Risk Management activities are key to use reaching our goals of growth, efficiency and risk mitigation. These activities strengthen our ability to create value for shareholders and stakeholders and allow us to ensure the sustainability of the business in the medium to long term. Enterprise Risk Management (ERM) is the Group's structure that supports management in identifying, assessing and monitoring risks, as well as defining the most effective response strategies for their mitigation.
The approach adopted by ERM is based on the 2018 edition of the CoSO framework "Enterprise Risk Management (ERM) - Integrating with Strategy and Performance", aimed at illustrating the nature and the profile associated with the main risks that may affect the achievement of business planning and sustainability objectives.
According to the ERM model, risk management in the ERG Group is a structured and continuous process, put in place in order to address the risks faced by the organisation with a united approach, and to provide management with the information necessary to consciously take the most appropriate decisions for the purpose of achieving the strategic growth objectives, creating value for the company, and safeguarding it. The process involves integrated risk management between the systems implemented at company process level based on the specific Risk Evaluation methods and tools.
The main goals of ERM are:
• obtaining an integrated and dynamic view of the main Group corporate risks that may affect the achievement of the objectives of the Business Plan;
• strengthening the corporate culture at all levels and the awareness that adequate risk assessment and management positively affect the achievement of goals, the creation of value for the company and medium-long term business sustainability;
• promoting the dissemination of risk management in business processes in order to ensure consistency in the methodologies and tools used to manage and control risks;
• developing a common language and disseminating an appropriate risk management culture;
• providing a consistent approach in order to identify events that may affect company activities; • ensuring the carrying out of activities, coordinating the Risk Specialists and the other persons involved in the process;
• strengthening of the strategic planning processes through "informed" decision-making processes in a "risk adjusted" approach.
The Enterprise Risk Management process provides for the involvement of all Group structures (from "Management level" up to "Board Level"), passing through the second-level control structures (e.g. Compliance) and thirdlevel control structures (Internal Audit), which together with the ERM make up the Internal Control and Risk Management System.
To this end, the ERM model is developed by means of:
• identifying and assessing the Group's main risks and defining the necessary strategies to mitigate the risks and the relative control tools; continuously checking smooth operation and effectiveness of the risk management process, providing to management a clear representation of the "dynamic" evolution of risk mapping. More specifically, the Enterprise Risk Management methodology includes:
• integration between the ERM model and corporate strategies and, in particular, the "Plan and Budget" process, allowing the alignment between strategic planning and risk assessments; • creation of synergies with Company departments that carry out specific risk assessment activities (e.g. HSE, ICT);
• introduction of specific, quantitative and qualitative Key Risk Indicators (KRI) for the structured and dynamic monitoring of risk trends and the development of risks over time;
• a six-monthly reporting activity that provides information about the development of the main risks mapped. The ERM process is implemented with a Risk- Based approach contributing to the definition of our Business Plan through the identification of specific goals, the analysis of the risk profile associated with them, and the identification of management and monitoring strategies.
At an operational level, the Mangers - through the support of the Enterprise Risk Management Organisational Unit - identifies the risks under its responsibility and provides advice to mitigate the risks of current actions/projects.
The results of this process are consolidated through Group risk mapping where priorities are defined in order to support their coordination and integrated management. All risks mapped according to the ERM approach are included in an "ERG Group Risk Catalogue".
As is customary, the Group's Risk Universe (the standard catalogue of homogeneous risk classes) was updated in the first quarter of 2019, on the basis of an external benchmarking activity and of specialised publications, to include "Emerging Risks".
Risk Management
The tool supports Management:
• during the risk assessment (and especially risk identification) phase since it includes all areas where risks may arise;
• in the consolidation phase, by checking whether some risk areas have not been analysed/covered, allowing them to be examined in more depth, if necessary.
More specifically, during the most recent update we integrated the Risk Universe (which currently includes more than 60 risk classes) carrying out specific investigations focused in particular on the issues of Climate Change and Sustainability in general.
Following the update of the Risk Universe, we carried out ERM risk assessment activities and the Group's Risk Catalogue was updated. More specifically, two assessment cycles were carried out during 2019, which involved all Group companies in Italy and abroad, for the identification of "TOP Risks" and "Gold Risks".
The results of the ERM process are periodically reported to:
• the Management/CFO/CEO, who assess the appropriateness of the risk profile in relation to the goals set and the actions taken to mitigate the risks;
• the Board Committees, which are tasked with the assessment of the overall effectiveness of the Integrated Risk Management process. During 2019, we integrated the risk reporting activity with the Group's "ERM Risk Dashboard" which monitors the risk variations of the ERM Risk Catalogue by comparing the results obtained in the current half year with those of the previous half year.
Monitoring involves two indicators:
• the risk profile, which is monitored by shifting the residual risk in the likelihood-impact matrix: any change in Likelihood and/or Impact that affects the risk profile makes it possible to measure the trend compared to the previous half year (increase, stable, decrease);
• the Key Risk Indicator: a specific risk indicator that only shows the quantitative changes and the trend of changes compared to the previous half year of the specific indicator monitored. More specifically, the main risks run by the ERG Group are listed in the "Risk and Uncertainties" chapter of the Report on Operations, to which reference may be made for further details.
• during the risk assessment (and especially risk identification) phase since it includes all areas where risks may arise;
• in the consolidation phase, by checking whether some risk areas have not been analysed/covered, allowing them to be examined in more depth, if necessary.
