Jump Main Menu. Go directly to the main content

Sección de idiomas


Fin de la sección de idiomas


Risk management in the DIA Group

Start of main content

Risk management in the DIA Group


The DIA Group’s risk management model

The DIA Group has established a risk management model (hereinafter, “RMM”) with a systematic, detailed focus that allows it to identify, evaluate, and respond to risks related to the achievement of its business objectives.

This model, which is based on the COSO II Integrated Corporate Risk Management Framework COSO II (Committee of Sponsoring Organizations of the Treadway Commission), ensures the identification of different types of risks (both financial and non-financial, such as operational, technological, social, environmental, and reputational risks).

The DIA Group’s RMM has a risk management policy which is applicable to the company and all of its subsidiaries, approved by the Group’s board of directors.

In the RMM application, DIA has contemplated all of its activities carried out in the different levels of the organisation, from the corporate level to those in the units and business processes, and are therefore applicable to the following levels: (i) execution of DIA’s strategy; (ii) achievement of the business objectives; and (iii) the proper execution of operations.

Organisational structure

The DIA Group’s Board of Directors, the Audit and Compliance Commission, and the Management Committee are responsible for ensuring the proper running of the RMM.

Main Responsibilities

Board of Directors

  • Approval and setting of the risk control and management policy.
  • Evaluation of the working quality and efficiency of the Board of Directors and the Commissions, approaching the risk management and supervision function as a key section.

Audit and Compliance Commission

  • Supervision and periodic review of the Risk Management System
  • Specific monitoring of the DIA Group’s financial risks.
  • Supervision of the internal control systems of financial information.
  • Supervision and periodic review of the efficiency of DIA’s internal control and internal audit procedures.

Management Committee

  • Internal implementation of the RMM and creation of the strategy, culture, people, and technology that make up the RMM.

Corporate Risks Committee

  • Analysis of the environment and new projects that can have a direct or indirect impact on DIA’s risks.
  • Consideration of the inclusion of new risks and/or the disappearance of some of the existing risks.
  • Recommendation of the development of specific action plans, monitoring planning, and continuity of existing plans.
  • Continuous monitoring of key risks identified on the risk map, and in particular those that are closely related to DIA’s main interest groups, such as clients, franchisees, and suppliers.
  • Evaluation and detailed analysis of DIA’s risks.

Internal Audit Department

  • Review of the functioning of the risk control and management system, and the effectiveness of the control activities implemented.

Risk managers

  • Continuous risk monitoring, through previously defined indicators.

Risk Management

Level of risk tolerance

DIA’s Executive Committee reviews DIA’s level of risk tolerance, which is presented to the Board of Directors to be reviewed and approved each year.

The risk valuation scales (probability and impact) are updated at least once a year, so that they can be adapted to the business strategy and circumstances. These valuation scales contemplate the different dimensions of the risk impact and likelihood of happening (financial, sales, operations, regulatory framework, human resources, and reputation) and allow the company to value the risks in each country and at the corporate level. These scales form the basis for the definition of the Group’s level of tolerance.

The DIA Group’s Risk Management Model defines tolerance as “the acceptable level of variation that DIA is prepared to accept in the achievement of its objectives”. This is therefore the maximum specific risk that the Organisation is prepared to take.

Main risks that can affect the achievement of business risks

The DIA Group’s main activity is the distribution of food, household, beauty and health products. In this context, the Group defines risk as any contingency, internal or external, which, if they materialise, would prevent or hamper the achievement of the objectives set by the organisation. Accordingly, it considers that a risk arises as a result of the loss of opportunities and/or strengths, as well as the materialisation and/or the strengthening of a weakness.

The main risks can be grouped into the following categories:

Category Main sources of risk Main management / control mechanisms
Environmental risks
Risks and/or questions related to the environment in which the Group operates, including, among others, Political, Economic, Social, Technological, and Legal aspects.
Market / competition-related risks
  • Alignment with market needs
  • Concentration
  • Relations with third parties
  • Practices of the competition
  • Corporate Franchise Policy.
  • Development of research and periodic market/country surveys.
  • Implementation of obligatory internal regulation related to commercial issues.
Regulatory risks
  • Relations with franchisees
  • Regulatory non-compliance, including fiscal regulation
  • Lawsuits
  • Regulatory control and monitoring procedure (regulatory map).
  • Implementation of Regulatory Compliance Systems.
  • Constitution of the Regulatory Compliance Unit.
  • Implementation of the Crime Prevention Model (CPM)
  • Corporate Tax Policy.
  • Implementation of best practices in terms of fiscal and tax issues.
Risks in the political and social context Country risk Development of research and periodic market/country surveys
Corporate Governance and Ethics Risks
Risks and/or issues related with the corporate structure, the governance model, unethical irresponsible employee behaviour, or corporate social responsibility.
Corporate Social Responsibility
  • Non-compliance or bad practices in terms of CSR
  • Corporate Social Responsibility Policy.
  • Integration of social and environmental values in all management areas.
Integrity, fight against corruption and bribery, and reputation
  • Unethical or fraudulent behaviour
  • Corruption and bribery
  • Improper management of brands / patents
  • Inadequate communication initiatives
  • Implementation of the Code of Ethics and Ethics Channel for queries and information.
  • Corporate crime prevention and anticorruption policy.
  • Anti-fraud and anti-corruption programme.
  • Corporate Investor Relations Policy.
  • External Corporate Relations Policy.
  • Corporate Policy in Marketing and Communication with Customers.
Equity market risks Conduct/practices that are contrary to the market Internal Conduct Regulation in terms of Equity Markets
Operating Risks
Risks and/or issues related to the Group’s business model and the execution of key activities in its value chain, including, among other areas, product quality and safety, the supply chain, environmental, health and security issues, human resources, and social or IT issues.
Product quality and safety
  • Loss / shrinkage
  • Food alerts
  • Interruption of key processes
  • Stock management / valuation
  • Food incidents (food poisoning
  • Corporate Food Quality and Safety Policy
  • Corporate Social Responsibility Policy.
    - Quality and price. Offer consumers solutions to their needs related to food and consumer goods with a unique commitment in the market to quality and price.
  • Non-compliance with environmental regulation
  • Corporate Environmental Policy
  • Corporate Social Responsibility Policy.
    - Care of the environment. DIA innovates in its daily work to cut its energy consumption, reduce the environmental footprint of its logistics activities, and properly manage its emissions, consumption, and waste.
Issues related to social aspects, people, and Human Resources
  • Labour disputes
  • Prevention of occupational risks
  • Loss of key personnel
  • Employee training
  • Violation of human rights
  • Corporate Human Resources Policy
  • Corporate Social Responsibility Policy.
    - Commitment to the people and groups with which it works. The generation of jobs, franchise development, agreements with suppliers, collaboration with humanitarian aid programmes, and value creation for shareholders and the company.
Information systems
  • Risk of key information leakage
  • Failure of key information systems
  • Cybersecurity
  • Implementation of internal regulation that must be complied with in terms of systems and Information security.
  • Design and creation of preventative and detective measures in terms of information security (e.g. system redundancy, back-ups, etc.)
  • Development of Systems Audits.
Financial Risks
The Group’s activities are exposed to market, credit, and liquidity risks. For more details, see section 24 of the Management Report.

The Group has a risk monitoring and updating system which allows it to identify and include in the company’s risk map any new risk that is identified, ensuring that all risks are reviewed at least once a year.

End of main content