6-K 1 ebr20240704_6k1.htm 6-K

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 


 

FORM 6-K

 

Report of Foreign Private Issuer
Pursuant to Rule 13a-16 or 15d-16 of the

Securities Exchange Act of 1934

 

For the month of July, 2024

 

Commission File Number 1-34129

 


 

CENTRAIS ELÉTRICAS BRASILEIRAS S.A. - ELETROBRÁS

(Exact name of registrant as specified in its charter)




BRAZILIAN ELECTRIC POWER COMPANY

(Translation of Registrant's name into English)




Rua da Quitanda, 196 – 24th floor,
Centro, CEP 20091-005,
Rio de Janeiro, RJ, Brazil

(Address of principal executive office)



Indicate by check mark whether the registrant files or will file annual reports under cover Form 20-F or Form 40-F. 

Form 20-F ___X___ Form 40-F _______

Indicate by check mark whether the registrant by furnishing the information contained in this Form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934.

Yes _______ No___X____

 
 

 

 

POLICY

   

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

 

 

 

 

 

 

 

 

 

PREPARATION:

 

Vice-Presidency of Governance, Risks, Compliance and Sustainability Executive Management of Risk Management

Internal Controls Management

 

 

 

 

 

 

REVIEW/SUPPORT:

 

Normative Division

Corporate Governance Executive Management

 

 

 

 

 

APPROVAL:

 

Executive Board of Eletrobras (DE) – RES-308/2024, of 06/11/2024

Board of Directors of Eletrobras (CA) – DEL-114/2024, of 06/20/2024

 

 

 

 

 

 

VALIDITY: 5 years

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The contents of this document may not be reproduced without proper authorization. All rights belong to Eletrobras.

 

1/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

 

Table of Contents

 

 

 

 

1 Introduction

3

2 References  

3

3 Concept  

3

4 Principles  

4

5 Guidelines

6

6 Responsibilities  

8

7 General Provisions  

9

8 Editing History  

10

 

 

 

 

2/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

1INTRODUCTION

 

 

1.1OBJECTIVE

 

Establish principles, guidelines and responsibilities for guiding the processes of identification, evaluation, treatment, monitoring and communication of risks and internal controls inherent to Eletrobras' activities, incorporating the risk view into its strategic planning and decision-making and the view of internal controls into its processes, in accordance with applicable regulations and best market practices.

 

1.2SCOPE

 

This policy applies to Eletrobras.

 

 

 

2REFERENCES

 

2.1           Federal Law no. 12,846/2013 (Anti-Corruption Law) – Provides for the administrative and civil liability of legal entities for the practice of acts against the public administration, national or foreign, and makes other provisions.

 

2.2           Federal Decree No. 11,129/2022 – Regulates Law No. 12,846, of August 1, 2013, which provides for the administrative and civil liability of legal entities for the practice of acts against the public administration, national or foreign.

 

2.3Foreign Corrupt Practices Act (FCPA), 1977.

 

2.4Sarbanes-Oxley Act of 2002, with emphasis on sections 302 and 404.

 

2.5           CVM Instruction No. 480, of December 7, 2009 (as amended a posteriori) – Provides for the registration of issuers of securities admitted to trading on regulated securities markets.

 

2.6           COSO 2013 (Committee of Sponsoring Organizations of the Treadway Commission) – Internal Control – Integrated Framework.

 

2.7           COSO ERM 2017 (Committee of Sponsoring Organizations of the Treadway Commission – Enterprise Risk Management).

 

2.8           Code of Best Corporate Governance Practices of the Brazilian Institute of Corporate Governance – IBGC, 2023.

 

2.9           Corporate Governance Notebooks – Corporate Risk Management – Evolution in Governance and Strategy – IBGC, 2017.

 

2.10Standard ABNT NBR ISO 31000:2018 – Risk Management – Guidelines.

 

2.11IIA 2020 Three Lines Model (Institute of Internal Auditors).

 

 

3CONCEPT

 

 

3.1           Risk appetite – Limit of exposure to risks that the company is willing to accept to achieve its strategic objectives and create value for shareholders.

 

3.2           Control owner area - Organizational unit that has responsibility for internal control, including its adequacy, execution and documentation of evidence.

 

3/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

3.3           Risk owner area – Organizational unit that has authority and responsibility for risk management.

 

3.4           Internal Controls – set of actions and procedures to manage risks and increase the likelihood that the objectives and goals established by the company will be achieved.

