Risk and compliance

//Risk and compliance
Risk and compliance 2017-07-19T14:58:20+00:00

Strategy and progress

Integrating risk management into the corporate strategy.
  • The Board of Directors monitored several of the main strategic risks and received risk management training.
  • The maps of strategic risks were updated for Grupo Nutresa and its companies, making progress in its integration with the ones for the tactical and operative levels in alignment with the integrated management systems.
Strengthening the Organization’s risk management culture.
  • More than 70 risk management workshops were organized, providing training for approximately 800 employees in the strategic region.
  • More than 17.600 employees and third parties participated in awareness-raising and training activities on risks related to money laundering and terrorist financing. GRI 205-2 [SDG 16]
Increasing the organizational resilience.
  • The second stage of Grupo Nutresa’s business continuity project was completed, formalizing thus this management system.
  • Key teams received training in the protocol for social networks crisis management.
Monitoring and ensuring the legal and regulatory compliance.
  • The regulatory compliance diagnostic was conducted by means of the assessment of the related risks in transverse processes.
  • The Organization disseminated contents from the recommendations of the OECD and their implications.
  • Progress was made in the automation of preventive controls related to the system for managing the risk of money laundering and terrorist financing.


Supporting the decision-making process and guiding the implementation of prevention, risk mitigation and crisis management actions which, along with the activities of compliance, are aimed at protecting the resources, the corporate reputation, the continuity of the operations, the legal and regulatory compliance, the safety of the employees, and the generation of trust and two-way communication with the stakeholders.

Risks and opportunities GRI 103-1

Novaventa employee.

The correct articulation of the strategic, tactical and operative levels is a permanent challenge and it is essential for making the process of assessment of current and emerging risks effective. With the purpose of ensuring this vision, a comprehensive methodology has been implemented after being adapted to the Organization’s diverse instances and their critical processes.

Furthermore, the adequate and timely coverage of the risk management and compliance processes in alignment with Grupo Nutresa’s expansion and evolution is necessary to guarantee the effectiveness in the assessment and addressing of the risks. Hence the need to strengthen the strategy regarding the promotion of the risk self-management culture jointly with the development of the employees’ capabilities.

Moreover, an optimal interrelation between the decision-making process and risk management drives and ensures sustainability over time. For this purpose, it is indispensable to incorporate the integrated risk management system into the strategic planning and to consolidate its surveillance by the Organization’s Senior Management, based on the Three Defense Lines model supplemented with the internal control system.

Finally, the regulatory monitoring process leads to the correct compliance and prevents possible penalties that could affect the reputation and competitiveness of the Organization. To this effect, legal surveillance activities are carried out and the management systems of the companies are strengthened.


The environment in which Grupo Nutresa’s businesses are developed poses great challenges in terms of the evolution of the risk management culture, the continuity of the business and the management of compliance within the Companies, and their articulation with the strategic formulation and decision-making processes.

In order to address them, the Organization will continue to work on strengthening and expanding the risk management systems by means of the development of capabilities and tools to achieve the highest possible level of self-management. Additionally, and according to the provisions of the Integrated Risk Management policy, Grupo Nutresa intends to consolidate the task of supervising the system and monitoring the risks through the Board of Directors, based on the Three Defense Lines model, in which the process leaders play a fundamental role. The process leaders are supported by Grupo Nutresa’s Risk Management Department, and the assurance and assesment of the process effectiveness is part of the Internal Audit Department responsabilities.

With regard to compliance management, the Organization will continue to implement the addressing measures in relation to the regulatory risks identified through the diagnostic performed in 2016. In addition, the Organization will also commence the design and development of a management model that contributes to generating efficiency and effectiveness in both the regulatory surveillance and the implementation of action plans in accordance with the best international practices.

Success stories and acknowledgments GRI 103-3

For the second consecutive year, Grupo Nutresa obtained the top worldwide score in the food sector in terms of risk and crisis management in the Dow Jones Sustainability Index.

As a successful case, it is worth highlighting the more than 12.600 risk assessments performed in 2016 for the strategic, tactical and operative levels. The assessments comprised financial, strategic, operational, Human Rights, climate and nature-related risks.

Progress achieved in 2016 GRI 103-3

Risk and crisis

The Organization fostered the consolidation of the integrated risk management maturity model in 2016 through the alignment of the methodology with the integrated management systems, which has allowed the system to evolve by connecting the strategic, tactical and operational levels under a unique approach and by means of the appropriation of the methodology by Grupo Nutresa’s Businesses.

