Toolbar Lateral

Navigation Menu

Risks and internal controls 

Managing risks is an ongoing task that must be embedded in the Company's day-to-day operations. The daily monitoring of events that may occur involves various areas and multidisciplinary groups. This process reinforces good practices and matures management as a whole.  

Klabin encourages all employees, regardless of hierarchical levels, to act responsively and participatively in decision-making processes. This is even one of the KODS. With the support of the Risk Management Policy, Klabin seeks to align the Company's strategic objectives with a framework that is in line with the best market practices.  

Risks are assessed by the Company according to their level of criticality, which is defined based on an analysis of possible impact and vulnerability. The levels are established according to standardized and internally validated criteria. The internal methodology classifies risks into five categories: 

gov corperativa/riscos- Destaque c passadores US

COMPLIANCE, REGULATORY AND LEGAL 

Risks related to compliance with applicable laws and regulations.

STRATEGIC 

Risks that affect the strategic objectives and can be influenced by external factors, but also subject to internal factors.

FINANCIAL 

Risks that may impact the Company’s cash flow, its financial statements, and access to capital

OPERATIONAL 

Risks related to the Company’s and its subsidiaries' infrastructure (processes, people and technology), which affect their operational efficiency and the effective and efficient use of their resources

SOCIAL AND ENVIRONMENTAL

Risks arising from acts or events that may result in negative effects on the environment and society, with impacts on native peoples and communities and protection of human health, cultural property, and biodiversity

The discussions on risks are subdivided into reducing, transferring and/or sharing, retaining, or accepting.   The Risk Management Policy determines the roles of each of the different governance bodies, including the Board of Directors, the Audit and Related Parties Committee, the Executive Board, the Risk Committee, and the Risk and Business Continuity Department, in each of the business areas and their equivalents.   

In order to ensure that the main risks inherent to the Company's activities are identified, assessed, treated, monitored, and communicated at both the strategic and operational levels, the following steps have been established: 

Risk management highlights in 2023 

In 2023, several initiatives were developed to promote a risk assessment and prevention culture, among which the following stand out:   

gov corperativa/riscos - lista bullets 1 US

Internal controls 

Procedures, policies, approval authorities, evaluation and monitoring of audit reports, process mapping, and integrity assessments are some of the instruments used by Klabin for internal risk control.  

In 2023, the Klabin Normative System CA Policy was approved by the Board of Directors. This document guides the creation, modification, and approval of new internal regulations within the Company and establishes criteria for their standardization. It establishes a hierarchy among internal regulations with the aim of systematizing and avoiding conflicts between norms, reinforcing the Company's governance process. The work began in 2021 with the compilation of all Klabin's internal regulations. After outlining a general overview of these internal regulations, conducting benchmarking, and identifying the appropriate structure for the Company's activities, considering the complexity of its businesses, the policy was submitted to the competent governance bodies. Based on an established schedule, all internal regulations of the Company will be reassessed and, where applicable, adjusted based on this new policy.  


Other highlights of the year: 

gov corperativa/riscos - lista bullets 2 US

Privacy and data protection 

Klabin is constantly improving its procedures to promote data protection and proper processing. The Company has a Privacy and Data Protection Policy to formalize and guide these precautions.  

In 2023, through the application of a questionnaire, Klabin completed the mapping of personal data from all areas of the Company. Based on this work, configurations were made in the system that evaluates suppliers and projects, reinforcing the security of personal data and information. 

Klabin's websites have a specific area to handle requests from data subjects. When visiting them, the users/data subjects find a specific area to request information about the processing of their personal data, request the deletion of such data, and revoke consent for collection, among other actions. Requests are evaluated by the area specialized in privacy and data protection, which acts in accordance with Klabin's Internal Policies, the General Personal Data Protection Law (LGPD) and other standards applicable to the topic. 

Klabin continually evaluates and updates the tools used to protect the Company's database and systems.  

Team training 

Corporate training on the topic was developed to ensure that employees are aware of the necessary precautions to guarantee the data privacy and protection outlined by the LGPD. Training can be done through the ENK Portal (Klabin Business School) anytime and anywhere. Workshops are also conducted, and communication actions are disseminated through internal channels (for example, the institutional video on the "Intern's Question" channel) and in offices (for example, the book exchange fair).    

Cards Rodapé menu governança

Banner

KODS

link
Banner

ESG highlights

link
Banner

Renewable future

link