 

3.5           Deficiency or "gap" of internal control – Absence or failure of control that does not allow the mitigation of the associated risk.

 

3.6           Eletrobras – Holding, its wholly-owned subsidiaries and companies in which it has direct and indirect corporate control.

 

3.7           Risk event – Event or situation, generated by an internal or external source, which negatively affects, or has the potential to affect, the achievement of a company objective.

 

3.8           Integrated risk management and internal controls – Architecture implemented at Eletrobras for risk management and internal controls, under a common methodology and language, aligned with the other lines; integrated management, through a structured approach and a better understanding of the interrelationships between risks and internal controls, aligns strategy, processes, people, technology and knowledge, aiming at preserving and creating value for the company and its shareholders.

 

3.9           Impact – Result of the materialization of a risk that affects the company's business, processes and operations, which can be expressed qualitatively and/or quantitatively.

 

3.10        Uncertainty – State, even if partial, of the deficiency of information related to an event, its understanding, its knowledge, its consequence or its probability, which may become a threat to the company.

 

3.11        Risk indicator – Measurement that, in conjunction with the assessment of the context, is used to assess how the risk behaves and provide alerts regarding exposure or its potential for future loss.

 

3.12        Risk Matrix – Set of risk events identified by the company, described and classified into pillars and categories.

 

3.13        Three Lines Model – Set of principles and guidelines, prepared and disseminated by IIA Global, The Institute of Internal Auditors, which aims to clarify and organize the responsibilities and roles of the organization's professionals in risk management and internal controls.

 

3.14        Probability – Chance of something happening, whether defined, measured or determined objectively or subjectively, qualitatively or quantitatively.

 

3.15        Remediation of Deficiencies – Action plan documented by the area responsible for the deficiency in order to address inconsistencies identified during internal and external audit tests.

 

3.16        Risk response – Action to reduce, maintain or avoid the company's exposure to risk, acting on probability and/or impact, including, but not limited to, internal controls.

 

3.17Risk – Negative effect of uncertainties on the company's objectives.

 

 

4PRINCIPLES

 

4.1           Risk appetite statement

 

Value creation is essential for Eletrobras. Leadership in our market, through investments in generation, transmission and commercialization focused on clean energy, is part of our proposal for sustainable expansion. We do not tolerate decisions that could compromise profitability, financial discipline, corporate sustainability, ethical and compliance standards, the operational safety of our assets and the health and safety of our employees and contractors. We seek to be innovative, considering the relevance of investing in other segments, diversifying our portfolio of businesses and services, in synergy and appropriate to Eletrobras' strategy.




 

4/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

 

4.2Value generation for Eletrobras

 

Eletrobras recognizes that integrated risk management and internal controls are directly related to the strategic guidelines of sustainable growth, profitability and value creation for the company by allowing the preventive identification of threats to business objectives, weaknesses in processes and risk-based decision-making.

 

4.3Adoption of good corporate governance practices

 

Eletrobras adopts the best corporate governance practices, with regard to risk management, internal controls and anti-fraud and anti-corruption policies and practices, in a systematic, structured and timely manner, in order to improve and maintain the transparency and quality of its information, disclosed internally and externally, seeking a better reputation before the market and a differential in generating value for its shareholders and other stakeholders.

 

4.4Definition of common language between the holding company and its companies

 

The adoption of a standard language for risk management and internal controls is essential to the process, enabling a better understanding between the parties and interference-free communication.

 

4.5Use of standards and methodologies recognized by the market

 

With a model based on formalized methodologies and standards, recognized by the market and disseminated at Eletrobras, integrated risk management and internal controls are aligned with strategies, initiatives and organizational structures, in addition to meeting sectoral requirements and regulatory and supervisory bodies. To support risk management and internal control activities, Eletrobras adopts, in an integrated manner, a unique systemic solution that has functionalities for continuous assessment and monitoring of the risks inherent to its business, in addition to allowing the self-assessment of design and effectiveness tests for internal controls, thus allowing the reliability of information and security to the business where Eletrobras operates.

 

4.6Establishment of roles and responsibilities

 

Eletrobras formally defines and communicates the roles and responsibilities of each of the employees involved in the risk management and internal control processes.

 

4.7Involvement of governance bodies

 

The performance of the Board of Directors of Eletrobras (CA), the Audit and Risk Committee (CAE), the Fiscal Council (CF) and the Executive Board of Eletrobras (DE) plays a key role in the success of the risk management and internal control processes, since they are the main people involved in decision-making on strategic company issues.

