We Outpace the Future by Managing Risks
Risk management allows us to anticipate events, mitigate impacts,
and seize opportunities. This approach is key to ensuring business sustainability
We manage risks under the guidelines of the Comprehensive Risk Management System (CRMS) Policy and Manual, aligned with best practices and international standards, guaranteeing a solid and efficient framework for identifying, evaluating and mitigating these in all operations. We have a technological tool managed by each one of the teams that supports us in managing and monitoring risks and opportunities in the processes. This allows us to integrate the risks, their level of exposure, the causes, controls, responsible parties, action plans, and other factors in one place..
The Comprehensive Risk Management System (CRMS) focuses on identifying the most relevant risks in the strategy to address the incidence and criticality of the impacts on our objectives in:
-
Processes
-
Projects
-
Facilities
-
New businesses or products
To evaluate our risks we analyze the criteria of probability and impact. To qualify the probability we have a scale that includes very low, low, moderate, high and very high levels, according to the occurrence of the event.
To assess the impact we have four possible criteria, The economic impact scale is aligned with the Ebitda financial indicator.
| Scale | Economic impact |
|---|---|
| Lower scale (very low level) | Less than 0.5% of the previous year’s Ebitda. |
| Low scale (low level) | Between 0.5% and 3% of the previous year’s Ebitda. |
| Significant scale (moderate level) | Between 3% and 7% of the previous year’s Ebitda. |
| Major scale (high level) | Between 7% and 10% of the previous year’s Ebitda. |
| Significant scale (very high level) | Greater than 10% of the previous year’s Ebitda. |
When we combine the probability and impact criteria we arrive at the Exposure level:
When we combine the probability and impact criteria we arrive at the Exposure level:
Risks at the high and critical exposure levels are not tolerable, are prioritized and immediate actions must be implemented to control them.
Ongoing monitoring and oversight is performed by the risk team, and management indicators are measured quarterly, including the implementation of risk mitigation measures. Relevant risk management issues are presented quarterly to the Audit, Finance and Risk Committee.
The risk management process is reviewed annually in internal and external audits of the quality, environmental and asset management systems.
Assessment of the magnitude and potential scope of risks
The risk management process is defined in the SGIR and adjusted to international good practices, such as ISO 31000 and the COSO ERM standard, which define similar components based on the understanding of the business, objectives, environment and trends.
Subsequently, we identify and analyze the relevant risks, associate them with mitigation controls, evaluate them in terms of probability and impact qualification and, according to the level of exposure, define their treatment, record them and report them.
Risk Governance
Risk management is a strategic, cross-functional process independent from the business lines. Our SGIR is supported by the Risk Management Policy, which defines the elements, the general action framework for any type of risk, and the governance structure—that is, the bodies, roles, and responsibilities that ensure the functioning of the system based on a three-lines-of-defense control mode.
Risk management governance structure
Instances, roles and responsibilities
- Board of Directors: Approves the policy and risk appetite, and oversees the SGIR. Chair: Reports to the Board and shareholders on risks and mitigation actions.
- Steering Committee: Oversees the SGIR and flags emerging risks.
- Audit, Finance, and Risk Committee: Monitors strategic risks and oversees the SGIR.Risk Area: Designs, implements, and monitors risk management activities.
- Internal Audit: Assesses the effectiveness of the SGIR and recommends improvements.
- Risk managers: Update risk maps and promote a risk-aware culture.
- Employees: Implement, report, and escalate risk-related issues.
In addition, we follow a management and control model based on the three lines of defense, as follows: - First line of defense: It is made up of the business areas and all the support functions that generate exposure to risks.
- Second line of defense: It is made up of the Risk and Compliance areas.
- Third line of defense: It is made up of the Internal Auditor and is responsible for supervision and control.
In addition, we follow a management and control model based on the three lines of defense, as follows:
- First line of defense: It is made up of the business areas and all the support functions that generate exposure to risks.
- Second line of defense: It is made up of the Risk and Compliance areas.
- Third line of defense: It is made up of the Internal Auditor and is responsible for supervision and control.
Structural Independence in the Risk Management Function
Risk management is cross-cutting across the organization and external to the lines of business: Asset, home and company management (managed from the Generation, Transmission and Distribution areas, and Sales).
The financial director maintains constant interaction with senior management and the Audit, Finance and Risk Committee of the Board of Directors. These organizations have the greatest responsibility for risk management in the company.
In addition, the Risk Management Policy supports the SGIR. It establishes the elements and general framework for action against risks of all kinds that the organization faces, as well as the governance structure that indicates the instances, roles and responsibilities to manage and ensure the proper functioning of the SGIR.
Strategic and Emerging Risks
We continually carry out interdisciplinary work to identify and evaluate the company’s strategic and emerging risks:
They are the internal and external events and trends that can generate a positive
or negative deviation on the company’s expected growth trajectory,
our strategy and the value for shareholders.
-
Have the human talent that enables the company’s strategy.
-
Regulatory.
-
Changes in the political environment and macroeconomic variables.
-
Climate change and Nature
-
Cyber-security.
-
Changes in the dynamics of supply and demand in the energy market.
-
Stakeholder relations
These are risks that have been recently identified and, if materialized, could affect the organization and the industry within an approximate time horizon of three to five years. However, some of their consequences may already be impacting business performance today
Emerging risks may involve new and unforeseen events, or may be linked to the evolution of previously known risks in terms of their characteristics and potential impacts:
- Accelerated adoption of new technologies such as IIoT, artificial intelligence, blockchain, and automation throughout the electric power service value chain. This creates uncertainty regarding their integration and use in the energy sector and affects processes, productivity, consumer interaction, and data management.
- Global, regional, and local demographic shifts such as the growth of the middle class, changing family dynamics, migration, aging populations, and urbanization,which result in new energy consumption patterns. These issues are redefining electricity demand and require new business models for companies in the sector.
To learn about
our strategic Risk.
Find here the results
of our risk management in 2024
Conoce nuestro ESG Databook
con el detalles de todos los indicadores AGS.