6.2 Snam's Enterprise Risk Management system
Partly in order to execute the provisions of the Code of Corporate Governance, Snam has adopted an ERM system comprising organisational structures, procedures and rules for identifying, measuring, managing and monitoring the main risks that could affect whether or not it achieves its strategic objectives.
In 2013, the ERM system provided Snam and its Subsidiaries with a common and structured method for identifying, evaluating, managing and controlling risk in line with existing international best practice and benchmark models (COSO Framework and ISO 31000). The ERM system therefore involves an integrated, cross-functional and dynamic risk assessment that makes the most of existing management systems in individual corporate processes, and is updated to ensure that it always acts as an effective model that is in line with technological and methodological progress in risk management.
The results in relation to the main risks and the relevant plans for managing said risks are submitted to the Control and Risk Committee, which assesses the effectiveness of the internal control and risk management system in relation to the specific features of Snam and its risk profile.
Snam has an ERM, whose duties include:
- defining and updating Snam’s ERM model and providing specialist methodological support in identifying and evaluating Group risks;
- coordinating the overall ERM process, ensuring that the risks to Snam and its Subsidiaries are properly consolidated and prioritised;
- identifying enterprise risks and scoring them where appropriate;
- working with the competent corporate departments to consolidate strategies for managing the identified risks;
- coordinating the risk monitoring and control activities;
- supervising periodic reporting and the management and updating of defined risk indicators.
The objective of the identification stage is to pinpoint elements of risk both within and outside the corporate processes of Snam and its Subsidiaries that might affect their attainment of corporate objectives. Risk is measured in an integrated and cross-cutting manner using different scales of probability and impact, both in terms of quantitative (e.g. economic and financial) and more qualitative and intangible (e.g. reputational, health-related, safety-related and environmental) aspects.
Each event is given an enterprise score. For each risk, this score summarises the different evaluations performed by the risk owners and by the centralised units with specialist areas of expertise. Risks are prioritised according to a combination of impact and probability scores.
Management actions and specific interventions are identified for all risks, with implementation timeframes identified and risk management types selected.
Risk mapping is dynamic and thus needs to be reviewed periodically. The enterprise score dictates how often these reviews take place, but they happen at least once a year, even for low-priority risks. Periodic reporting ensures that the information on risk management and monitoring activities is available and represented across the different levels of the company.
In 2014, the ERM department verified the risk mapping and related risk mitigation measures on a quarterly basis, submitting the results to the Control and Risk Committee.
The main corporate risks identified, monitored and, insofar as specified below, managed by Snam are as follows:
- market risk arising from exposure to fluctuations in interest rates and the price of natural gas;
- credit risk arising from the possibility of counterparty default;
- liquidity risk arising from not having sufficient funds to meet short-term financial commitments;
- rating risk;
- debt covenants and default risk;
- operational risk;
- risks specific to the business segments in which Snam and its Subsidiaries operate.
Below is a graphical representation of how Snam’s ERM system works.