Enterprise Risk Management

 

The Acea Group envisages specific procedures for managing the categories of risk peculiar to its Business Model or identified as relevant from a strategic perspective.

Detail of a man's hands leafing through a stack of documents while sitting at a desk Detail of a man's hands leafing through a stack of documents while sitting at a desk

Internal Control and Risk Management

 

As an integral part of its Internal Control and Risk Management System, the Acea Group has set up an Enterprise Risk Management (ERM) framework, with a view to integrating the risk management process on an ongoing basis.

 

The aim of ERM is to guarantee an effective identification, analysis and control of the main risks to which the Acea Group, owing to the nature of its business and the strategies adopted, is potentially exposed, ensuring that the Group’s overall exposure is consistent with the Business Plan and Sustainability objectives.

 

The ERM Framework, which aims to enhance the integrated vision of risks and their proactive management, is intended to:

 

  • show the nature and relevance (probability and economic-financial and/or reputational impact) of the main risks, with implications also in terms of sustainability issues, that might compromise the achievement of the Group’s strategic and business objectives;

 

  • steer the response strategies and the consequent additional mitigation actions.

The Risk Models

The Risk Model, which reflects the array of risk categories to which the Acea Group is potentially exposed, is derived from a careful analysis of both the socio-economic and business context in which the Group operates and the Business and Sustainability Plan objectives.

The Risk Model’s logic of representation

 

Various risk type aggregation levels, with increasing granularity, based on the following elements:

 

Risk driver: provides an indication regarding the risk source characteristics (external, internal or associated with the Group’s guideline activities).

 

Risk category: this groups together the risks ascribable to a specific operating procedure/corporate activity or having as common characteristic the same external risk source.

 

Risk type: this concerns the aggregation of risk scenarios, of a similar nature, based on a logic of prevalence that allows the risk event to be catalogued.

The methodology and tools used to identify the risks and assess their severity are developed with increasing attention to ESG aspects. During the risk assessment process, which is performed at least once per year, the “risk owners” identify the risk scenarios and highlight their potential impacts, if any, with regard to material issues for Acea. 

 

 

 

 

 

 

Synthetic representation of the Acea Group risk model 

Synthetic representation of the Acea Group risk model

 

 

 

 

 

 

 

 

 

The main Risk Management phases

 

ERM comprises the following main Risk Management phases 

Risk categories

 

Owing to the nature of its business, the Acea Group is potentially exposed to various categories of risk:

 

External Risks

 

Competitive-regulatory risks, risks arising from natural events and climate changes, financial market risks

Internal risks

 

Operational and environmental risks specific to each business segment, Information Technology risks and risks associated with Human Resources.

For further informations

 

For further information on all the risks and uncertainties to which the Acea Group companies are exposed, please read our 2024 Consolidated Financial Statement.

For further information on our central monitoring stations for particular risk categories, please read our  2024 Report on corporate governance and ownership structures (only italian version).