Enterprise risk management process
Snam, although with a limited economic and financial risk profile because most of its operations are in regulated business segments, adopts a structured and systemic approach to governing all risks that could affect value creation.
Through its Enterprise Risk Management (ERM) and the Risk Management Policy issued in 2015, Snam has worked to strengthen this process, introducing a structured method for identifying, evaluating, managing and monitoring risks, which is standardised for all Group companies.
Snam’s dedicated ERM department manages and oversees the following main activities:
- Risk identification and measurement;
- Enterprise and prioritisation assessment;
- Definition of the management strategy;
- Monitoring and reporting;
- Maintenance and evolution of the model.
Identification and measurement
of risk events relating to corporate processes and external risk factors that could influence the achievement of corporate goals, either through direct impacts on results and corporate finances (lower revenue or higher costs) or through intangible negative effects on other types of capital, especially the "licence to operate".
Enterprise and prioritisation assessment
Each event is assigned an "enterprise measurement", which summarises, for each risk, the different measurements carried out by the risk owner and by centralised units with specialist expertise. The prioritisation of risks is defined by combining the measurement of impact and probability.
Definition of the management strategy
For all risks, management measures are identified, together with any specific interventions and the relevant implementation time frames, associated with a type of risk management from among those that have been codified. The management plans for the main risks are presented to the Control and Risk Committee.
Monitoring and reporting
The risk mapping is periodically updated according to the enterprise measurement, and at least once a year, including for low-priority risks. Periodic reporting guarantees, at the various corporate levels, the availability and representation of information relating to the management and monitoring of the relevant risks.
Maintenance and evolution of the model
The eRM model is maintained continuously and independently of the phases of the process, with the aim of constantly ensuring an effective model that reflects the technological and methodological progress made in the field of risk management.
The main enterprise risks identified and monitored were classified as financial and non-financial (strategic risks, legal and non-compliance risk and operational risks).
17 April 2019 - 08:35 CEST