In line with internationally recognized best practices, Petroperú has a Corporate Risk Management System, implemented based on the COSO ERM 2017 Framework standard"Business Risk Management: Integrating Strategy and Performance", in accordance with the approved Corporate Risk Management Policy.
The objective of the Corporate Risk Management System is to reduce the probability of occurrence and impact of the different risks that could affect the achievement of the company's organizational objectives (strategic objectives, process objectives and project objectives), to bring them to adequate levels to reasonably ensure the achievement of organizational objectives. Its scope includes the identification, evaluation, response and monitoring of risks.
Petroperú, committed to the implementation and maintenance of its Management System, develops risk maps and develops strategies to reasonably ensure compliance with organizational objectives and those related to the operations of the business units.
Risk management is an essential component for the sustainability and growth of companies, as it makes it possible to anticipate possible events that may compromise the achievement of business objectives. By identifying, assessing, and prioritizing risks, organizations can make informed decisions that minimize threats and identify opportunities to improve performance.
Stages of the risk management cycle
Enterprise risk management is essential to achieving business strategy and objectives. Well-designed enterprise risk management practices provide Petroperú management with reasonable assurance that they can achieve the overall strategy and business objectives.
Petroperú develops the stages of the Risk Management Cycle and carries out the identification, evaluation, response and monitoring of risks, considering the current context and emerging trends, prioritizing the treatment of the most critical risks.
Identification What uncertain events may affect the achievement of my goals?
Assessment How likely are those uncertain events to occur and if they do occur, how much would they impact me?
Response Response actions: accept, avoid, pursue, reduce, and transfer.
Monitoring Periodic review of risks and monitoring of compliance with action plans.
In 2023, the preparation of the risk matrices of the 34 indicators of the 2023-2027 Strategic Objectives was completed, whose action plans are periodically monitored to ensure their progress and implementation.
In relation to risk management in processes, in April 2024 the latest prioritization of the most relevant level 1 processes for the company was approved, in order to develop and/or update its risk matrices, so that its action plans continue to be monitored.
From the evaluation carried out, of the total of 62 level 1 processes, the 10 processes with high criticality were identified, which were communicated to the entire company through Circular No. GGRL-0672-2024.
Level 1 processes with high criticality (Prioritized processes 2024)
N°
Process
1
P2.2 Purchase of hydrocarbons and biofuels - International
P2.2 Purchase of hydrocarbons and biofuels - Local
2
S4.3 Financial Resource Management
3
P4.3 Production in refineries - Talara
P4.3 Production in refineries - Conchán
P4.3 Production in refineries - Iquitos
4
P6.1 Sales - Domestic Sales
P6.1 Sales - Exports
5
P1.2 Development of exploration and production activities
6
P3.1 Pipeline Scheduling and Transportation
7
P2.1 Supply Chain Planning
8
D1.1 Management of the Corporate Strategic Plan
9
D2.2 Corporate Governance Management
10
S7.1 Institutional Reputation Management
In Petroperú's Corporate Process Map, the D2.3 Risk Management process is a level 1 process in charge of Corporate Planning Management, and is part of the MPD2 macro process. Governance, Risk and Compliance.
Emerging risk
Petroperú continuously monitors external threats that have been classified in the categories applied by the World Economic Forum in its report"The Global Risk Report 2024" (Social, Technological, Economic, Geopolitical and Environmental) and are reviewed against aspects such as: Strategy and internal information of the company, current context of the sector at the national and global levels, among others.
In the context of risk management, an emerging risk has the following characteristics:
New threats or changes to existing ones: These risks can arise from new technologies, regulatory changes, global events (such as pandemics or financial crises), or even the evolution of factors such as climate change or cybersecurity.
Uncertain incidence: Although these risks can be perceived, their probability and future impact are difficult to predict accurately due to the lack of historical data or their complex nature.
Complex to mitigate: Due to their uncertain nature, emerging risks are complex to mitigate. Greater flexibility and adaptability in risk management systems is required to anticipate and manage their impact.
In this regard, Petroperú has identified the main emerging risks, defined as those risks that could have a medium/long-term impact on the Company.
Critical business risks
The Corporate Risk Management System allows to identify, evaluate, prioritize and give a more effective treatment to the most critical risks faced by the various business units of the company. Critical risks are defined as those with a"High" level of criticality, the materialization of which could significantly compromise the strategic objectives and/or the most critical processes of the company.
These risks have the potential to:
Compromise operational continuity.
Causing substantial economic and financial losses.
Deteriorate the reputation and trust of stakeholders.
Impact on the safety and health of employees.
Causing significant damage to the environment.
Causing Regulatory Non-Compliance (applicable laws and regulations).
Effective management of these risks is essential to safeguard the company's assets, reputation and business continuity. Petroperú has identified 20 critical risks for its cash-generating units, considering their current context and the environment.
The 20 risks are grouped into operational risks related to refinery and production stability, financial and governance risks affecting organizational structure, credit ratings, and funding sources. They also include regulatory, environmental, and social risks that impact sustainability and compliance with regulations and commitments.
To this end, specific action plans are established that allow a proactive and effective response to the materialization of these risks. Prioritization of risk management efforts should be based on rigorous and ongoing analysis, ensuring that resources are optimally allocated to mitigate the most representative and potentially harmful risks.
Petroperú siempre ha adoptado y adoptará las medidas y los niveles de seguridad de protección de los datos personales exigidos por la legislación peruana vigente. Los datos personales recabados a través de nuestro portal web son objeto de tratamiento automatizado.
El llenado de cualquier formulario incluido en nuestro sitio web o el envío de correos electrónicos u otras comunicaciones a Petroperú implican el consentimiento expreso del titular de la inclusión de estos datos en el sistema automatizado de la empresa.
Todas las comunicaciones privadas entre Petroperú y los titulares de los datos serán consideradas confidenciales. También tendrá la condición de confidencial la información de cualquier tipo que ambas partes acuerden que tiene tal naturaleza.
Petroperú únicamente cederá los datos que usted nos facilite a otras organizaciones con su consentimiento y solo para los fines que el titular determine.
Petroperú se reserva el derecho de registrar las direcciones IP (que toda persona conectada a Internet tiene) para fines exclusivamente internos, tales como estadísticas de acceso.
Petróleos del Perú (PETROPERU) has always adopted and will adopt the security measures and levels of protection of personal data required by current Peruvian legislation. The personal data collected through its web portal are subject to automated processing.
The filling of any form included in the website or the sending of emails or other communications to PETROPERU implies the express consent of the owner of the inclusion of this data in the automated system of the company.
All private communications between PETROPERU and the owners of the data will be considered confidential. In addition, the information of any type that both parties agree that has such nature will also have the condition of confidential.
PETROPERU will only transfer the data that you provide to other organizations with your consent and only for the purposes that the owner determines.
PETROPERU reserves the right to register IP addresses (that every person connected to the Internet has) for exclusively internal purposes, such as access statistics.
Cookies
Las cookies de este sitio web se usan para personalizar el contenido, ofrecer funciones de redes sociales y analizar el tráfico.
Además, compartimos información sobre el uso que haga del sitio web con nuestros proveedores de redes sociales y análisis web, quienes pueden combinarla con otra información que les haya proporcionado o que hayan recopilado en base al uso que haya hecho de sus servicios.
