As an integral part of its Internal Control and Risk Management System, the Acea Group has set up an Enterprise Risk Management (ERM) framework, with a view to integrating the risk management process on an ongoing basis.
The aim of ERM is to guarantee an effective control over the entire universe of principal risks to which the Acea Group, owing to the nature of its business and the strategies adopted, is potentially exposed, ensuring that the Group’s overall exposure is duly managed in keeping with the Business Plan and Sustainability Plan objectives.
The ERM programme, which aims to enhance the integrated vision of risks and their proactive management, is intended to:
The risk model
The Risk Model, which reflects the array of risk categories to which the Acea Group is potentially exposed, is derived from a careful analysis of both the socio-economic and business context in which the Group operates and the Business and Sustainability Plan objectives.
The Risk Model’s logic of representation provides for various risk type aggregation levels, with increasing granularity, based on the following elements:
Enterprise Risk Management is the tool used by the Board of Directors and Management, through a structured process of analysis and management as regards the risk-opportunity factors to which the company is exposed, to enhance their ability to implement strategies and achieve business objectives via the conscious undertaking of risk.
Identify the main risk/opportunity factors
Measure risks in terms of probability and impact on business performance and objectives
Identify the risk management strategies and the counter-measures to be put in place
Monitor the trend in risk profile and the effectiveness of established responses
Owing to the nature of its business, the Acea Group is potentially exposed to various categories of risk, above all competitive and regulatory risks, risks concerning natural events and climate changes, financial market risks (external risks) and operational and environmental risks specific to each business sector, Information Technology risks and Human Resources risks (internal risks).
These are the strategically important risks typical of the reference business environment, management of which offers competitive advantages.
Strategic risks represent a type of risk associated with the ineffective implementation of strategic actions decided by Top Management and/or the Corporate Bodies such as might compromise the achievement of set goals. This risk applies to both short-term (budget) and long-term (business plan) initiatives.
Special attention is given to M&A transactions and the risks connected with the group’s potential inability to put in place an appropriate strategy in terms of mergers, acquisitions and disposals and/or failure to effectively handle the governance of the venture.
The Acea group operates mostly in regulated markets; a change in the rules for the organisation of these markets, together with their characteristic requirements and obligations, can significantly impact the results and performance of operations.
These risks are mitigated via a careful monitoring of legislative and regulatory developments, discussions with the competent authorities and participation at association and institutional meetings, on the part of the appropriate business structures in synergy with the organisational controls put in place by the group.
In relation to the international geopolitical crisis arising from the Russia-Ukraine conflict, there are difficulties and uncertainties when assessing the effects and repercussions that could arise from the continuation of this international crisis.
Management is currently engaged in monitoring the situation on international markets and will continue its analysis of commodity price trends over the coming months as well as the trend of receivables, which however do not represent critical elements at the present time.
With regard to the short and medium-term effects of a financial nature, the Group is carrying out appropriate monitoring activities in order to take timely action. It should be noted that Acea Group has no direct relations with companies under Russian, Ukrainian or Belarusian law that are in any way affected by the conflict.
Among the risk factors to which the group is exposed it is important to highlight the potential effects deriving from unforeseeable natural phenomena (for example, earthquakes, floods and landslides) and/or cyclical or permanent climate changes affecting the networks and facilities managed by the Acea group companies. The former risk categories are dealt with by implementing structured asset governance tools, specific to each business area, as well as via projects, even at national level, aimed at enhancing the resilience of infrastructures in the various territories.
The remaining part of risks deriving from natural events is transferred by way of the group insurance plan.
Acea Water services
The companies operating as part of the Integrated Water Service, which manage the entire drinking water and wastewater cycle, from collection of the natural resource up to its return to the environment, implement programmes, procedures and controls with a view to ensuring an adequate supervision in matters of compliance on the basis of characteristics identical to those of the business managed (potential exceedance of water potability limits due to source pollution, potential exceedance of limits for the discharge of treated wastewater into recipient bodies, occupational health and safety, characterisation and conformity of outgoing waste, etc.).
Acea Commercial and trading
The Acea companies, in carrying out their sales activities on the electricity and gas Free Market, are exposed to the risk deriving from competition.
Furthermore, with reference to commodities, there is a risk connected with potential economic and financial damage due to the impact of changes in the macroeconomic context, including sudden changes such as the Covid-19 pandemic or the so-called energy crunch phenomenon.
Acea Electricity distribution
There are risks associated with projects at territorial level such as investments in network assets and the replacement of first generation electronic meters with second generation meters. The risks refer generically to the potential unknowns that may arise during implementation of such articulated and long-term projects; reference is therefore made to the possible critical issues associated with the work done on network infrastructures (authorisations from third-party bodies, procurement of materials, availability of firms, planning of activities, etc.).
The waste treatment and waste-to-energy facilities are characterised by a high level of technical complexity, requiring them to be managed by qualified resources and organisational structures with a significant level of know how. The waste treatment plants and the related activities are benchmarked on specific waste characteristics and a potential discrepancy between the said materials and the specifications can lead to definite operational problems, to the point of comprising the operating continuity of the plants and constituting relapse risks of a legal nature. For this reason special procedures have been put in place for the inspection and control of incoming materials via spot checks and analytical sampling pursuant to current legislation.
