CENTRAIS ELETRICAS BRASILEIRAS S.A. SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 6-K
Report of Foreign Private Issuer
Pursuant to Rule 13a-16 or 15d-16 of the
Securities Exchange Act of 1934
For the month of July, 2024
Commission File Number 1-34129
CENTRAIS ELÉTRICAS BRASILEIRAS S.A. - ELETROBRÁS
(Exact name of registrant as specified in its charter)
BRAZILIAN ELECTRIC POWER COMPANY
(Translation of Registrant's name into English)
Rua da Quitanda, 196 - 24th floor,
Centro, CEP 20091-005,
Rio de Janeiro, RJ, Brazil
(Address of principal executive office)
Indicate by check mark whether the registrant files or will file annual reports under cover Form 20-F or Form 40-F.
Form 20-F ___X___ Form 40-F _______
Indicate by check mark whether the registrant by furnishing the information contained in this Form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934.
Yes _______ No___X____
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
PREPARATION:
Vice-Presidency of Governance, Risks, Compliance and Sustainability Executive Management of Risk Management
Internal Controls Management
REVIEW/SUPPORT:
Normative Division
Corporate Governance Executive Management
APPROVAL:
Executive Board of Eletrobras (DE) - RES-308/2024, of 06/11/2024
Board of Directors of Eletrobras (CA) - DEL-114/2024, of 06/20/2024
VALIDITY: 5 years
The contents of this document may not be reproduced without proper authorization. All rights belong to Eletrobras.
| 1/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
Table of Contents
1 Introduction | 3 |
2 References | 3 |
3 Concept | 3 |
4 Principles | 4 |
5 Guidelines | 6 |
6 Responsibilities | 8 |
7 General Provisions | 9 |
8 Editing History | 10 |
| 2/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
| 1 | INTRODUCTION |
| 1.1 | OBJECTIVE |
Establish principles, guidelines and responsibilities for guiding the processes of identification, evaluation, treatment, monitoring and communication of risks and internal controls inherent to Eletrobras' activities, incorporating the risk view into its strategic planning and decision-making and the view of internal controls into its processes, in accordance with applicable regulations and best market practices.
| 1.2 | SCOPE |
This policy applies to Eletrobras.
| 2 | REFERENCES |
2.1Federal Law no. 12,846/2013 (Anti-Corruption Law) - Provides for the administrative and civil liability of legal entities for the practice of acts against the public administration, national or foreign, and makes other provisions.
2.2Federal Decree No. 11,129/2022 - Regulates Law No. 12,846, of August 1, 2013, which provides for the administrative and civil liability of legal entities for the practice of acts against the public administration, national or foreign.
| 2.3 | Foreign Corrupt Practices Act (FCPA), 1977. |
| 2.4 | Sarbanes-Oxley Act of 2002, with emphasis on sections 302 and 404. |
2.5CVM Instruction No. 480, of December 7, 2009 (as amended a posteriori) - Provides for the registration of issuers of securities admitted to trading on regulated securities markets.
2.6COSO 2013 (Committee of Sponsoring Organizations of the Treadway Commission) - Internal Control - Integrated Framework.
2.7COSO ERM 2017 (Committee of Sponsoring Organizations of the Treadway Commission - Enterprise Risk Management).
2.8Code of Best Corporate Governance Practices of the Brazilian Institute of Corporate Governance - IBGC, 2023.
2.9Corporate Governance Notebooks - Corporate Risk Management - Evolution in Governance and Strategy - IBGC, 2017.
| 2.10 | Standard ABNT NBR ISO 31000:2018 - Risk Management - Guidelines. |
| 2.11 | IIA 2020 Three Lines Model (Institute of Internal Auditors). |
| 3 | CONCEPT |
3.1Risk appetite - Limit of exposure to risks that the company is willing to accept to achieve its strategic objectives and create value for shareholders.
3.2Control owner area- Organizational unit that has responsibility for internal control, including its adequacy, execution and documentation of evidence.
| 3/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
3.3Risk owner area - Organizational unit that has authority and responsibility for risk management.
3.4Internal Controls - set of actions and procedures to manage risks and increase the likelihood that the objectives and goals established by the company will be achieved.
3.5Deficiency or "gap" of internal control - Absence or failure of control that does not allow the mitigation of the associated risk.
