In order to always ensure that people’s integrity and physical well-being are a priority, keep our assets safe and mitigate possible risk exposures and our business’s impacts on society, communities and environment, we have a structured Risk Management strategy at Rede D’Or São Luiz.
To help us identify, assess, prioritize and treat possible risks to our business, we adopt a series of policies, operational and financial strategies, as well as governance practices that support us in adopting adequate plans and measures to prevent and mitigate risks. In order to add social and environmental aspects to its corporate risk management, we adopt practices such as the use of social and environmental management system, mechanisms to receive complaints, risk monitoring program, internal social and environmental risk reports as well as audits to assess the policy on the topic.
A Corporate Risk Commission was created to assess risks and operate in line with the executive offices responsible for the necessary actions. The commission is also responsible for providing information that help the Executive Board and Board of Directors assess the risks.
The Commission is comprised by at least three members, including the Commission’s Executive Officer, namely the Risks and Internal Controls Executive Officer, who is supported by the coordinator, namely the Corporate Risks and Business Continuity Manager, with the participation of several of the Company’s departments. The Department’s main purpose is to foster and monitor risk management in the corporate departments and business units.
In 2021, we conducted a corporate risk assessment of all Rede D’Or São Luiz’s departments (except for the healthcare service risk area and departments focused on clinical quality and management). 34 departments and 50 leaders, from managers to vice-presidents, participated in the assessment, which comprised three phases: identification and classification, measurement and treatment, monitoring and reporting.
Corporate risks are assessed in all departments. The process involved
34 departments
50 department heads
The process had three stages:
Identification and classification
Measurement and treatment
Monitoring and report identification
Risk Management Pillars Social
The outcomes included formalizing Rede D’Or São Luiz Corporate Risk Matrix and Corporate Risk Glossary. A plan to implement and develop integrated corporate risk management initiatives and processes was presented to the Audit Committee, advisory body to the Board of Directors, showing transparency to our risk monitoring process.
PHASE 1
Primary Risks Matrix
risks identified based on information from officers and managers;
PHASE 2
Consolidated Risks Matrix
review of risks identified by the GRCC in the Primary Risk Matrix, managers’ approval and assessment of officers;
PHASE 3 (final result)
Corporate Risks Matrix
selection of risks listed in the Consolidated Risks Matrix that demand greater engagement of the Senior Management. It includes strategic risks, which are monitored and assessed by the Board of Directors.
Regarding environmental risks, we applied our Environmental Policy, which lays down compliance with environmental laws and requirements and the commitment to the continuous improvement of environmental management process across all business units. To comply with all these principles, we have adopted management practices and innovative technologies that allow the efficient use of natural and other resources necessary to provide our services; developed environmental projects and initiatives in accordance with the features of each region where we operate and conducted periodical environmental audits.
As far as financial risks are concerned, they are managed as part of the financial strategy previously approved by the senior management and the shareholders. Our capital management aims to ensure business continuity and maximization of shareholders returns. Macroeconomic conditions are monitored and identified changes are considered in the adjustments of capital structure.
We have also updated the Crisis Management process and reviewed the Business Continuity Plan, making roles and responsibilities clearer in the strategic framework, expanding the scope in possible operational scenarios. Moreover, we improved the crisis room located in the corporate office, where we hold meetings, outline strategies and responses to possible events, in addition to monitoring the main risks that may impact operations in real time, through the analysis of internal data (from indicators developed with the help of Business Intelligence tools), as well as news reports, social media, among others.
Information systems are crucial for the operation of several critical areas at Rede D’Or São Luiz. We collect and store proprietary trade information in our systems and have access to classified information and personal data in some of our businesses.
Since 2020, we have relied on an independent structure responsible for information security and privacy and we have increased our participation in national and international cooperation groups to identify and fight cyber threats. In 2021, we invested R$18.13 million to enhance our information security initiatives in the entire Company.
At the same time, we have a strong commitment to bring more technology and automation to our hospitals.
Currently, 100% of Rede D’Or São Luiz’s hospitals in Rio de Janeiro already have electronic patient charts, providing more security and agility in patient care.
Among our main projects, we emphasize Accenture’s Security Operation Center (SOC), which offers a broad experience in responding to security incidents across the globe and uses global trends to respond to incidents, consolidated security and cyber standards and frameworks in its modus operandi, in addition to the use of cutting-edge technological solutions to detect threats (overall focused specifically on the health care segment), solution for vulnerability management, strict access management and a campaign to raise internal stakeholders’ awareness, focused on promoting a safe behavior both in their personal and professional lives.
We have also kept several procedures to comply with the Brazilian General Data Protection Act, making the Data Holders Portal available so that information owners can exercise their rights under the law. No incident that could compromise any client data has been recorded in 2021.
2020
No record of incident that could compromise client data
2021
No record of incident that could compromise client data