During this process, more than 12.600 risk assessments were carried out at all levels and in all companies. The assessments included the analysis of financial, strategic, operational, Human Rights, corruption, climate and nature-related risks, risks related to projects, as well as their impacts on the human, natural, financial, physical and social capital. GRI 205-1 GRI 412-1 [SDG 16]

With the purpose of strengthening the risk management culture, more than 17.600 direct employees, temporal employees and contractors participated in training programs focused on the prevention and control of the risks related to money laundering and terrorism financing. GRI 205-2 [SDG 16]

Furthermore, approximately 800 employees from all Businesses and the members of the Board of Directors received training in risk and crisis management and business continuity management, totaling more than 15.700 hours invested in these training activities that generated new capabilities among Grupo Nutresa’s human capital.

In pursuing the objective of increasing the organizational resilience, the business continuity management system was consolidated. Within this outline, in 2016 the second cycle of the process was completed and several operation interruption tests were conducted to consider possible events that could affect the Organization’s physical capital and technological systems.

This endeavor allowed to achieve higher levels of maturity and experience among the work teams. In addition to that, Grupo Nutresa updated the crisis management manual, which is aimed at protecting the reputation of both the Organization and its brands, organizing and articulating the different crisis and emergency response roles and teams. Moreover, training sessions were carried out to address the social network crisis management protocol, with the participation of employees from all the companies.

One of the greatest challenges with regard to the integrated risk management consists in consolidating it as a key component of the strategic planning and the decision-making processes. In order to contribute to this objective, the Organization will start to study and adopt quantitative models that allow a deeper understanding of the exposure to the Businesses’ critical risks, and that enable the objective definition of the risk tolerance levels.

Servicios Nutresa employees.


In 2016, Grupo Nutresa continued to perform the process of regulatory surveillance in the strategic region with the support of specialized organizations, external consultants and trade associations. Besides, the Organization also participated in the proposal of new regulations by means of local and international public consultation mechanisms. Additionally, several initiatives were implemented with the focus of guaranteeing regulatory compliance, from which it is worth highlighting the following:

  • Compliance assessment by which the identification and analysis of the risks related to the legal and regulatory noncompliance, for the main company processes, was completed, as well as the creation of gap-closing plans and mitigation measures for those with a higher priority.
  • Training to the commercial and marketing teams for Colombian companies in the field of fair competition and antitrust laws.
  • Stabilization of the disclosure (to the market) of the consolidated quarterly financial statements prepared under the International Financial Reporting Standards (NIIF), with the aim of fulfilling the requirements of the Colombian Financial Superintendency and providing relevant information to support the investors’ decision-making process.
  • Continuous collaboration between Grupo Nutresa and the corresponding governmental bodies to review future regulatory changes with the purpose of making the tax collection process more efficient, guaranteeing the timely compliance with all tax obligations and generating a profitable growth for the Organization.
  • Update of the legal matrices for environmental issues as tools for the identification of gaps and the assessment of regulatory risks and their potential impact on the natural capital.
  • With regard to the compliance with the labor regulations, Grupo Nutresa has adopted a Human Rights policy, which is aligned with the ILO covenants and with the constitution and legislation of each country where the companies operate. For that purpose, and with the additional objective of ensuring respectful labor conditions for the human capital, the Organization continued providing training to the employees, performing a constant surveillance and consultation with Servicios Nutresa’s legal team specialized in labor matters.
  • Regarding the recommendations made by the OECD (Organisation for Economic Co-operation and Development) to Colombia, Grupo Nutresa’s executive managers received training with the purpose of briefing them on the scope and content of said recommendations, the details of the tax policies and the pension system, as well as the current status of the process of Colombia becoming a member of that Organization.
  • Implementation of the action plan to comply with the regulations established by the Superintendency of Industry and Commerce regarding the national database registry in Colombia.
  • Design of a project focused on strengthening the legal surveillance process (which will be put into effect in 2017) related to food product labeling regulations.

In the short term, the compliance management process will be reinforced with the implementation of the treatment measures related to the risks identified in the assessment conducted in 2016. In addition, the Organization will start the design and development of a management model that contributes to generating efficiency and effectiveness in both the regulatory surveillance and the implementation of action plans. With regard to the prevention and control of the risks of money laundering and terrorism financing, Grupo Nutresa will continue to implement the system aligned with the regulations that are currently in force. The main purpose of the system is to provide tools to all the companies for the consolidation of their autonomous management of their particular risks.

No sanctions or fines were imposed on Grupo Nutresa or its companies due to noncompliance with the regulations and the legislation, with the exception of two particular situations: an environmental issue with a minor impact on the Restaurant and Food Service Business in Colombia, which was addressed according to the procedures of its management systems; and another issue related to the protection of personal data in the Chocolates Business, which was duly assumed by the Organization and ended up motivating the update to the management protocol for this type of informationGRI 307-1 GRI 419-1 [SDG 16]

La Recetta employees, Bogotá.