3.6Eletrobras - Holding, its wholly-owned subsidiaries and companies in which it has direct and indirect corporate control.
3.7Risk event - Event or situation, generated by an internal or external source, which negatively affects, or has the potential to affect, the achievement of a company objective.
3.8Integrated risk management and internal controls - Architecture implemented at Eletrobras for risk management and internal controls, under a common methodology and language, aligned with the other lines; integrated management, through a structured approach and a better understanding of the interrelationships between risks and internal controls, aligns strategy, processes, people, technology and knowledge, aiming at preserving and creating value for the company and its shareholders.
3.9Impact - Result of the materialization of a risk that affects the company's business, processes and operations, which can be expressed qualitatively and/or quantitatively.
3.10Uncertainty - State, even if partial, of the deficiency of information related to an event, its understanding, its knowledge, its consequence or its probability, which may become a threat to the company.
3.11Risk indicator - Measurement that, in conjunction with the assessment of the context, is used to assess how the risk behaves and provide alerts regarding exposure or its potential for future loss.
3.12Risk Matrix - Set of risk events identified by the company, described and classified into pillars and categories.
3.13Three Lines Model - Set of principles and guidelines, prepared and disseminated by IIA Global, The Institute of Internal Auditors, which aims to clarify and organize the responsibilities and roles of the organization's professionals in risk management and internal controls.
3.14Probability - Chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively.
3.15Remediation of Deficiencies - Action plan documented by the area responsible for the deficiency in order to address inconsistencies identified during internal and external audit tests.
3.16Risk response - Action to reduce, maintain or avoid the company's exposure to risk, acting on probability and/or impact, including, but not limited to, internal controls.
| 3.17 | Risk - Negative effect of uncertainties on the company's objectives. |
| 4 | PRINCIPLES |
4.1Risk appetite statement
Value creation is essential for Eletrobras. Leadership in our market, through investments in generation, transmission and commercialization focused on clean energy, is part of our proposal for sustainable expansion. We do not tolerate decisions that could compromise profitability, financial discipline, corporate sustainability, ethical and compliance standards, the operational safety of our assets and the health and safety of our employees and contractors. We seek to be innovative, considering the relevance of investing in other segments, diversifying our portfolio of businesses and services, in synergy and appropriate to Eletrobras' strategy.
| 4/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
| 4.2 | Value generation for Eletrobras |
Eletrobras recognizes that integrated risk management and internal controls are directly related to the strategic guidelines of sustainable growth, profitability and value creation for the company by allowing the preventive identification of threats to business objectives, weaknesses in processes and risk-based decision-making.
| 4.3 | Adoption of good corporate governance practices |
Eletrobras adopts the best corporate governance practices, with regard to risk management, internal controls and anti-fraud and anti-corruption policies and practices, in a systematic, structured and timely manner, in order to improve and maintain the transparency and quality of its information, disclosed internally and externally, seeking a better reputation before the market and a differential in generating value for its shareholders and other stakeholders.
| 4.4 | Definition of common language between the holding company and its companies |
The adoption of a standard language for risk management and internal controls is essential to the process, enabling a better understanding between the parties and interference-free communication.
| 4.5 | Use of standards and methodologies recognized by the market |
With a model based on formalized methodologies and standards, recognized by the market and disseminated at Eletrobras, integrated risk management and internal controls are aligned with strategies, initiatives and organizational structures, in addition to meeting sectoral requirements and regulatory and supervisory bodies. To support risk management and internal control activities, Eletrobras adopts, in an integrated manner, a unique systemic solution that has functionalities for continuous assessment and monitoring of the risks inherent to its business, in addition to allowing the self-assessment of design and effectiveness tests for internal controls, thus allowing the reliability of information and security to the business where Eletrobras operates.
| 4.6 | Establishment of roles and responsibilities |
Eletrobras formally defines and communicates the roles and responsibilities of each of the employees involved in the risk management and internal control processes.
| 4.7 | Involvement of governance bodies |
The performance of the Board of Directors of Eletrobras (CA), the Audit and Risk Committee (CAE), the Fiscal Council (CF) and the Executive Board of Eletrobras (DE) plays a key role in the success of the risk management and internal control processes, since they are the main people involved in decision-making on strategic company issues.
4.8Establishment and maintenance of the necessary infrastructure for integrated risk management and internal controls
To manage risks and internal controls efficiently, Eletrobras has an adequate and integrated infrastructure of processes, people and technology, establishing clear and objective communication mechanisms.