More specifically, during the most recent update we integrated the Risk Universe (which currently includes more than 60 risk classes) carrying out specific investigations focused in particular on the issues of Climate Change and Sustainability in general.
Following the update of the Risk Universe, we carried out ERM risk assessment activities and the Group's Risk Catalogue was updated. More specifically, two assessment cycles were carried out during 2019, which involved all Group companies in Italy and abroad, for the identification of "TOP Risks" and "Gold Risks".
The results of the ERM process are periodically reported to:
• the Management/CFO/CEO, who assess the appropriateness of the risk profile in relation to the goals set and the actions taken to mitigate the risks;
• the Board Committees, which are tasked with the assessment of the overall effectiveness of the Integrated Risk Management process. During 2019, we integrated the risk reporting activity with the Group's "ERM Risk Dashboard" which monitors the risk variations of the ERM Risk Catalogue by comparing the results obtained in the current half year with those of the previous half year.
Monitoring involves two indicators:
• the risk profile, which is monitored by shifting the residual risk in the likelihood-impact matrix: any change in Likelihood and/or Impact that affects the risk profile makes it possible to measure the trend compared to the previous half year (increase, stable, decrease);
• the Key Risk Indicator: a specific risk indicator that only shows the quantitative changes and the trend of changes compared to the previous half year of the specific indicator monitored. More specifically, the main risks run by the ERG Group are listed in the "Risk and Uncertainties" chapter of the Report on Operations, to which reference may be made for further details.
A brief description of the main risks identified in the Enterprise Risk Management process follows.
| RISK | DESCRIPTION | MANAGEMENT STRATEGY IMPLEMENTED BY THE ERG GROUP |
|---|---|---|
| 1 - Natural variability of renewable sources | The production volumes are subject to variability due to the natural mutability of renewable sources (water, wind and sun) which, in the event of lower contributions, may adversely affect the production of renewable plants and, subsequently, Group results. | • Diversification of the generation portfolio from both a technological (Wind/ Solar/Hydro/Thermo) and geographical (at European level) point of view in order to compensate for changes in the various renewable sources (Wind/Solar/Hydro). |
| 2 - Price Risk | Risk linked to the volatility of market prices of commodities (in particular electricity and gas), which can affect Group's results. | • Definition of risk exposure limits and their regular monitoring. • Escalation process if the approved limits are exceeded. • Use of financial instruments to hedge the price risk only if there is an underlying asset. • Contractualisation of indexed sales formulas, if possible, to transfer risks to customers. |
| 3 - Regulatory modifications | Possible worsening of the national and international legislative/ regulatory framework in the countries in which the Group operates that may negatively impact the achievement of business targets. | • Legislative and regulatory monitoring through institutional relations, related channels, comparison with operators in the sector, and the specialised press. |
| 4 - Downgrade rating | Risk linked to potential downgrading by the Rating Agency that could limit the ability to access the capital market and/or increase | The risk mitigation strategy, which is aimed at preventing the occurrence of "crisis" situations (e.g. liquidity; breach of financial covenants) that could lead to a downgrade of the rating, is structured over various levels and involves the pursuit of: • a balanced financial structure in terms of duration and composition; • the continuous monitoring of the final and expected results and of the financial balances; • investment planning consistent with existing financial covenants and associated risks; • the search for a business portfolio that ensures stable cash generation from its business activities, including through the geographical and technological diversification of its plants. |
| 5 - New | Possible uncertain events originating from various factors, for example, scenario (micro/ macro-economic, political, regulatory, business-related), technical, operational, financial, organisational, etc. which may have an impact on the decision of a new investment and/or its success. | • Specific Organisational Units tasked with ensuring the achievement of growth objectives through new investments (organic growth and/or M&A). • Structured processes for the selection of investments consisting of subsequent project examination and approval activities including, inter alia, internal and external supporting studies, benchmark analysis, legal and regulatory analysis, sustainability models and financial assessment/planning. • Timely analysis for risk-relevant projects which include: (i) Potential impact and strategy/actions to contain/eliminate the risk; (ii) Follow-up items for mitigation process monitoring. • Periodic WACC/HR updating, also through benchmarking, to ensure an adequate return with respect to the expected risk profile. |
| 6 - Cyber | Potential cyber-attacks that exploit vulnerabilities may bring industrial production systems to a standstill and, subsequently, affect Group's results (e.g. Revenue). | • Security assessment to identify system criticalities and supporting |
| 7 - Failure to | Internal/external events which may negatively affect the reputation of the ERG Group (amongst the different factors: financial performance, Ethics and Integrity,Social Responsibility, HSE Policies,ICT Security, crisis management, | • Specific communication and information activities aimed at maintaining the Group's high level of reputation among stakeholders, which include, among other things, a structured Corporate Social Responsibility process with specific social |
| 8 - Anti-Corruption | The possibility that one of the Companies in the Group and/ or a director, representative or | • Adoption of a system of behavioural rules (Code of the Ethics and Anti- Corruption Policy) valid for all the Group. |
| 9 - Industrial risks and HSE | Risks due to the malfunctioning of plants, which may cause problems in production processes and/or negatively affect HSE. | • Technological and geographical diversification of the generation portfolio in order to limit negative impacts. |
Page updated at 22 Jul 2020