Governance – embedded in mainstream management processes? Fibria 2009 Sustainability Report Basic Materials Brazil Sustainability Report 2009 Since 2006, upon SOX certification, this item is evaluated i'n the former VCP units through an independent auditor (PricewaterhouseCoopers) in the Entity Level Control matrix. Moreover, every month meetings are held at all former VCP production facilities where attendance is recorded, minutes are produced and with the participation of at least one Company officer, in which one of the subjects of the Code of Conduct is presented by the manager responsible for the unit. During the year, the Office of the Ombudsman registered no cases of corruption. There Code of Conduct – In April, 2010 the Fibria Code of Conduct was concluded and approved by the Board of Directors. The document, which incorporates the ethical principles contained in the Company’s statements of Mission, Vision and Values, was prepared by a group made up of representatives of a number of different Fibria areas and applies to all Fibria employees, at all levels of hierarchy, without any exceptions. The full text can be found on the Company’s website: www.fibria.com.br. Every employee also receives a copy of the Code of Conduct and signs a protocol of receipt and understanding that is filed in the employee’s employment folder. Seeking to improve governance and the application of the Code of Conduct, Management also approved the creation of the Fibria Conduct Committee. Made up of Company officers and managers, the Committee guarantees uniform application of the criteria used in resolving The main stages of this work include the review of the governance model; the structuring of processes and controls; review of the financial policy and approval hierarchy; and review of the reporting structure. As a result, changes to part of its functional structure were carried out, mainly strengthening the financial and operating risk monitoring functions. With regard to the review of the processes, a detailed plan was prepared containing recommendations about controls (approvals, reconciliations), automation, optimization and changes to the flowcharts and descriptions of the control activities and matrixes. Some stages were concluded in 2009, including the review of the approvals flowchart and the definition of the It is the role of all leaders in the Company, at all levels, to guarantee that their subordinates and contracted workers understand and apply the concepts of the Code of Conduct. Suggestions for improvements should be sent to the Conduct Committee through superiors or the Ombudsman’s channels. It is the responsibility of the Committee to analyze them and propose such suggestions to Fibria’s Board of Directors for inclusion in the next edition of the Code, if considered relevant. Fibria’s Code of Conduct, among others, recommends the following attitudes: Risk management (operating and financial) - In 2010, Fibria’s Risk Management Policy was approved, which provides the risk management guidelines, develops the concepts, supplies the details and documents the activities related to it. Fibria’s risks are categorized according to the following classification: new risk management model, seeking to achieve a high standard of corporate risk management. Internal controls – In 2008, the former Aracruz initiated the implementation of improvements to its internal controls, due to the financial losses sustained through investments in derivatives. Besides the creation of a new Office of the Controller, the Company hired PricewaterhouseCoopers at the end of 2008 to recommend better practices for internal controls and to issue a diagnosis of the corporate risk and self-control management models, considering also taking into account the Precautionary Principle. Based on this diagnosis, Aracruz revised its internal controls and implemented improvements to corporate risk management and self-control practices. are no lawsuits underway related to corruption. GOVERNANCE similar cases, verifies the validity of the issues that have been brought up, takes the necessary measures and replies to the complaining party, when identified. The Conduct Committee is responsible for dealing with the cases that have been sent to it, for establishing criteria for cases not foreseen under the Code and for the correct functioning of the Fibria Ombudsman’s system. Cases of fraud, diversion of funds and damages to property will be dealt with by the Internal Audit Committee. Impartiality in the carrying out of the issues in question and maintaining confidentiality of the identity of those who are involved are assured in all situations. ‘How a company behaves is just as important or more important than how it is structured.’ Ethical and honest conduct, including the ethical treatment of conflicts of interest, real or apparent, in personal and professional relationships, inside and outside the Company. Behavior that is based on respect and the striving for the creation of value in the business relationships with customers, suppliers, neighboring communities, representatives of government, the advertising market and the press. Compliance with applicable laws and regulations. Immediate internal communication – to the appropriate people and hierarchical levels – of any violation of the Code of Conduct and the application of corrective treatment according to the case. Anti-corruption practices – One of the items of the Fibria Code of Conduct deals with combat of corruption. The anti-corruption measures are applicable to all units and all employees, upon entering the Company, receive a copy of the document. The signed protocol of receipt is filed together with each staff member’s employment folder. RISK MANAGEMENT Market Risk Measures the uncertainties related to the expected returns of an investment deriving from market factors, such as interest rates, exchange rates, commodity and share prices; Stems from movements adverse to the strategies selected by the company, whether endogenous or exogenous; Stems from the lack of consistency and adjustment of the information, processing and operating control systems, as well as errors in the management of funds and internal controls or frauds leading to the improper exercise of the company’s activities; Risks prior to or a consequence of uncertain events originated either internally or externally that generate stakeholder instability or harm the reputation and sustainability of the company at some level. Strategic Risk Operating Risk Risk of Events Fibria I Sustainability Report I 2009 22 23 pp 22-23 Fibria discuss their code of conduct as a central element to the governance framework in place. The code of conduct includes issues such as ethical and honest behaviour and also highlights the importance of building and maintaining relationships with stakeholder groups such as customers, suppliers, communities, government representatives, and the media. www.blacksunplc.com © Black Sun Plc 2011 49
