Risk Management and Internal Controls

Banco do Brasil Foundation

GRI 2-26 | 2-27

To guide the development, implementation and evaluation of its internal control system, BB Foundation adopts the Committee of Sponsoring Organizations of the Treadway Commission – COSO guidelines.

COSO is a private, non-profit organization with the aim of preventing and avoiding fraud in companies. The Committee is dedicated to improving financial reporting through ethics, the effectiveness of internal controls and the best corporate governance practices.

In order to manage the risks incurred and the controls necessary for their mitigation, BB Foundation established the Reference Model of Lines of Defense.

The 1st line comprises the management of BB Foundation's processes and involves identifying and evaluating the risks associated with such processes, as well as implementing and executing controls that mitigate these risks.

The 2nd line corresponds to the typical corporate functions of risk management, internal controls and compliance, as well as the functions of governance, institutional security and legal advice. Its purpose is to support the Executive Board in decision-making and advise the 1st defense line in the adoption of risk management and control practices.

The 3rd line covers the internal audit function, which assesses the effectiveness of the entire risk management and control cycle of BB Foundation, with the guarantee of independent performance of the auditors.

R$ 149,3 milhões

Investimento Social
Fundação BB

R$ 218,4 milhões

Investimento Social
Mobilizado*

5 maiores aportadores de recursos

R$ 116,4 mi

R$ 22,9 mi

R$ 4,2 mi

R$ 2 mi

R$ 1,5 mi

*Investimento Social Direto (Fundação BB + recursos internalizados) +
Investimento Social de parceiros (recursos não-internalizados)

Seeking to improve our management even more, BB Foundation established Institutional Policies, with the aim of promoting the institution's perpetuity, with guidelines on conduct that must be adopted in certain situations previously defined.

Within the scope of Risk Management and Internal Controls, we have the Institutional Policies listed below and detailed in the “Governance” chapter of this Activity Report.

Annual Control Plan

Since 2005, BB Foundation has implemented the Annual Control Plan – ACP. Based on the COSO structure, the ACP establishes the performance of internal controls and defines the scope of the evaluation and monitoring process of the control environment. In addition to contributing to improving risk management mechanisms relevant to the achievement of the corporate strategy.

Integrity Culture

As a way of disseminating the risk culture and demonstrating the relevance of the integrity issue in institutional relations, the Integrity Culture Dissemination Plan - ICDP was created. The document provides a schedule, for disclosure to BB Foundation’s employees, of topics and actions related to integrity, risk, internal control, institutional security and relevant dates regarding these subjects.

The 2022 ICDP included actions and publications on internal communication channels to promote the topics: integrity, risk, internal control, information security and business continuity. Among the various activities, the participation of senior management in the “CAE Forum - Anti-fraud and loss prevention” stands out.

Monthly reports were made to the Executive Board on the progress of control activities and to the Management Committee on development and monitoring actions of the Integrity Program.