Corporate risk management: a 360º vision(I)

Entrepreneurship is a risky business. No entrepreneur can claim to have created a company without having taken risks. And it is not the absence of risks that should be sought, because without them there will never be any profit; it is their identification, assessment and preventive mitigation strategy. This corporate risk management must be done in a 360º spectrum, that is, taking into account all relevant aspects and stakeholders of the company (shareholders, employees, suppliers, customers, community). The purpose of this column is to identify some of the risks that a company may have and how to mitigate them preventively.

In a famous article entitled Managing Risks: A New Framework (Harvard Business Review, 2012), Robert S. Kaplan states that there are three general types of risks in the company: foreseeable risks (ordinary business risks, computer fraud, employee infidelity, voluntary or involuntary legal transgressions) that can be mitigated with rules (rule based model); strategic risks (that can be mitigated with rules (rule based model); strategic risks (that can be mitigated with rules (rule based model); and strategic risks (that can be mitigated with rules (rule based model).

model); strategic risks (adopted for profit), which must be mitigated with another type of risk-management system; and external risks (abrupt regulatory changes, pandemics, financial crises, natural disasters), which must be identified and mitigated preventively as far as possible. The company's risks are multiple and impact various stakeholders. While, for the company, the most frequent foreseeable corporate risks (financial, operational, corporate strategy and those aimed at preventing events such as cross-border bribery, restrictive business practices, among others), the strategic ones (all those incurred for its expansion and growth), the strategic ones (all those incurred for its expansion and growth) and external risks (regulatory changes, pandemic closures, among others) can be more easily measured (and there are mechanisms to prevent or mitigate them), this is not always the case for stakeholders. Following Kaplan's classification, the following classification of corporate risks could be made from a multidimensional perspective, and according to the main "stake-holders": Some frequent risks for partners or shareholders, as a stakeholder group, are the following: (i) foreseeable risks: those that arise due to the type of company they are part of, such as joint and several liability in general partnerships and when acting as manager in limited partnerships and fiscal solidarity in limited liability companies, and when acting as manager in limited partnerships.

(ii) strategic risks: those that arise for the associate due to the over-indebtedness of the company, such as the liability for the lack of external liabilities when the associate may be imputed with the commission of fraudulent or negligent conduct that impairs the creditors' pledge (art. 82 L. 1116/2006) and the extinction of its shareholding in the company (art. 82 L. 1116/2006) and the extinction of its shareholding in the company, such as the liability for the lack of external liabilities when the associate may be imputed with the commission of fraudulent or negligent conduct that impair the creditors' pledge (art. 82 L. 1116/2006).

the extinguishment of its share ownership by the discharge of liabilities agreed by the creditors in the framework of Decree 560/2020/2006.

(iii) external risks: those arising from unforeseen taxes on property or equity.

Some frequent risks for the company -in relation to the employees, as a stakeholder- are the following: (i) foreseeable risks: those related to any type of event that can be foreseen (theft, strikes, acts of infidelity); (ii) strategic risks: those related to the loss of talent due to the absence of retention strategies (vesting contracts, stock options, phantom shares, profit sharing plan, contributions in industry, among others); and (iii) external risks: those related to the massive hiring of personnel by competitors as an act of corporate disorganization (Law 256/1996 art. 9).

Some frequent risks for the company - in relation to customers, as a stakeholder group - are the following: (i) foreseeable risks: those related to the change of the product's negotiation conditions, the substitution of the product by new commercial trends and the illiquidity

(ii) strategic risks: those related to new commercial campaigns that fail and those related to the concentration of sales to a single client; and (iii) external risks: the prohibition of the commercialization of a certain product by legal or judicial order (as occurred with asbestos).

(as occurred with asbestos) or making it more expensive - through taxes - to the point of making it uncompetitive.

Some frequent risks for the company -in relation to suppliers, as a stakeholder- are the following: (i) foreseeable risks: those related to price increases, non-compliance with the supply chain, deterioration in the quality of their products and suspension of the company's credit policy; (ii) strategic risks: those related to the change of suppliers due to price and those related to the responsibility to implement recommendations suggested by its legal advisors or tax auditors that, in the end, turn out to be inadequate; and (iii) external risks: those related to the excess cost of raw materials due to currency volatility, to the mandatory acquisition of new inputs due to the pandemic and to the closing of credit lines for supply.

Of course, there is also the frequent risk to the company due to the conduct of its managers, but, given the importance of this issue, it will be studied in the second part of this column.

Many of these risks can be mitigated with the implementation of corporate compliance tools, which generates value for companies and their shareholders. These corporate compliance tools, and the benefits they generate, will be studied in a separate column.