4.9Integration of risk management and internal controls into organizational processes
Integrated risk management and internal controls permeate Eletrobras' organizational practices and processes, in order to:
| a) |
ensure the identification of inherent and residual risk events to their areas of business, whether with individual or corporate in scope; and |
| 5/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
| b) | ensure the effectiveness of its processes, through periodic mapping, self-assessment and internal control effectiveness tests. |
| 4.10 | Periodic review of risk management and internal controls at Eletrobras |
The risk management and internal controls areas play a critical role for Eletrobras and must ensure the effectiveness of risk management and internal controls through frequent reviews, favoring the fulfillment of its objectives. Eletrobras evaluates its maturity in risk management, through a model adapted from the Corporate Governance Notebooks - Corporate Risk Management, of the Brazilian Institute of Corporate Governance (IBGC), and evaluates the control environment through tests of effectiveness in its internal controls.
| 4.11 | Adoption of the Three Lines Model |
Eletrobras adopts a risk management and internal control model based on the concepts of the Three Lines, as follows:
| a) | First line: Vice-presidencies, boards, management and business areas, in addition to project and process managers. This line is responsible for the provision of products/services to customers and for managing risks and internal controls. |
| b) | Second line: Risk and internal control areas. This line has the expertise of the risk management and internal control processes and is responsible for supporting, monitoring and questioning issues related to risks. |
| c) | Third line: Internal audit This line carries out independent and objective evaluation and advice on issues relating to the achievement of objectives. |
| 5 | GUIDELINES |
Eletrobras, in order to achieve the objectives established in this policy, must perform the macro-steps of the risk management and internal control processes described in the following sub-items.
| 5.1 | Risk identification and mapping of internal controls |
5.1.1The identification of risks must recognize and describe the main risks to which Eletrobras is exposed, whether of a strategic or operational nature, including possible changes in its business environment.
5.1.2For risks of a strategic nature, a corporate Risk Matrix must be defined with events, their respective descriptions and the risk owners.
5.1.2.1The identification of risks of a strategic nature must be carried out with the participation of the Executive Board and those responsible for the business areas.
5.1.3For risks of an operational nature, inherent to Eletrobras' processes, internal controls that operate in accordance with the activities performed by the management area must be mapped and designed, in order to ensure operational efficiency, accurate reports and compliance with current laws, regulations and policies.
5.1.3.1The documentation of internal controls is a guiding and essential tool for the execution of independent tests, whose work role and planned activities are based on the controls described therein.
| 5.2 | Assessment of risks and internal control environment |
5.2.1In the case of risks of a strategic nature, once they have been identified, causes and consequences must be identified and qualitative and/or quantitative analyses carried out in order to define the attributes of impact and probability, which will be used to prioritize the risks to be dealt with.
| 6/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
5.2.1.1In the assessment of strategic risks, the survey and analysis of existing responses and internal controls should also be considered, thus determining the residual risks.
5.2.2In the case of risks of an operational nature, the internal control environment must be periodically evaluated through Management's tests, including in its scope the key controls, which must be determined based on their relevance to the results of the processes and to the achievement of Eletrobras' objectives and goals.
5.2.2.1Management's tests aim to evaluate the effectiveness of controls and identify any ineffective controls, as well as recommend improvements to improve the internal control environment.
5.2.2.2The external auditor performs the independent tests in accordance with the auditing standards and presents the result of the work through the internal control report, in connection with the financial statements.
| 5.3 | Treatment of risks and remediation of internal control deficiencies |
5.3.1After the assessment, the positioning of the Executive Board in the face of a risk of a strategic nature must be aligned with the risk appetite defined by the Board of Directors. The positioning options are:
| a) | Avoid - the company chooses not to start or continue in business, processes and activities that may generate risks or cause its exposure. |
| b) | Live with/accept - the company understands that the exposure to risk is in accordance with its appetite; or understands that the effort to mitigate or transfer it would be greater than the value of the impact caused by its materialization; or, due to the risk being of external origin, but inherent to its activities, there is no way to reduce its exposure. Living together presupposes monitoring the company's exposure to risk. |
| c) | Mitigate/transfer - the company seeks to minimize its exposure to risk, either by reducing the impact and/or likelihood with risk responses and/or design of internal controls, or by transferring/sharing the impacts of the risk with other agents. |
5.3.1.1If the position is to avoid, mitigate or transfer, Eletrobras must perform responses, including through internal controls, that pursue a risk exposure in line with the appetite approved by the Board of Directors.
