Corporate Risk Management |GRI 2.1|

For Camargo Corrêa Group, risk management is a competitive advantage. This is why in 2011 the Group started to structure a broad system to manage and control corporate risks. By creating the Control, Audit & Risk Board, it developed and adopted a model named GRC (Governance, Risks, and Control) to spot, assess, monitor, and manage the context of risks inherent to each business front.

After the risks from four categories – Strategic, Operating, Financial, and Regulatory – are pinpointed, a risk matrix will be prepared to reveal the level of exposure to each risk and the respective key controls for mitigation. This will also serve as a basis for the annual planning of internal audit works.

The application of the Control Self Assessment (CSA), taken by over 90% of executives from all functional levels at the Group, allowed a review of the adequacy of management practices and internal

controls of companies based on the COSO Internal Controls framework, a globally respected standard. Aiming at greater efficiency of controls, a formal certification was also established for managers to take over responsibility for management procedures.

In 2012, the Company should begin to implement the Business Continuity Plan (PCN) to define strategies and tools to minimize impacts caused by contingencies or crisis-related events and to maintain activities and processes while also securing the safety and integrity of employees.

The structuring of the GRC approach at Camargo Corrêa Group was preceded by a long-lasting work to change the internal culture, including seminars and lectures given by the Internal Audit and Risk Management divisions and organizations such as Ethos Institute of Companies and Social Responsibility and the Brazilian Institute of Corporate Governance.