Practice of Internal Auditing. Internal Audit reports on its activities and findings to the Audit Committee and Patria’s management. The Audit Committee confirms the internal audit plans annually.

The company’s auditors report their observations at least once a year to the relevant business units and to the Group’s financial management, as well as to the Board of Directors and the Audit Committee. The auditors also submit a statutory auditors’ report to the company’s shareholders.


More information on risk management, main risks and opportunities in Patria's Annual Review