Gestión de Riesgo y Continuidad del Negocio

Almaviva S.A. consciente de la importancia que tiene estar preparado para responder adecuadamente ante eventos que interrumpan la prestación del servicio y los procesos de negocio, ha adoptado un sistema de gestión de la continuidad del negocio, que a partir de la detección de riesgos y vulnerabilidades, permita el establecimiento de las medidas necesarias tendientes a asegurar el cumplimiento de la promesa de servicios, la normatividad, las expectativas de los socios y proveedores, así como la protección de las personas, la información y la infraestructura.

La Junta Directiva y la Alta Dirección, de Almaviva y Almaviva Global Cargo, reconocen el potencial estratégico, operacional y financiero de la administración de riesgos como un sistema de gestión que le asegurar el cumplimiento de sus objetivos organizacionales; así mismo considera el Modelo de Gestión de Continuidad del Negocio como parte esencial del sistema de administración de riesgo, asociado con las interrupciones del servicio y la importancia de mantener la capacidad viable para continuar los negocios y los procesos con un impacto mínimo en el caso de una emergencia; cuya práctica es responsabilidad de todos y cada uno de los integrantes de la organización, y se enmarca dentro de la cultura de autocontrol de la compañía.

La estrategia utilizada por Almaviva, se basa en los requisitos del negocio y las mejores prácticas internacionales, y consiste en una estructura metodológica establecida para seguir una serie de pasos que propendan por la protección de los colaboradores, la información, los servicios críticos, la infraestructura y los procesos, frente a eventos que puedan interrumpir el normal transcurrir de las operaciones.

La Gestión de la Continuidad es la base estructural del Sistema Integral de Administración de Riesgo de Almaviva S.A. y sus filiales, por lo que dicha gestión se sustenta en una adecuada identificación, valoración y monitoreo del riesgo, así como la determinación de planes de acción para controlar la materialización del riesgo y para hacer frente a cualquier emergencia que pueda presentarse.

Almaviva’s Comprehensive Risk Management is based on world renown methodologies and principles such as the Basilea Committee, ISO 31000 and national regulation issued by different bodies such as the Colombian Financial Superintendence. Comprehensive Risk Management is part of the company’s strategic model, and it is made up of stages of identification, measurement, and risk control and monitoring. It is founded on institutional policies and culture creation processes that effectively ensures that each and every employee becomes a risk administrator linked to the activity they perform.

According to its corporate vision and strategic objectives for Growth, Profitability, Technology Improvement and Development of Human Talent, guidelines and policies are developed and communicated at every level of the company, so that by using proper activity and risk management, they work day-to-day to achieve said objectives.

By using methodologies with known technical value, process risks and company activities are identified to locate the most relevant ones to achieve objectives, which are then analyzed in order to determine, improve and implement controls that reduce the possibility or impact on the organization.

With constant monitoring of the surroundings, processes and the results of audits, inspections and change controls, we can assess changes to the risks identified that enable us to analyze needs to carry out specific risk treatment activities, in order to ensure that the residual risk is within the limits established and accepted by the Board of Directors.

Almaviva’s Comprehensive Risk System is made up of:

  • The Code of Ethics and the Asset Laundering and Financing of Terrorism Risk Administration System “SARLAFT”.
  • The Operational Risk Administration System “SARO”.
  • The Quality Management System, according to ISO 9001:2008.
  • The Financial Consumer Service System “SAC”.
  • The Occupational Health and Safety Management System, according to ISO 18001:2007.
  • The Information Security Management System.
  • The Environmental Management System, according to ISO 14001:2004.
  • The Security System, according to BASC.

Asset Laundering and Financing of Terrorism (AL/FT) risks are the possibility of losses or damages that a company can suffer because of its tendency to be used directly, or through one of its operations, as an instrument to launder assets and/or channel resources to carry out terrorist activities, or the intent to hide assets that are the result of said activities. The AL/FT risks materialize through risks called associated: Legal, Reputational, Operational, and Spillover to which the company is exposed. SARLAFT is managed by using the aforementioned Risk Management methodology, and it has a defined organizational structure, control organisms, policies, procedures, documents, and technological support which, along with training and constant disclosure of information, enable compliance with the requirements established by control bodies and enable risk management.

Operational risk is the possibility of incurring losses due to failures or inadequacies in human resources, processes, technology, infrastructure, or due to external events. This definition includes the Legal and Reputational Risk that is associated with these factors. Just like SARLAFT, the operational risk management system, “SARO”, is developed with risk management methodologies and is made up of minimal elements that are required by current legislation (policies, procedures, documentation, organizational structure, record of operational risk events, control organisms, technology platform, disclosure of information and training) through which operational risk management is developed.

This may also be of interest to you