Downloads
Downloads

Risk and oppoortunity management

Risk Management is implemented across all Business Units and corporate functions. It contributes to the achievement of our objectives and ultimately transforms uncertainty into a pathway for success.

Today’s world faces social, geopolitical, technological, and environmental challenges

such as climate change, pollution, armed conflicts, disinformation, cyberattacks, and the emergence of new forms of artificial intelligence (AI). If this is not properly managed, it could have significant consequences for societies and organisations.

We are exposed to a wide range of risks inherent to our operations and the countries in which we operate,

which may impact our performance or hinder the achievement of our objectives. In this context, Risk Management plays a critical role in effectively managing risks and opportunities. It allows us to address uncertainty in all activities and projects, helping to prevent or minimise undesirable effects (risks) and enhance positive outcomes (opportunities), thereby supporting the achievement of planned results.

Corporate Governance of risk management

We have a risk management policy and process approved by our Board of Directors, both subject to annual review.

Risk management at Aleatica Mexico is a systematic, continuous, strategic, and cross-cutting process, driven and overseen by the Board of Directors through its Audit Committee, with support from the Executive Committee.

Through proactive risk and opportunity management across all organisational levels, we aim to embed these principles in all activities and projects undertaken by Aleatica Mexico. This forms the basis for informed decision-making, aligned with our strategy and corporate objectives.

Risk management at Aleatica Mexico is a continuous improvement process that enhances our ability to respond to business challenges and changes. Business Units and corporate functions, working closely with the Risk Department, are responsible for identifying and assessing risks, defining controls and actions, ensuring their effectiveness, developing mitigation plans, overseeing implementation, and updating risk information in response to internal or external changes.

In August 2024, Aleatica obtained UNE-ISO 31000 certification for risk management. This achievement demonstrates our commitment to the effective and efficient management of risks and opportunities and reinforces our pillar of Corporate Integrity.

Risk culture

At Aleatica Mexico, we follow the Enterprise Risk Management Framework—Integrating with Strategy and Performance (ERM 2017) by COSO, which emphasises the importance of embedding risk management fundamentals in corporate culture. 

In 2024, Aleatica Mexico delivered risk management training through both in-person sessions and the corporate training platform, including:

Risk refresher course

A five-minute training video viewed by 77 employees to reinforce the concept of risk and emerging risks.

Webinar on AI-related risks

a 60-minute online session with 267 participants, including team members and some independent board members, delivered by a third-party expert.

Introduction to risk management

one-hour individual training for 18 participants and onboarding training via the corporate platform for 108 new hires

We also use internal communication channels, such as emails and screens, to share messages about risk management. In addition, we include a dedicated section in the monthly One Aleatica newsletter sent to all employees.

In 2024, we published five articles on risk management in our internal magazine

displayed six messages on digital screens (with a total runtime of 710 minutes), issued four communications on the Risk Department, and published two articles in external magazines.

Risk opportunity management process

Through our Integrated Risk Management Framework, we continuously identify, assess, control, monitor, and report on the full spectrum of strategic, financial, operational, and compliance risks and opportunities that affect the organisation

Risks are identified by risk owners within each Business Unit and functional area. This process is supported by a periodically updated risk taxonomy (universe) that reflects the potential risks the organisation may face. ESG risks such as environmental, human rights, and occupational safety are included, as well as climate change risks aligned with the TCFD (Task Force on Climate-related Financial Disclosures) categories. All risks are classified according to the taxonomy to enable analysis of their exposure, aggregation, reporting, and interaction with other risks.

We assess risks using impact and likelihood criteria. Three types of evaluations are used:

  • Inherent risk (before controls)

  • Residual risk (after controls)

  • Target risk (after mitigation actions)

A digital tool supports this process.

Business Units and functional areas define and document control activities and mitigation plans for each identified risk. While efforts focus on mitigating risks, some are beyond our control (e.g., regulatory changes, economic or political conditions, and currency volatility). Nonetheless, these risks are identified, assessed, and monitored. We assign each risk to an owner who is responsible for its proper management and the implementation of mitigation plans.

Risk Management, together with business units and corporate functions, periodically monitors mitigation plan progress and risk evolution.

The Executive Management Team, including regional directors, communicates and reviews material risks and changes. Risk status and mitigation actions are reported quarterly to unit committees, group-level governance bodies, and the ESG Committee. Additionally, senior leaders certify quarterly awareness and control over their risks and mitigation plans within their scope of responsibility.

Key risks

Our organisation faces various risks and uncertainties. Below are some of the key risks currently impacting our business and performance.

Occupational Health & Safety

Inadequate workplace safety conditions for employees or third parties operating at our facilities (e.g., lack of safety protocols, occupational controls, etc.) increase the likelihood of workplace accidents. This risk also includes psychosocial risks and their poor management.

Business Ethics

Lack of monitoring/application of principles, guidelines, and standards of good conduct in Aleatica Mexico's relationships with its stakeholders (e.g., team, administrations, suppliers, etc.).

Traffic Accidents

Traffic incidents that cause harm to people or property, including fatalities, can result from either internal or external factors.