5.3.2Deficiencies identified in the internal control environment, whether through Management testing or Independent Audit assessment, must be addressed and remedied through disability-specific action plans.
5.3.2.2 Whenever there is a formalized indication of deficiencies, action plans must be created by the areas that own the controls, with the support of the internal controls area, to adapt ineffective controls and/or create necessary controls.
| 5.4 | Monitoring of risks and the internal control environment |
| 5.4.1 | In the monitoring process, you must: |
| a) | supervise the implementation and maintenance of risk responses and action plans to remedy internal control deficiencies; |
| b) | verify the achievement of the objectives of the responses and the remediation plans established, through continuous management activities and/or independent evaluations; |
| c) | ensure that responses and remediation plans are assertive, effective and efficient; |
| d) | detect changes in the external and internal context, identifying emerging risks; and |
| e) | analyze changes in risk events, processes, trends, successes and failures, and learn from them. |
| 7/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
5.4.1.1 In the periodic assessments of strategic risks, the risk-owning areas must make efforts to additionally define proactive monitoring metrics and/or models, or even risk indicators, so that, where defined by the Board of Directors, the status of risk exposure can be monitored, in a more specific format and detail, compared to the limits and tolerances determined by the Board of Directors itself.
5.5 Communication of risks and internal controls
5.5.1 Communication, during all stages of the risk management and internal control processes, must reach all stakeholders, being carried out in a clear and objective manner, respecting the good governance practices required by the market.
| 6 | RESPONSIBILITIES |
| 6.1 | Board of Directors (CA) |
6.1.1Ratify the approval of this policy.
6.1.2Approve the reporting schedule, as well as its revisions, upon proposal of the Executive Board and opinion of the Audit and Risk Committee.
| 6.1.3 | Determine the risk appetite, upon proposal of the Executive Board and opinion of the Audit and Risk Committee. |
6.1.4Supervise the risk management and internal control processes, through regular reports from the Executive Board, evaluated by the Audit and Risk Committee, focusing on the assertiveness of the process, risk responses and the result of internal control tests.
| 6.2 | Audit and Risk Committee (CAE) |
6.2.1Monitor the risk management and internal control processes, bringing the most relevant findings to the attention of the Board of Directors.
6.2.2Analyze all material submitted to the Board of Directors about the company's risk management and internal controls, giving a prior opinion on it.
| 6.3 | Fiscal Council (CF) |
6.3.1Contribute on the topics, including in its minutes the additional information it deems necessary or useful to the risk management and internal control processes.
| 6.4 | Executive Board (DE) |
6.4.1Evaluate the assertiveness of the risk management and internal control processes through periodic reports, discussing and validating, in the collegiate or by vice-presidency, the evaluations presented by the risk owner areas and defining the positioning against risks, according to the appetite approved by the Board of Directors.
6.4.2Periodically monitor the result of the tests of the controls performed by the internal and external audits.
6.4.3Ensure the implementation of risk management and internal controls in companies, allocating resources necessary for the process and defining the appropriate infrastructure for the activities.
6.4.4Approve specific standards about risk management processes and internal controls.
| 6.4.5 | Approve the corporate Risk Matrix. |
| 6.4.6 | Define the risk proprietary areas. |
| 8/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
6.4.7Evaluate deficiencies reported by internal and external audits, according to the degree of criticality.
6.4.8Approve the Risk Management and Internal Controls Policy, propose the risk appetite and the schedule of risk reports and internal controls, as well as their reviews, forwarding them to the opinion of the Audit and Risk Committee and, subsequently, to the approval of the Board of Directors.
| 6.5 | Risk management and internal control areas |
6.5.1Act as a second line, coordinating and defining the standards to be followed, with regard to the risk management and internal control processes, their support systems and the forms and frequency of their reports.
6.5.2Support and ensure the identification, assessment, treatment and monitoring of risks and internal controls by the proprietary areas, as well as consolidate and report the risk status of the corporate Risk Matrix and the results of control tests to the Executive Board and the Board of Directors.
| 6.5.3 | Disseminate the risk culture and internal controls at Eletrobras. |
6.5.4. Propose the Risk Management and Internal Controls Policy, specific standards on risk management and internal control processes and the corporate Risk Matrix for approval by the Executive Board.
| 6.6 | Proprietary risk areas |
6.6.1Act as the first line, managing the risks inherent in their activities, identifying them, evaluating them, treating them and monitoring them.