 

4.8           Establishment and maintenance of the necessary infrastructure for integrated risk management and internal controls

 

To manage risks and internal controls efficiently, Eletrobras has an adequate and integrated infrastructure of processes, people and technology, establishing clear and objective communication mechanisms.

 

4.9           Integration of risk management and internal controls into organizational processes

 

Integrated risk management and internal controls permeate Eletrobras' organizational practices and processes, in order to:

 

a)ensure the identification of inherent and residual risk events to their areas of business, whether with individual or corporate in scope; and

 

5/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

b)ensure the effectiveness of its processes, through periodic mapping, self-assessment and internal control effectiveness tests.

 

4.10Periodic review of risk management and internal controls at Eletrobras

 

The risk management and internal controls areas play a critical role for Eletrobras and must ensure the effectiveness of risk management and internal controls through frequent reviews, favoring the fulfillment of its objectives. Eletrobras evaluates its maturity in risk management, through a model adapted from the Corporate Governance Notebooks – Corporate Risk Management, of the Brazilian Institute of Corporate Governance (IBGC), and evaluates the control environment through tests of effectiveness in its internal controls.

 

4.11Adoption of the Three Lines Model

 

Eletrobras adopts a risk management and internal control model based on the concepts of the Three Lines, as follows:

 

a)First line: Vice-presidencies, boards, management and business areas, in addition to project and process managers. This line is responsible for the provision of products/services to customers and for managing risks and internal controls.

 

b)Second line: Risk and internal control areas. This line has the expertise of the risk management and internal control processes and is responsible for supporting, monitoring and questioning issues related to risks.

 

c)Third line: Internal audit This line carries out independent and objective evaluation and advice on issues relating to the achievement of objectives.

 

 

5GUIDELINES

 

Eletrobras, in order to achieve the objectives established in this policy, must perform the macro-steps of the risk management and internal control processes described in the following sub-items.

 

5.1Risk identification and mapping of internal controls

 

5.1.1       The identification of risks must recognize and describe the main risks to which Eletrobras is exposed, whether of a strategic or operational nature, including possible changes in its business environment.

 

5.1.2       For risks of a strategic nature, a corporate Risk Matrix must be defined with events, their respective descriptions and the risk owners.

 

5.1.2.1  The identification of risks of a strategic nature must be carried out with the participation of the Executive Board and those responsible for the business areas.

 

5.1.3       For risks of an operational nature, inherent to Eletrobras' processes, internal controls that operate in accordance with the activities performed by the management area must be mapped and designed, in order to ensure operational efficiency, accurate reports and compliance with current laws, regulations and policies.

 

5.1.3.1   The documentation of internal controls is a guiding and essential tool for the execution of independent tests, whose work role and planned activities are based on the controls described therein.

 

5.2Assessment of risks and internal control environment

 

5.2.1       In the case of risks of a strategic nature, once they have been identified, causes and consequences must be identified and qualitative and/or quantitative analyses carried out in order to define the attributes of impact and probability, which will be used to prioritize the risks to be dealt with.

 

6/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

5.2.1.1   In the assessment of strategic risks, the survey and analysis of existing responses and internal controls should also be considered, thus determining the residual risks.

 

5.2.2       In the case of risks of an operational nature, the internal control environment must be periodically evaluated through Management's tests, including in its scope the key controls, which must be determined based on their relevance to the results of the processes and to the achievement of Eletrobras' objectives and goals.

 

5.2.2.1   Management's tests aim to evaluate the effectiveness of controls and identify any ineffective controls, as well as recommend improvements to improve the internal control environment.

 

5.2.2.2   The external auditor performs the independent tests in accordance with the auditing standards and presents the result of the work through the internal control report, in connection with the financial statements.

 

5.3Treatment of risks and remediation of internal control deficiencies

 

5.3.1       After the assessment, the positioning of the Executive Board in the face of a risk of a strategic nature must be aligned with the risk appetite defined by the Board of Directors. The positioning options are:

 

a)Avoid – the company chooses not to start or continue in business, processes and activities that may generate risks or cause its exposure.

 

b)Live with/accept – the company understands that the exposure to risk is in accordance with its appetite; or understands that the effort to mitigate or transfer it would be greater than the value of the impact caused by its materialization; or, due to the risk being of external origin, but inherent to its activities, there is no way to reduce its exposure. Living together presupposes monitoring the company's exposure to risk.

