Elements of uncertainty and risk management
Though it maintains a limited economic and financial risk profile, since its activities are concentrated in regulated business sectors, Snam adopts a structured, systemic approach to governing all risks that may affect the conditions that form the basis of its value creation.
Through its Enterprise Risk Management (ERM) and the new Risk Management Policy issued in 2015, it has worked to strengthen this area, introducing a structured method for identifying, evaluating, managing and monitoring risks, which is standardised for all Group companies. The ERM model, which is managed by a dedicated corporate department, is an iterative one that enables dynamic and integrated group-wide risk assessment that brings out the best of the existing management systems in individual corporate processes.
Monitoring and reporting:
the risk mapping is periodically updated according to the enterprise measurement, and at least once a year, including for low-priority risks. Periodic reporting guarantees, at the various corporate levels, the availability and representation of information relating to the management and monitoring of the relevant risks.
Definition of the management strategy:
for all risks, management measures are identified, together with any specific interventions and the relevant implementation time frames, associated with a type of risk management from among those that have been codified. The management plans for the main risks are presented to the Control and Risk Committee.
Identification and measurement:
of risk events relating to corporate processes and external risk factors that could influence the achievement of corporate goals, either through direct impacts on results and corporate finances (lower revenue or higher costs) or through intangible negative effects on other types of capital, especially the licence to operate.
Enterprise measurement and prioritisation:
each event is assigned an “enterprise measurement”, which summarises, for each risk, the different measurements carried out by the risk owner and by centralised units with specialist expertise. The prioritisation of risks is defined by combining the measurements of impact and probability.
Using the model described above, four risk assessment cycles were performed on the entire Snam Group in 2015. As at the end of 2015, 360 enterprise risks had been mapped and broken down between all corporate processes.
In addition to the ordinary activities of checking and monitoring the risks mapped, other measures were carried out with a view to continually improving the model adopted and supporting the risk managers. Specifically:
- analysis and classification of all causes of risks in order to better identify the root causes and the relevant management and/or mitigation measures. Classification was carried out by distinguishing between endogenous and exogenous causes, and further subdividing them into categories (people, processes, regulations, suppliers, etc.) and subcategories;
- preparation of an integrated intervention plan that combines all intervention measures and the relevant time frames for managing and/or mitigating risks;
- creation of a methodology for identifying and measuring the positive effects of events (suitability);
- production of an IT tool that allows cyclical checks on risk mapping to be carried out online.
One of the best features of Snam’s ERM model is the wide-ranging nature of its impact measurement.
Any risk event may have 10 different types of impact, some determined by the risk owners (operational impacts) and others by specialist departments (e.g. the legal impact of an event is assessed by the Corporate and Legal Affairs and Compliance department). This means risk measurement from different perspectives and team risk prioritisation.
The most common operational impact is industrial impact, consistent with the fact that risk identification begins with process analysis. The most prevalent specialist impacts include reputational and legal impacts, confirming the existence of an increasingly globalised external context subject to ever more complex regulations.