The main operational risks may relate to property damage, personal injury and damage arising from information systems and external events. Acea Produzione, in order to cope with any operational risks, has taken steps, since the start of its activity, to sign policies with leading insurance institutions and, most recently, to activate a Covid-19 insurance policy. The Company pays particular attention to the update training of its employees, in order to make field operators and all corporate management responsible for working in safety, respecting the environment and ecosystems.
For years now Acea has followed a development path focused on the use of new technologies as a driving force for the operational efficiency, safety and resilience of its industrial assets. The main business processes are now all supported by the use of advanced information systems, implemented and managed by the Group's centralised departments to support the operations of the various companies. In this sense, the Group is therefore exposed to risks concerning the adequacy of the IT infrastructure to the current or future needs of the various businesses, as well as to the risks of unauthorised access. Acea manages these risks with the utmost attention through specific corporate compliance organisational structures, coordinated by specialised Group safeguards.
As far as cyber security of systems, infrastructure, networks and other electronic devices is concerned within the scope of the services provided or the respective Group Companies, the current procedural and technological safeguards of the Companies themselves are implementing all the necessary actions to align their cyber security posture with the main national and international industry standards.
Risks associated with potential danger to workers’ health and safety could expose the group to significant costs for the reimbursement of damages, as well as detriment to the group’s reputation vis-à-vis public opinion and investors. Read more on the special initiatives associated with the Covid-19 health emergency.
The group is exposed to various risks of a financial nature, with particular reference to the risk of fluctuating prices/volumes as regards the commodities subject to purchase or sale, interest rate risk and, only to a minimal extent, to exchange rate risk.
In this context, reference is made to the cases of Price Risk and Volume Risk defined as follows:
Acea SpA ensures the analysis and measurement of exposure to market risks, interacting with the Energy Management Unit of Acea Energia SpA, verifying compliance with the general Commercial and Trading Sector Risk Management limits and criteria as adopted by the same and by the Administration, Finance and Control Department. The analysis and management of risks is carried out according to a second-level control process that involves the execution of activities throughout the year with different frequency per type of limit (annual, monthly and daily), performed by the Commodity Risk Control Unit and by risk owners. The reports are sent to Top Management on a daily and monthly basis.
The risk limits of the Commercial and Trading Sector are defined in such a way as to:
Interest rate risk
The Acea group’s approach to managing interest rate risk, considering the asset structure and the stability of the group’s cash flows, has hitherto essentially been targeted at protecting funding costs and stabilising financial flows, with a view to safeguarding the margins and ensuring certainty of the said cash flows deriving from ordinary operations.
Exchange rate risk
The group is not particularly exposed to this category of risk, which mostly concerns the translation of financial statements pertaining to its overseas subsidiaries.
The Group’s liquidity risk management policy, for both Acea and its subsidiaries, involves the adoption of a financial structure which, in keeping with business objectives and within the limits defined by the Board of Directors, guarantees a suitable level of liquidity that can meet financial requirements, whilst maintaining an appropriate balance between maturity and composition of debt.
The credit risk management procedure within the Acea Group can be summarised in 3 macro stages:
Risks associated with the Covid-19 health emergency
The Covid-19 emergency situation has also impacted the analysis of risks and identification of related management procedures. Right from the beginning of the pandemic, we put in place a series of actions to safeguard all stakeholders, from time to time adapting to developments in the situation.
Projects aimed at making operations in the field increasingly safe continued in 2021, such as the development of personal protective equipment with sensors that can signal proper usage (Smart PPE). We continued our comprehensive monitoring for the prevention and protection against the risk of infection from Covid-19, through the reorganisation of work activities and smart working, training courses, definition of specific protocols, dedicated communication channels, revision of risk assessment documents and health emergency plans, vaccination and screening campaigns for Acea personnel and activation of dedicated insurance coverage.
Lastly, even during this emergency phase, the pursuit of sustainable objectives remains a priority: we intend to take advantage of the opportunities that will derive from an acceleration of investments in infrastructures and renewable energy sources, particularly in connection with the European Green Deal and Recovery Fund programmes.
Cybersecurity risk management
The cyber threat is one of the national security aspects presided over by Acea. The Cyber Security Unit, part of the Technology and Solutions Department, has adopted a model in keeping with the requirements expressed by the public institutions.
In accordance with the indications received from the competent Authorities, we have invested in the expansion of measures to protect the networks and the IT, IoT and OT systems. In 2021, the cyber risk analysis programme was launched on all our services, to identify, measure and manage the risk arising from cyber threats. At the same time, with the creation of the Security Engineering structure the Vulnerability Management Programme was initiated, aimed at researching and mitigating vulnerability, in order to identify and oppose unlawful actions, using machine learning tools, advanced analytics and big data; a process of Security by design was also activated, for the implementation of security requirements during developments pertaining to all technological projects.
Lastly, the awareness and training campaign for the entire company population continued, with a view to enhancing individual awareness and skills in relation to cyber security issues.
For further information on all the risks and uncertainties to which the Acea Group companies are exposed, please read our 2021 Consolidated Financial Statement.
For further information on our central monitoring stations for particular risk categories, please read our 2021 Report on corporate governance and ownership structures.