Risk Management

Risk management is an integral and fundamental part of the strategies of any organisation: it is the process whereby businesses address risks linked to their own activity with the aim of obtaining lasting benefits over time and, thus guaranteeing the sustainability of their business.

We have implemented an Integrated Risk Management model (IRM), integral part of the Internal Control and Risk Management System, in order to proactively contribute to the protection of our assets and to the efficient and effective management of the Group in line with the corporate strategies defined by the Board of Directors.

The objectives of the Enterprise Risk Management Team which, in the organization, is in the CFO's area, include ensuring that risk assessment is carried out, monitoring the main risks of the Group and reporting to the top management, supporting the Group Management:
  • in identifying, assessing and handling the main risks the Group is exposed to, both as part of normal company operations and in extraordinary projects/operations;
  • in drawing up strategic plans, overseeing the analysis of the underlying risk profile.

To achieve these objectives the Integrated Risk Management process requires the involvement of all Group structures, starting with the Line Management all the way to Board Level, passing through the second and third level control structures set up to guarantee and verify the effectiveness of the Risk Management System, as shown in this figure.
The new Integrated Risk Management model develops through:
  • The identification and assessment of the main risks tied to the Business Plan, as well as the definition of the management policies, also through market benchmarks to implement the best practices on the matter;
  • The continuous verification of the operation and effectiveness of the risk management process.

As a result of the implementation of the new Integrated Risk Management model in 2016 the following objectives were achieved, as shown in the figure below:
A brief description of the main risks identified in the Enterprise Risk Management process follows.
 
RISK DESCRIPTION
MANAGEMENT STRATEGY IMPLEMENTED
BY THE ERG GROUP
 
1 - Natural
variability of
renewable sources		 The production volumes are subject to variability due to the natural mutability of renewable sources (water and wind), which may negatively affect the production by
renewable energy plants.
  • Technological and geographical diversification of renewable energy plants (Wind, Solar and Hydroelectric) and of the geographical location of renewable plants (European scale);
     
  • Use of highly accurate forecasting systems to draw up a plan for production and short-term operational activities;
     
  • Scheduling the plant downtime according to the periods when renewable sources' contribution is lower;
     
  • Use of industrial control systems (SCADA) for continual plant status monitoring, which allow us to take immediate action in the event of accidental failure and to reduce machine shutdown time.
     
2 - Price Risk Risk caused by the volatility of the market price of commodities (EE/Gas in particular), which may significantly affect the Group's results.
  • Definition of risk exposure limits and their regular monitoring;
     
  • Escalation process if the approved limits are exceeded;
     
  • Use of financial instruments to cover the price risk, if this exists;
     
  • Contractualisation of indexed sales formulas, if possible, to transfer risks to customers.
3 - Regulatory
modifications		 Possible regulatory modifications in the Countries where the Group operates, which may negatively affect achieving business
objectives.
  • Regulatory monitoring through institutional relations, association channels, comparison with operators of the sector, specialised press;
     
  • Active participation in the consultations to protect the Group's interests;
     
  • Sensitivity Analysis to assess the effect of the main regulatory evolutions on the Group's results;
     
  • Periodical reporting to Management.
     
4 - Downgrade rating

Risk linked to potential downgrading
by the Rating Agency that could limit
the Group's ability to access the capital
market and/or increase the cost of
funding with negative effects on the
Group's operating results, financial
position and cash flows, and on its
reputation.
  • The risk mitigation strategy, which is aimed at preventing the occurrence of "crisis" situations (e.g. liquidity; breach of financial covenants) that could lead to a downgrade of the rating, is structured over various levels and involves the pursuit of:
    • A financial structure that is balanced in terms of duration and composition;
    • the continuous monitoring of the final and expected results and of the financial balances;
    • Investment planning consistent with existing financial covenants and the risks associated with them;
    • The search for a business portfolio that ensures stable cash generation from its business activities, including through the geographical and technological diversification of its plants.

5 - New
Investments
Possible uncertain events
originating from various factors, for
example, scenario (micro/macroeconomic,
political, regulatory,
business), technical, operational,
financial, organisational, etc. which
may have an impact on the decision
of a new investment and/or its
success.
 
  • Structured processes for the selection of investments consisting of subsequent project examination and approval activities including, inter alia, internal and external supporting studies, benchmark analysis, legal and regulatory analysis, sustainability models and financial assessment/planning;
     
  • Timely analysis for risk-relevant projects which include: (i) Potential impact and strategy/actions to contain/eliminate the risk; (ii) Follow-up items for mitigation process monitoring;
     
  • Periodic WACC / HR updating, also through benchmarking, to ensure an adequate return with respect to the expected risk profile.
     

6 - Cyber
attacks
against production
industrial systems

 Risk related to possible noncompliance
with the covenant
obligations provided in the
corporate funding contracts.
  • Security assessment to identify system criticalities and supporting infrastructures;
     
  • Definition and implementation of the Security Programme to adapt the processes, systems and infrastructure to best practices;
     
  • Development of security awareness plans and training to users;
     
  • Use of automatic instruments (e.g. Intrusion Detection Systems) for prevention, detection and accident management purposes;
     
  • Cyber Crime insurance coverage.
     

7 - Failure to
protect the
reputational
capital

Internal/external events which may negatively affect the reputation of the ERG Group (amongst the different factors: the financial performance, Ethics and Integrity, Social Responsibility, HSE Policies,
ICT Security, crisis management,
etc.).
  • Specific communication and information activities to maintain a high level of the Group's reputation by stakeholders, which also includes a structured process of Corporate Social Responsibility with specific social responsibility initiatives and
    dissemination of Non-Financial Information;

    • Active relationships with all the main stakeholder and media and monitoring of the perception by the stakeholders;

    • Communication activity through website / social media;

    • Structured process of Reputational Crisis Management, which allows to timely manage and limit the effects of the crisis, in order to protect the reputation of the ERG Group.
     

8 - Anti-Corruption
compliance risk

Possible involvement of a Group Company and/or a director, or employee in proceedings for offences committed in breach of anti-corruption regulations,
which may lead to the application
of sanctions against the above
persons (both natural and legal)
and may damage the Group's
reputation.
  • Adoption of a system of behavioural rules (Code of the Ethics and Anti- Corruption Policy) valid for all the Group;
     
  • Adoption of an «Integrated Anti-Corruption Model», for all Italian and foreign Companies in line with best practices;
     
  • Definition of information flows for Anti-Corruption System monitoring;
     
  • Training on anti-corruption topics;
     
  • Definition and implementation of Compliance Programmes to check compliance with the Anti-Corruption Policy.
     
9 - Industrial risks
and HSE		 Risks due to the malfunctioning of plants, which may cause problems in production processes and/or negatively affect HSE.
  • Implementation of a Business Continuity Management process guaranteeing the correct maintenance of production assets, by means of specific risk assessment activities, business impact analysis.
     
  • Adoption of certified Management systems (ISO 14001 and OHSAS 18001) and continuous training for all the staff performing activities inside the plants.
     
  • Specific coverage levels for business interruption, property damage and accidents to the personnel.