 

c)Mitigate/transfer – the company seeks to minimize its exposure to risk, either by reducing the impact and/or likelihood with risk responses and/or design of internal controls, or by transferring/sharing the impacts of the risk with other agents.

 

5.3.1.1   If the position is to avoid, mitigate or transfer, Eletrobras must perform responses, including through internal controls, that pursue a risk exposure in line with the appetite approved by the Board of Directors.

 

5.3.2       Deficiencies identified in the internal control environment, whether through Management testing or Independent Audit assessment, must be addressed and remedied through disability-specific action plans.

 

5.3.2.2 Whenever there is a formalized indication of deficiencies, action plans must be created by the areas that own the controls, with the support of the internal controls area, to adapt ineffective controls and/or create necessary controls.

 

5.4Monitoring of risks and the internal control environment

 

5.4.1In the monitoring process, you must:

 

a)supervise the implementation and maintenance of risk responses and action plans to remedy internal control deficiencies;

 

b)verify the achievement of the objectives of the responses and the remediation plans established, through continuous management activities and/or independent evaluations;
c)ensure that responses and remediation plans are assertive, effective and efficient;

 

d)detect changes in the external and internal context, identifying emerging risks; and

 

e)analyze changes in risk events, processes, trends, successes and failures, and learn from them.

 

7/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

5.4.1.1 In the periodic assessments of strategic risks, the risk-owning areas must make efforts to additionally define proactive monitoring metrics and/or models, or even risk indicators, so that, where defined by the Board of Directors, the status of risk exposure can be monitored, in a more specific format and detail, compared to the limits and tolerances determined by the Board of Directors itself.

 

5.5 Communication of risks and internal controls

 

5.5.1 Communication, during all stages of the risk management and internal control processes, must reach all stakeholders, being carried out in a clear and objective manner, respecting the good governance practices required by the market.

 

 

6RESPONSIBILITIES

 

6.1Board of Directors (CA)

 

6.1.1       Ratify the approval of this policy.

 

 

6.1.2       Approve the reporting schedule, as well as its revisions, upon proposal of the Executive Board and opinion of the Audit and Risk Committee.

 

6.1.3Determine the risk appetite, upon proposal of the Executive Board and opinion of the Audit and Risk Committee.

 

6.1.4       Supervise the risk management and internal control processes, through regular reports from the Executive Board, evaluated by the Audit and Risk Committee, focusing on the assertiveness of the process, risk responses and the result of internal control tests.

 

6.2Audit and Risk Committee (CAE)

 

6.2.1       Monitor the risk management and internal control processes, bringing the most relevant findings to the attention of the Board of Directors.

 

6.2.2       Analyze all material submitted to the Board of Directors about the company's risk management and internal controls, giving a prior opinion on it.

 

6.3Fiscal Council (CF)

 

6.3.1       Contribute on the topics, including in its minutes the additional information it deems necessary or useful to the risk management and internal control processes.

 

6.4Executive Board (DE)

 

6.4.1       Evaluate the assertiveness of the risk management and internal control processes through periodic reports, discussing and validating, in the collegiate or by vice-presidency, the evaluations presented by the risk owner areas and defining the positioning against risks, according to the appetite approved by the Board of Directors.

 

6.4.2       Periodically monitor the result of the tests of the controls performed by the internal and external audits.

 

6.4.3       Ensure the implementation of risk management and internal controls in companies, allocating resources necessary for the process and defining the appropriate infrastructure for the activities.

 

6.4.4       Approve specific standards about risk management processes and internal controls.

 

6.4.5Approve the corporate Risk Matrix.

 

6.4.6Define the risk proprietary areas.

 

8/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

6.4.7       Evaluate deficiencies reported by internal and external audits, according to the degree of criticality.

 

6.4.8       Approve the Risk Management and Internal Controls Policy, propose the risk appetite and the schedule of risk reports and internal controls, as well as their reviews, forwarding them to the opinion of the Audit and Risk Committee and, subsequently, to the approval of the Board of Directors.

 

6.5Risk management and internal control areas

 

6.5.1       Act as a second line, coordinating and defining the standards to be followed, with regard to the risk management and internal control processes, their support systems and the forms and frequency of their reports.

 

6.5.2       Support and ensure the identification, assessment, treatment and monitoring of risks and internal controls by the proprietary areas, as well as consolidate and report the risk status of the corporate Risk Matrix and the results of control tests to the Executive Board and the Board of Directors.

