Risk management

Like any other company, we have to deal with a large variety of internal and external factors that affect our operations in a positive or negative sense. In our operations, it is of crucial importance for us to have as complete a picture as possible of the risks we run, and to take measures to control these risks.

In the decision-making at Gasunie, risk management plays an important part at every level, and is an integral part of our operations. Our risk management focuses on factors that affect the feasibility of our strategy and objectives, as well as factors that affect our business operations. Insight into risks allows us to make well-informed choices that lead to a greater chance of success for our strategy.
Our risk appetite serves as a guideline in this. Demonstrating that risks have been weighed in decision-making is important for Gasunie, not only because external laws and regulations require this of us, but above all because it improves the quality of the decision-making.

Developments in risk management in 2017

We aim to continue to develop our risk framework and the execution of risk management in practice. We periodically assess the set-up and functioning of our risk management, for instance as part of project evaluations or in response to audit results. Attention was devoted to the following in 2017:

  • further integrating risk management in the business plan cycle, which will also strengthen the link with our strategy;
  • strengthening the influence of our internal ‘second line of defence’ (for instance, business controllers and risk management positions): the aim is to further reinforce a culture in which an open dialogue is conducted on choices and dilemmas;
  • fine-tuning the debate on risks and control measures at corporate level through substantive discussions on our top-of-mind risks and our risk appetite;
  • we determined that our risk management system is in line with the requirements of the new corporate governance code.

Risk framework: policy and control

Risk management is a continuous process that is performed at all levels of the organisation. It provides management information for decision-making and supports accountability for decisions and choices made.  Our employees act on the basis of our core values and risk awareness, and form the basis of risk management at Gasunie in that sense.
The Executive Board is responsible for risk management within our company and is accountable to the Supervisory Board for that. It is supported by the Corporate Risk Management department. At corporate and business unit level, we mainly identify and control the strategic and external risks and opportunities. Within the departments and work processes, the focus is mainly on operational, reporting and compliance risks.

We use the Three Lines of Defence (3LoD) model. The first line is formed by our business/line management: this is primarily responsible for implementing the strategy and the activities and therefore also for the use of risk management. The second line consists of corporate departments, including Risk Management, Control and Safety, whose task it is to advise, challenge and sometimes also test the operating activities in the (business) units. An ‘Expert Committee’ is deployed to advise the Executive Board specifically for large or strategic projects. The third line is formed by the Operational Audit department, which carries out operational audits to assess the set-up and functioning of the risk management system and control and reports on this to the Chair of the Executive Board and the Audit Committee of the Supervisory Board.

The (business) units give accountability reports to the Executive Board using the Document of Representation (DoR). In doing so, they provide formal feedback on the fact that the business controls have been carried out in accordance with the internal requirements for management control and the Code of Conduct. This is also an extra opportunity to share ideas with the Executive Board on current dilemmas.

The Supervisory Board discusses management control with the members of the Executive Board on a regular basis. Developments regarding the objectives, strategy and policy, as well as the most important risks for the company and the outcomes of operational audits, are also addressed.

Gasunie’s risk management model

Risks influence the achievement of our objectives and the value we want to create. In order to reflect on and discuss risks in a structured and recognisable way, it is important to use a practical classification of our risks. We have set up the COSO Enterprise Risk Model we use in such a way that it facilitates our thinking and above all our actions as well as possible. We make a distinction between strategic risks and external risks. Strategic risks have a direct relationship with the expected reward. Our risk appetite in this regard differs per strategic pillar.

External risks have no risk/reward relationship and can hardly be prevented, if at all. The focus is on managing the impact of these risks.

We view the COSO risk categories ‘operational, reporting, compliance’ as risks whose materialisation can be avoided with a good control framework (hence: avoidable risks) within the limits of the ALARA principle (As Low As Reasonably Achievable). We strive for a degree of control in such matters, in keeping with our risk appetite and in combination with cost efficiency.

The table below provides a summary of our risk appetite; for a summary of our key current risks, see the chapter on ‘Our risk profile’.

COSO category

Control model

Risk acceptance and explanation

Strategic

External risks

 

(be prepared)

The likelihood that an external risk will manifest cannot be avoided or can hardly be avoided; control mainly focuses on limiting the impact.

  • Pillar I: Low. In the regulated domain in our home markets, we are always very aware of our social role and position. We do not want to fall short here, not even in challenging circumstances. The social discussions on the future energy supply and curtailment of Groningen production mean that we cannot be prepared for all eventualities. Stable regulation that does justice to our efficient costs is very important to us.
     
  • Pillar II: Low. In Pillar II as well, we are alert to situations in which our social responsibility plays a role. We prevent external risks in this pillar from having a negative financial effect on our home markets.
     
  • Pillar III: Neutral. In Pillar III, we accept that we operate in a rapidly changing environment. This can be seen from the social pressure and political discussions in which a range of opinions can be heard. We continue to adhere to our strategy within this environment.

Strategic risks

 

(balance of risk/reward)

In pursuing our strategic objectives, a balance is sought between the expected rewards and risks.

  • Pillar I: Very low. The limited margins in the regulated domain call for a low to very low risk appetite; strategic choices are weighed against the guaranteed revenues.
     
  • Pillar II: Low. In the activities in our core area (the Netherlands and Germany), our risk acceptance is largely determined by our focus on the public interest, in addition to a thorough financial-economic consideration, of course. Outside our core area, there is a more pronounced focus on the balance between risk and reward.
     
  • Pillar III: neutral. The projects call for a more enterprising attitude, even if legislation is still being developed. In very innovative environments, more risk is accepted than in the large-scale application of existing methods. For Pillar III, it is very important for our strategy to be actively rolled out (very low acceptance of risk of stagnation).

Risks for the three pillars cannot be seen as entirely unrelated to each other. Particularly in the case of risk accumulation, our risk acceptance is low.

Operational

Reporting

Compliance

Avoidable risks

We do not tolerate unsafe situations in any of our activities. Risks that endanger the safety of our surroundings or Gasunie’s employees or contractors, or which could harm the environment, are tightly controlled and avoided as much as possible.

We adhere to the law and our Code of Conduct; where dilemmas arise in our operating activities, we deal with these transparently. We stand for integrity in our conduct in our internal organisation and outside of it and are vigilant about preventing fraud.

For access to the financial markets, it is essential that our financial systems and reports are reliable.

  • Pillar I: Zero. In our regulated activities, the focus is on our ‘licence to operate’. An extraordinarily good performance in relation to safety and reliability of supply is achieved through our strong control environment. We are also demonstrably efficient and our concern for the environment and compliance with the law go without saying.
     
  • Pillar II: Very low. A high degree of control is just as important in our Pillar II activities. Up to a certain point, we accept dependency on partners and cooperation with other (corporate) cultures.
     
  • Pillar III: Very low. In Pillar III, the innovative character of some projects and partners translates into somewhat higher risk acceptance. Nonetheless, safety, the environment and legislation are important starting points here too.

In Control Statement

The Executive Board is aware that no risk management systems, no matter how professional, can offer absolute certainty that the company objectives will be achieved or that such systems can fully prevent material inaccuracies, loss, fraud or violations of the laws and regulations.

With respect to the financial reporting risks, the Executive Board states that the internal risk management and audit systems provide a sufficient degree of certainty that the financial reporting does not contain any material inaccuracies and that the risk management and audit systems in the year under review functioned adequately. Any deficiencies, of which there were none this year, are included in the report.

Material risks that are relevant for the coming year are part of this report. It is therefore expected that the continuity of the company is guaranteed for the coming twelve months.