Customer Experience

Risk of failing to comply or complying inadequately with quality commitments related to the care of customers (both internal and external).

Environmental and Social Sustainability

The operational continuity of Aleatica Mexico is dependent on our relationship with the communities where we operate and our care for the environment. Our culture of social and environmental sustainability promotes social and environmental benefits by having a positive effect on business sustainability.

Cybersecurity

Risk associated with our inability as a company to protect our data from unauthorised access to Aleatica Mexico's systems, networks, and applications by allowing third parties to obtain confidential information about employees, customers, and/or operations. This risk also includes inadequate identity and access management, as well as failure to protect the company from viruses or sabotage due to its vulnerabilities (e.g., lack of adequate testing and monitoring).

Climate Change

Climate change brings threats such as floods, landslides, heat waves, droughts, extreme temperatures, and fires that could damage our infrastructure, disrupt our operations, and pose risks to the physical integrity and health of our employees, customers, and communities. In addition, the transition to a low-carbon economy involves risks associated with public policy, technology, reputation, and the market.

Physical and Asset Security

Inability to guarantee the physical safety of individuals, including employees, suppliers, and customers, as well as the security of the company's assets in its daily activities, all in order to ensure the viability and continuity of the business. Assets may be affected in terms of physical damage or destruction of material goods (including the consequent loss of use of such goods).

Air Pollution and Emissions

Greenhouse gas emissions resulting from Aleatica Mexico's activities (e.g., use of polluting machinery, petrol-powered vehicles, etc.).

Biodiversity Loss

Adverse impacts on biodiversity (including, among others, terrestrial, marine, and aquatic ecosystems and other ecological complexes such as specific properties) resulting from the actions of Aleatica Mexico. This risk also refers to the inability to manage or respond effectively or sufficiently to the damage caused by Aleatica Mexico in this environment (lack or ineffectiveness of the response plan).

Waste and Materials

Inappropriate disposal, supply, and treatment of waste (anything that a person and organisation intends or is required to dispose of) or materials (inputs used to provide services, which may be classified as non-renewable or renewable).

Diversity, Equity, and Inclusion

Failure to ensure proper definition or implementation of diversity and inclusion policies in the workplace, as well as adequate gender equality, negatively affects elements such as commitment, satisfaction, talent, and leadership quality.

Financial

We are exposed to various financial risks, including interest rate, exchange rate, and liquidity risks. Failure to meet our financial obligations could impact our liquidity and affect our business, financial condition, and operating results.

Emerging risks:

Aleatica Mexico may face emerging risks—new or evolving risks whose impact may increase due to external changes. These risks could affect the organisation in the medium or long term and therefore require monitoring.

 

Some examples of emerging risks that may impact on our business include:

While artificial intelligence offers numerous opportunities to improve efficiency and innovation across the business spectrum, especially in processes, activities, and informed decision-making, it also carries significant risks that require our attention. For example, in terms of threats, AI could amplify existing biases if the data used to train it is not representative or biased, and a lack of transparency in algorithms can make it difficult to understand how decisions are made, which can lead to accountability issues. In addition, there is a risk of job displacement, as automation can reduce the need for certain types of human labour. The potential vulnerability of AI to cyberattacks and the misuse of personal data could impact security and privacy. The misuse of AI in areas such as mass surveillance or the creation of autonomous weapons raises serious ethical and security dilemmas.

These threats and the new regulations governing this area are a key factor in developing and implementing preventive control measures to ensure the appropriate use of AI (technical and organisational measures), assessments of the risks arising from the use of this technology and its impact, monitoring and reporting, etc.

We are facing an increasing number of challenges from a social and environmental perspective. Social and environmental conditions are undergoing significant changes, which translates into the emergence of new threats and risks to consider. The main risk factors to be assessed include: 

    • The impact of climate change on our activity is caused by global warming, extreme weather events, and changes in weather patterns.
    • The scarcity of natural resources could trigger greater competition in terms of demand, conflicts, and increased operating costs for the company.
    • The constant evolution of regulations related to sustainability and their requirements and scope gives rise to compliance and reporting risks.
    • Risks related to the so-called social license to operate and costumer expectations. Both communities and customers are increasingly aware of the environmental and social impact of their decisions. Failure to adopt sustainable practices could lead to reputational damage, loss of market share, negative impact on our operations, etc.
    • Los impactos del cambio climático en nuestra actividad motivados por el aumento de la temperatura global, los fenómenos meteorológicos extremos y los cambios en los patrones climáticos. 
    • La escasez de recursos naturales que podría desencadenar mayor competencia en términos de demanda, conflictos y aumento de los costos operativos para la empresa.
    • La evolución constante de las normativas relacionadas con sostenibilidad, sus exigencias y alcance, dan lugar a riesgos de cumplimiento y reporting.
    • Riesgos relacionados con la denominada licencia social para operar y expectativas de las personas usuarias. Tanto comunidades como personas usuarias son cada vez más conscientes del impacto ambiental y social de sus decisiones. No adoptar prácticas sostenibles podría generar daño de reputación, pérdida de cuota de mercado, afectación negativa a nuestra operación, etc.
Switch to Global