27

SEA

MANAGEMENT SYSTEMS: APPROACH AND PRINCIPLES

PREVENTION

Plan and establish objectives and processes necessary to achieve the required

and expected results

IMPLEMENTATION

Define and implement the established plan and processes

DETECTION

Study the actual results of implementation and compare against the expected

results

FEEDBACK AND IMPROVEMENT

Take action on significant differences between actual and planned results.

Analyze these differences to determine their root causes. Determine where to

apply changes that will improve the process or results

Managing risks

and internal auditing

In Costa Cruises the risk prevention

and management policy is based on a

model developed globally by Carnival

Corporation and taking into account

the main international

Enterprise Risk

Management

(ERM) standards.

Risk and opportunities are identified

by management using a holistic risk

framework and a risk management

capability model aligned with the

organization’s strategy and Board/

Management priorities.

This framework is part of the Enterprise

Risk Management program, which

is facilitated by the

Risk Advisory

and Assurance Services

(RAAS)

Department.

Risk prioritization occurs by actively

engaging management and the Board

of Directors to determine which risks

within the ERM risk framework are

appropriate for further evaluation.

Therefore, the ERM program acts as a

catalyst for supporting the business

to recognize and manage variables

that would affect the ability to achieve

objectives, as well as to identify the

capabilities needed to effectively

manage those variables, which in turn

will increase the chance of mission

success. It is through this evaluation

process that opportunities to manage

risk are identified.

Pursuant to this program, the Risk

Advisory & Assurance Services

Department works closely with

management to perform annual

assessments, identify risks and evaluate

controls to ensure compliance with

Company policies and procedures,

as well as laws and regulations.

Management reviews the assessments

and updates thereto with the

Audit

Committee.