 

6.5.3Disseminate the risk culture and internal controls at Eletrobras.

 

6.5.4. Propose the Risk Management and Internal Controls Policy, specific standards on risk management and internal control processes and the corporate Risk Matrix for approval by the Executive Board.

 

6.6Proprietary risk areas

 

6.6.1       Act as the first line, managing the risks inherent in their activities, identifying them, evaluating them, treating them and monitoring them.

 

6.6.2       Provide the risk area with all necessary information, with solidity and reliability.

 

6.7Areas that own internal controls

 

6.7.1       Act as the first line, ensuring the correct execution of the controls and the documentation of the necessary evidence.

 

6.7.2       Inform the internal controls area, in a timely manner, of the need to update the controls under its responsibility.

 

6.7.3       Implement the action plans defined to remedy the deficiencies pointed out by internal and external audits.

 

6.8Internal audit

 

6.8.1       Evaluate the effectiveness of the risk management and internal control processes, interacting with the responsible areas regarding the verifications carried out.

 

6.8.2       Evaluate the adequacy of risk responses, recommending, when necessary, improvements to the area that owns the risk.

 

6.8.3       Perform management tests, verifying that internal controls are appropriate and capable of mitigating the associated risks, as well as that they are operating correctly.

 

6.8.4Carry out periodic reports of their evaluations to the Board of Directors and the Audit and Risk Committee.

 

 

7GENERAL PROVISIONS

 

7.1           This policy is in line with other Eletrobras policies.

 

7.2           The legal and regulatory provisions related to the subject and the specific legal determinations and agreements in force of the company must be observed

 

9/10 
 

POLICY

  

 

PO-GN.01-002

 

 

RISK MANAGEMENT AND INTERNAL CONTROLS

Issue

7.0

Validity

06/20/2024

Revalidation

 

 

 

7.3           This policy can be broken down into other specific normative documents, always aligned with the principles and guidelines established herein.

 

7.4The normative documents and the provisions contrary to this policy are revoked.

 

 

8REVISION HISTORY

 

Issue Code and name Doc. and date of approval

 

1.0

Risk Management Policy of Eletrobras Companies RES-1279, of 12/08/2010 and DEL-059/2011, of 04/29/2011

 

2.0

Risk Management Policy of Eletrobras Companies RES-509/2014, of 07/28/2014, and DEL-132/2014, of 10/30/2014

 

3.0

Risk Management Policy of Eletrobras Companies RES-521/2016, of 08/23/2016, and DEL-170/2016, of 09/23/2016

 

4.0

Risk Management Policy of Eletrobras Companies RES-639/2019, of 09/16/2019 and DEL-204/2019, of 09/26/2019

 

5.0

Risk Management Policy of Eletrobras Companies RES-381/2021, of 06/07/2021, and DEL-135/2021, of 06/18/2021

 

6.0

Risk Management Policy of Eletrobras Companies RES-539/2022, of 11/14/2022, and DEL-167/2022, of 12/01/2022
Main changes
Expansion and updating of the scope, inserting and relating internal control activities to the risk management process; and review and adjustments in the References, Concept and Responsibilities sections.

 

 

10/10 

SIGNATURE

 

 

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Date: July 4, 2024

CENTRAIS ELÉTRICAS BRASILEIRAS S.A. - ELETROBRÁS
     
By:

/SEduardo Haiama


 
 

Eduardo Haiama

Vice-President of Finance and Investor Relations

 

 

 

FORWARD-LOOKING STATEMENTS

 

This press release may contain forward-looking statements. These statements are statements that are not historical facts, and are based on management's current view and estimates offuture economic circumstances, industry conditions, company performance and financial results. The words "anticipates", "believes", "estimates", "expects", "plans" and similar expressions, as they relate to the company, are intended to identify forward-looking statements. Statements regarding the declaration or payment of dividends, the implementation of principal operating and financing strategies and capital expenditure plans, the direction of future operations and the factors or trends affecting financial condition, liquidity or results of operations are examples of forward-looking statements. Such statements reflect the current views of management and are subject to a number of risks and uncertainties. There is no guarantee that the expected events, trends or results will actually occur. The statements are based on many assumptions and factors, including general economic and market conditions, industry conditions, and operating factors. Any changes in such assumptions or factors could cause actual results to differ materially from current expectations.