1. RISK APPETITE FRAMEWORK
As defined above, the Risk Appetite Framework (RAF) sets out the level of risk that we are willing to accept in the pursuit of its value creation objectives. The risk appetite is defined through the identification of specific risk metrics which, in line with our vision, define tolerance thresholds in the business areas considered significant for the achievement of the strategic objectives identified in the Industrial Plan, ensuring medium-long term sustainability. For this reason, each risk metric is monitored by Management through a process of analysis, management and reporting that makes it possible to identify any deviations from the defined risk profile when operating strategies.
The concept of risk appetite and related analysis metrics can be effectively represented by the following picture.
- Risk Capacity: the maximum amount of risk that we are able to assume, without compromising obligations, regulatory requirements, or the business continuity itself;
- Risk Tolerance: level of risk that we do not intend to exceed in pursuing specific objectives, to be understood as the maximum deviation from the Risk Target, in terms of the amount of additional risk;
- Risk Target: is the optimal level of exposure to the single risk that should guarantee us a correct risk-opportunity balance in pursuing our objectives;
- Risk Profile: current level of risk to which we are exposed in a certain period on a certain metric of analysis.
2. RISK ASSESSMENT PROCESS
The aim of the risk assessment process is to map emerging risks in relation to the evolution of company’s strategies, our internal structure and the competitive environment. This activity, which is carried out periodically, is coordinated by the Risk Management structure and involves the proactive involvement of the entire Management in the identification and analysis of risk scenarios that pertain to our areas of expertise.
The process consists of two macro-phases whose objectives are:
- to obtain an overall view of the risk scenarios that impact our various operating areas, identifying the Top Risks, meaning those scenarios that may have a significant impact on the achievement of our economic-financial, compliance objectives and/or on our image;
- to carry out, for the identified Top Risks, further investigations with which to identify specific management strategies (so-called risk response) aimed at reducing impact and probability to acceptable levels, and analysis indicators (so-called key risk indicators) useful for monitoring their trend in the reference period, with the aim of assessing the potential impacts that they may have on our performance and the achievement of the strategic objectives to which they are linked.
3. OPERATIONAL RISK MANAGEMENT
In order to support efficiently and effectively the Management in achieving strategic objectives, an operational risk management approach has been developed within the Business processes considered most significant, with the aim of adopting "risk based" approaches in the processes of evaluating relevant operations, such as
- M&Aand other investment operations: the process defines roles and responsibilities for risk analysis activities in support of M&A operations aimed at purchasing plants from renewable sources and/or companies operating in the energy services business and in-house development projects for new plants and other business initiatives in the energy services sector (e.g. storage, cogeneration, etc.);
- Energy Management: the process defines roles and responsibilities for risk analysis activities in support of Hedging (pricing strategies for the physical volumes underlying the portfolio, in order to ensure revenues at least equal to budget revenues) and Trading (strategies aimed at achieving margins by exploiting price volatility).
Operational risk management has enabled the adoption of project risk monitoring and reporting systems, together with a system to verify in detail the risk metrics and consistency with the risk profile adopted (risk appetite framework), supporting the decision-making process and reporting any deviations through integrated information flows (input and output) between the first-level and second-level structures.
4. RISK REPORTING
The reporting system includes activities aimed at sharing information and analyses relating to risks and their occurrence internally, with the aim of providing a clear view of our level of risk exposure and the response strategies in place. Reporting provides for different methods and levels of granularity of information according to the audience, with detailed reports by segment of activity for the Management and summary reports focused on the most relevant issues for the Top Management Strategic Supervision Bodies.
In particular, reporting activities to the Board of Directors and the CRSC
represent a natural link capable of fostering the oversight of risk management processes by the Strategic supervision and Management bodies, through the definition of specific information flows at recurring intervals, such as:
- monthly/ad hoc reporting with information on the results of the main risk analyses conducted to support the relevant business transactions carried out, together with information on significant events that impact our risk profile (introduction of new risk events, deviations from the risk appetite framework, etc.);
- half-yearly reporting with information on the results of the update of the risk mapping process at Corporate level, to which is linked a quarterly report describing the analysis of the main Key Risk Indicators identified for each Top Risk.
The adoption of structured risk management processes that include "risk based" methodologies and approaches in decision-making processes, is bringing numerous benefits in the management of the business, thanks to the development of
- a better ability to forecast and respond to change, strengthening knowledge and understanding not only of systemic risks, but also of emerging risks of an external and strategic nature, with the aim of reducing the volatility of expected results;
- a better understanding of shareholders' actual risk appetite, which has been translated into concrete strategic objectives when defining corporate strategies (Risk Appetite);
- a vision of the exposure to the main risk factors and opportunities that characterize the development processes that are significant for the business (e.g. Investments), which has encouraged a balance in the allocation of capital that takes account of the exposure to the underlying risks in the expected returns;
- a strengthening in Governance processes through the active involvement of the Top Management and the Board of Directors, which is contributing to the pervasive diffusion of a risk culture that facilitates the integration of "risk based" approaches in corporate decision-making and planning processes, thus providing useful information for making informed decisions in view of balancing expected "risk-return";
- the application of increasingly sophisticated risk analysis techniques that allow a quantitative measurement of the impact of risks/opportunities, up to estimating the overall volatility of the expected results in certain business sectors, compared to the risks/opportunities identified;
- adoption of risk prioritization criteria, with the aim of focusing on significant risks, i.e. those that could seriously undermine the achievement of strategic objectives, or even medium-long term sustainability.