Business Model

“The Board of Directors has recently approved SATA’s Risk Management Model, which will apply to all areas except for operational, maintenance and aerodromes, anything directly related to flight safety and operations, since practices and guidelines already exist for these purposes with different requirements. As a result of the text therein, the Risk Management Model is transversal to the company, therefore it is everyone’s job.”
Ricardo Costa, Corporate Projects, Head of Risk Management


SATA’s management bodies must ensure a continuous work on risk management, that is, all business areas work daily in identifying, assessing, and monitoring risks to which they may be exposed. In this regard, the Risk Management Model was formally approved in 2012, on which the Plan for Prevention of Risks of Corruption and Related Infractions was based, as recommended by Conselho de Prevenção de Corrupção (CPC) in light of the Recommendation from July 1st, 2009.


SATA’s Risk Management Principles
It is a means to reach an end and not already an end itself;
It is affected by all organisation employees, that is, it is not just about a group of policies, procedures, and rules, but rather the involvement of the many organisation stakeholders in management;
It requires being in line with the corporate strategy (input for Risk Management) as well as allowing for monitoring.


SATA’s Risk Management Methodology is in line with the good international practices and foresees five necessary stages for a correct risk analysis
SATA’s Risk Management methodology is in line with the Enterprise Risk Management methodology that follows the international model of COSO - Committee of Sponsoring Organisations of the Treadway Commission for the different activities, including all corporate levels. This methodology is translated into five stages carried out by internal risk managers in a way that is transversal to all types of risk to which SATA may be exposed.


Identify the risks that may have an impact on achieving SATA's goals.
Analyse the main risks to which SATA may be exposed, which were identified in the previous stage, and assess their occurrence probability and corporate impact.
Assess the activities, rules, and procedures mitigating the identified and duly classified risks.
Establish and document action plans for mitigating the identified risks, timings, and the owners of such monitoring.
Regularly monitor the critical identified risks and ensure that the previously established action plans are efficiently mitigating.

SATA’s Risk Management Owners

It is presumed that all SATA employees are risk management owners.

At SATA, this responsibility is transversal to the entire corporate structure, where each element takes on a set of responsibilities and tasks as follows.



Establish strategic risks;
Approve risk mitigation initiatives.


Fulfil the established mitigation initiatives and pro-actively take action in identifying new ones.


Ensure the established mitigation activities within activities and duties;
Alert in case of a crisis or damage.


In order to minimise risk exposure, SATA has developed a group of controls that enable the creation of a robust and solid environment in a manner that is transversal to the entire organisation
These owners also carry out internal control activities established by SATA with the purpose of minimising risk impact. These control activities are a group of processes, tasks, and documents that operate simultaneously within the company creating a robust environment that is sufficiently controlled, thus granting SATA with the capacity to manage their risk exposure in a more efficient and effective manner.


SATA’s internal control

The principles
Internal control attempts to ensure three principles, which when duly connected will enable SATA’s operational activities, thus minimising its risks, working in compliance with its strategic goals.

1. 1. Operational efficiency and efficacy
SATA develops many initiatives supporting the creation of an efficient and effective operational environment. Such as the policies, regulations, handbooks, and work methodologies developed within SATA ensuring that all employees are in line with the same internal control object.
2. Focus on the customer
The philosophy behind these controls is to focus on the customer. In fact, we have recently been witnessing a deep cultural change within SATA towards guiding the customer, in order to ensure that all employees, processes, internal processes and procedures are in line for providing a service of quality adapted to the needs of their stakeholders in general, and the customer in particular.
3. Broadcasting financial information
Financial control is an essential part of SATA’s internal control due to its impact on the reliability of Financial and Accounting Reports. In order to ensure such reliability in accounting and other financial factors, SATA carries out a strict set of key controls properly supervised by the Court of Auditors and the Regional Administrative Inspectorate as required in Regional Legislative Decree No. 7/2008/A.