Management of risks and opportunities
As outlined in the previous section, Snam places the Enterprise Risk Management (ERM) function at the second level of the SCIGR, which corresponds to monitoring risks and the adequacy of controls. ERM reporting directly to the General Counsel, which performs a fundamental function in the context of integrated corporate risk management for all Group companies. The main objective of the ERM model, which works in line with the recommendations of the CoSO framework and the new 2020 Corporate Governance Code, as well as international best practices, is to identify risks using standardised, group-wide policies, so as to identify priority events and ensure their consolidation and reporting. The risk is defined as an effect of the uncertainty on the targets of the Strategic Plan and can be negative or positive in scope. The results of the risk and opportunity assessment and monitoring activities and the related mitigation measures are presented regularly to the Control, Risk and Related-Party Transactions Committee, the Board of Statutory Auditors, the Supervisory Body and the Board of Directors of Snam. In this context, the ERM unit also carries out awareness-raising and training activities for executive and non-executive directors with regard to the applied risk management methodologies and the evolution of Snam’s ERM model.
The results are also shared with: the Internal Audit department, which uses them when preparing audit plans; the Strategic Planning department, which assesses coherence with the risk assessments and analyses of the Strategic Plan; the Sustainability department, to support planning activities and to define strategies for managing ESG themes that are relevant to the Group.
- Identification of risk events related to business processes and external risk factors that could affect the achievement of company targets by Staff and Business Managers, responsible for the implementation of initiatives aimed at the effective oversight of risks, and specific analyses of the operational processes of every Company and of the corporate Strategic Plan. The events are periodically reviewed, also in the light of the growing significance of new business development areas, in order to ensure correct oversight of risks and opportunities related to them.
- Assessment and prioritisation of each event in terms of probability of occurrence and impact, negative (risks) or positive (opportunities). The probability is determined on the basis of a scale from 1 (remote) to 4 (highly probable); the impact, measured on a scale from 1 (low) to 4 (significant), is assessed according to qualitative (industrial/business, asset, reputational, legal, market, health and safety and environment) or quantitative (economic, financial) dimensions. The prioritisation of the risks, a combination of the assessment of probability and impact expressed by risk owners (first reports of the CEO) and risk specialists, is represented on 4 levels (low, medium, high and critical, for risks; light, moderate, good and excellent, for opportunities). Furthermore, the event management strategy (monitoring and management, mitigation, transfer) is defined and the actions or specific interventions are identified.
- Monitoring activity on the evolution of the single risks and opportunities (and/or of the entire risk register) on the basis of the stage of progress of the management interventions/actions associated with the risks/opportunities and the trend of the risk indicators.
- Periodic reporting on the results of the risk identification, assessment and monitoring activities. The purpose of periodic reporting is to report to the company’s Top Management, the Control bodies and any other significant stakeholders the information collected in the previous stages, namely: main risks to which the Company is exposed, measures identified, monitoring indicators, changes that may impact the business in the future, main opportunities.
The wide-ranging nature of its impact measurement is a distinctive feature of Snam’s ERM model. Indeed, every event is assessed in relation to eight types of impact, some of which are determined by risk owners (operational impacts: Economic, Industrial/Business, Asset), others by specialist departments (impacts: Financial, Legal/Compliance/Governance, Reputational, HS/Environment, Market). Lastly, in addition to the Governance and Environment impacts, the Social impact has been defined in connection with the continuous and increasing integration of ESG aspects within the ERM framework and will be incorporated into the model in 2021. Thus, risk is assessed from different perspectives and risk prioritisation is defined by combining the measurement of the impacts and the probability related to them. The opportunities are identified in a similar way to risks, that is operational impacts are determined by risk owners and the other impacts by specialist departments. With particular reference to the specialised impact in terms of health, safety and the environment (HSE), the environment component makes it possible to incorporate aspects related to the environment and climate change associated with the identified risks and opportunities and, therefore, to determine their materiality based on the significance of their – positive or negative – contribution to managing climate change and environmental aspects related to the area in which Snam operates.
Risks identified via the ERM process are classified as financial, operational, legal and non-compliance, and strategic, including risks related to ESG issues that these may contain.
In 2020, the mapping of risks/ opportunities was updated through the RACI IT platform under the scope of the Integrated Risk Assurance and Compliance model, aimed at coordinating and integrating second-level control information flows with a synergistic approach, intended to achieve the maximum rationalisation and overall efficiency of the SCIGR. At the end of 2020, approximately 141 enterprise risks were mapped, 31 of them distributed across all corporate processes.