6.6.2Provide the risk area with all necessary information, with solidity and reliability.
| 6.7 | Areas that own internal controls |
6.7.1Act as the first line, ensuring the correct execution of the controls and the documentation of the necessary evidence.
6.7.2Inform the internal controls area, in a timely manner, of the need to update the controls under its responsibility.
6.7.3Implement the action plans defined to remedy the deficiencies pointed out by internal and external audits.
| 6.8 | Internal audit |
6.8.1Evaluate the effectiveness of the risk management and internal control processes, interacting with the responsible areas regarding the verifications carried out.
6.8.2Evaluate the adequacy of risk responses, recommending, when necessary, improvements to the area that owns the risk.
6.8.3Perform management tests, verifying that internal controls are appropriate and capable of mitigating the associated risks, as well as that they are operating correctly.
| 6.8.4 | Carry out periodic reports of their evaluations to the Board of Directors and the Audit and Risk Committee. |
| 7 | GENERAL PROVISIONS |
7.1This policy is in line with other Eletrobras policies.
7.2The legal and regulatory provisions related to the subject and the specific legal determinations and agreements in force of the company must be observed
| 9/10 |
POLICY | |
PO-GN.01-002 RISK MANAGEMENT AND INTERNAL CONTROLS | Issue 7.0 | Validity 06/20/2024 |
| Revalidation |
7.3This policy can be broken down into other specific normative documents, always aligned with the principles and guidelines established herein.
| 7.4 | The normative documents and the provisions contrary to this policy are revoked. |
| 8 | REVISION HISTORY |
| Issue | Code and name | Doc. and date of approval |
1.0 | Risk Management Policy of Eletrobras Companies | RES-1279, of 12/08/2010 and DEL-059/2011, of 04/29/2011 |
2.0 | Risk Management Policy of Eletrobras Companies | RES-509/2014, of 07/28/2014, and DEL-132/2014, of 10/30/2014 |
3.0 | Risk Management Policy of Eletrobras Companies | RES-521/2016, of 08/23/2016, and DEL-170/2016, of 09/23/2016 |
4.0 | Risk Management Policy of Eletrobras Companies | RES-639/2019, of 09/16/2019 and DEL-204/2019, of 09/26/2019 |
5.0 | Risk Management Policy of Eletrobras Companies | RES-381/2021, of 06/07/2021, and DEL-135/2021, of 06/18/2021 |
6.0 | Risk Management Policy of Eletrobras Companies | RES-539/2022, of 11/14/2022, and DEL-167/2022, of 12/01/2022 |
| Main changes | ||
| Expansion and updating of the scope, inserting and relating internal control activities to the risk management process; and review and adjustments in the References, Concept and Responsibilities sections. |
| 10/10 |
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
Date: July 4, 2024
| CENTRAIS ELÉTRICAS BRASILEIRAS S.A. - ELETROBRÁS | ||
| By: | /S/ Eduardo Haiama | |
Eduardo Haiama Vice-President of Finance and Investor Relations |
FORWARD-LOOKING STATEMENTS
This press release may contain forward-looking statements. These statements are statements that are not historical facts, and are based on management's current view and estimates offuture economic circumstances, industry conditions, company performance and financial results. The words "anticipates", "believes", "estimates", "expects", "plans" and similar expressions, as they relate to the company, are intended to identify forward-looking statements. Statements regarding the declaration or payment of dividends, the implementation of principal operating and financing strategies and capital expenditure plans, the direction of future operations and the factors or trends affecting financial condition, liquidity or results of operations are examples of forward-looking statements. Such statements reflect the current views of management and are subject to a number of risks and uncertainties. There is no guarantee that the expected events, trends or results will actually occur. The statements are based on many assumptions and factors, including general economic and market conditions, industry conditions, and operating factors. Any changes in such assumptions or factors could cause actual results to differ materially from current expectations.
Attachments
- Original Link
- Permalink
Disclaimer
Eletrobras - Brazilian Electric Power Company published this content on 05 July 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 05 July 2024 10:12:34 UTC.
