2015 Enterprise Risk

Management Assessment
Internal Control

March 2015

Background In 2014 we performed the activities

related to Enterprise Risk Management
Activities performed in 2014
Risk inventory
Meeting with CEO in order to assign risk owners
Meetings with Directors to validate and evaluate
risks (Probability and Impact)
Identification of events and effects
First Heat Map
Identification of 6 main risks from 6 initiatives
Establishment of action plans
Identification of risk indicators

In 2015 we are starting the

ERM process
2
DAL

140321-FIN-JRL-Enterprise Risk Management Phase 2

What are we going to do in 2015?

Key activities
Update inventory and risk evaluation
-

(annual activity)
Identify risks that could impact the strategic goals
Identify industry risks and matching with
Match 2014 risks with 2015 initatives
Validate inventory and evaluation with Directors
Update / define action plans

Define companys risk appetite

Establish limits and tolerances
- Risk evaluation metrics

Risk prioritization

(heat map update)

- KRIs definition (Key risk indicators)

Leave the continuity of the model 100% within Volaris (now the activity is under
Internal Control area)

Goal

Success factors

Heat map for 2015

CEO sponsorship

Key Risk Indicators

Commitment of Directors and managers

Continuous monitoring through year

3
DAL

140321-FIN-JRL-Enterprise Risk Management Phase 2

2015 ERM Assessment first step: Update

inventory
Key activities
The results of the analysis performed previous to this meeting shows next:
-

We have identified 5 Initiatives and Projects for 2015 related to Volaris strategic goals
7 risks were identified in 2014
4 risks considered for 2014 matched with 3 out of 5 initiatives for 2015
There are 3 risks no matched with any initiative for 2015
There are 4 industry risks pending to be included for 2015 ERM Assessment that may
apply

There are some questions we need to answer:

-

The 5 initatives identified are the total to be considered ?

The 2014 risks are enough for the initiatives or 2015 ?
The 3 risks of 2014 pending should be considered for 2015 ?
Is there changes in 2014 risks ?
What risks must be included for the 2015 inventory ?
The industry risks apply for Volaris ?

The matrixs draft to be reviewed is this:

4
DAL

140321-FIN-JRL-Enterprise Risk Management Phase 2

Backup

ERM Matrix for TI

Volaris Key Focus
Objectives

Area Target Objectives

Area

Accountability

Operations and
Safety
Excellence

IT Security

Commercial Planning

IT Director

Operations and
Safety
201
Excellence
5

IT Security

Commercial Planning

IT Director

Commercial Planning

IT Director

Commercial Planning

IT Director

Commercial Planning

IT Director

Commercial Planning

IT Director

Commercial Planning

IT Director

Ao

201
5

201
5

Operations and
Safety
Excellence

IT tech. renewal

Operations and
Safety
201
Excellence
5

Mobility

Operations and
Safety
201
Excellence
5

EAI / ESB

Operations and
Safety
201
Excellence
5

DRP

201
5

TBD

Reference 2014
exercise

69

Project
1

70

TBD

Failure of critical technologies and

systems

66

201
5

TBD

IT Director

Commercial Planning

IT Director

Project
3

Project
4

Pending to match in
2015

Pending to match in
2015

Pending to match in
2015

Inability to recover information

72

Commercial Planning

Loss of key and sensitive information

Inability to identify, prioritize, report and

manage IT critical project objectives

67

201
5

Comments

Inability to recover information

Project
1

Project
2

Agree /No
Agree

Risk

68

71

Inadequate strategic supplier

relationships
Vulnerability of sensitive information and
data

6
DAL

140321-FIN-JRL-Enterprise Risk Management Phase 2