ANNUAL REPORT ‘12
CORPORATE GOVERNANCE AND COMPLIANCE
131
• Monitoring the risk initiatives in each of the areas
in which ANA, S.A. has been certified and quantify-
ing the eventual financial impact of some of the
risks;
• Developing and updating tools with which to
monitor priority risks;
• Promoting a risk management culture throughout
the organisation.
Of the various risks that ANA, S.A. is exposed to, six
have been defined as priority risks, that is, risks with a
significant potential impact on the company’s financial
situation and as a result, on ANA, S.A.’s ability to
achieve its strategic objectives. These risks are:
• Current business risk, associated with unexpected
changes in the various business drivers, with an
impact on both costs and revenue;
• Risk in large-scale investment projects, associated
with any cost overruns or missed deadlines in these
projects;
• New regulatory model risk, as a result of the new
model approved by Decree-Law no. 217/2009,
of 4 September. The new economic regulation
established in the concession requires that this
priority risk be reassessed;
• Financial Risk (including that of liquidity) associated
with an unexpected increase in the cost of debt as
a result of increases in the reference rate or
spreads; risk associated with the scarcity of liquidity
to guarantee short-term financial management;
• Credit Risk associated with a failure to comply with
the payment of outstanding debt on the part of the
main customers;
• Risk of Disruptive Events associated with events
that have a strong impact on demand (e.g. each
airport’s dependence on its main operators).
ANA, S.A. will continue to manage the risks inherent in
those areas in which the company is certified. In such
areas as Environment, Security and Safety, Quality and
Health, Safety and Hygiene at Work – HSHW), the
business processes already have built-in risk manage-
ment initiatives. Additionally, ANA, S.A. manages risks
in the area of Social Responsibility and Sustainability.
In addition to continuing its work to quantify priority
risks and monitor them, during 2012 under its
Integrated Risk Management Model (IRMM) the
company did work on the global systemisation of the
risk matrix and the formalisation, for each risk, of the
person responsible, the frequency of monitoring and
related indicators, the risk threshold and the mitigation
measures to be put in place. This will serve as a basis
for future decisions on the definition of the risk
framework for ANA, S.A. and for tying together the
various risk initiatives to be undertaken.
Other risk management initiatives or actions related
to it taken by ANA, S.A. included:
• The definition of the methodology for the manage-
ment of natural risks for the airport infrastructures.
ANA, S.A. requested the collaboration of LNEC
(National Civil Engineering Laboratory) to help
develop a methodology for assessing and minimiz-
ing natural risk at the infrastructures operated
by the company. The first phase of work assessed
the quality, safety and vulnerability of the current
infrastructures, for which Porto airport served
as the pilot site for the programme of work. The
second phase identifies the measures to minimize
the natural risks that have been assessed by the
methodology set up in the first phase;
• Implementation of the Business Continuity Plans, in
order to give ANA, S.A. the capacity to respond to
any event that could disrupt and threaten its busi-
ness, helping it to build up organisational resilience;
• The design and implementation of the Business
Continuity Plan for Faro airport, using the
