Risk governance

The Board of Management has final responsibility for the execution of risk management, together with the management of the various business units. They are supported by support departments specialising in functional areas, such as Corporate Risk Management; Safety, Health, Environment & Quality (VGMK); Business Continuity Management; Security Office; Corporate Affairs and Compliance & Integrity. In addition, the Asset Management line department is tasked with preparing proposals for replacement investments based on a risk analysis. We apply the ISO-NTA 8120 (ISO 55000) standard for this. The operational asset risks are identified in the Electricity and Gas Investment Plan. The investment plan for the years 2020-2022 is available on www.stedin.net. Internal Audit performs audits and reports on the results to the Board of Management as well as the Supervisory Board's Audit Committee. From 2020, the topic of Risk is a fixed item of the agenda of the Audit Committee of the Supervisory Board twice a year. The new risk management policy now also applies to DNWG, as does the risk governance. A detailed description of risk governance is available on www.stedingroup.com.

Risk management process

Stedin Group's Enterprise Risk Management (ERM) framework covers both long-term and short-term uncertainties. For the most part, this ERM framework has been translated into an In Control Framework (ICF). This ICF consists of the risk categories Operational, Fraud, Business Continuity, Compliance/Privacy and Information Security. The risks and the corresponding risk management with regard to the financial statements (ICoFR; In Control over Financial Reporting) are also part of the overall ICF. We based the design of this framework on the COSO-ERM framework and the ISO 31000 standard. The risk management process is a permanent part of the annual standard business planning and control cycle.

Long-term uncertainties

Looking at the long term, there are both risks and opportunities that constitute uncertainties in delivering the long-term strategy. We update and report on the developments of these uncertainties once every quarter. These long-term uncertainties also serve as input for the selection of strategic initiatives, are part of the financial-strategic forecasts and are incorporated in the annual planning process. In this way, the long-term uncertainties are addressed as much as possible in the planning.

Short-term uncertainties

Risks and opportunities as well as the associated controls with regard to short-term uncertainties are identified. The short-term uncertainties and controls are linked to the business objectives and departmental objectives included in the departmental plans for 2021. We review and update these at least once a year. We report on developments in these risks and the effectiveness of the controls applied to the Board of Management via monthly business unit reviews. The departmental management periodically reviews by means of self-assessment whether the controls are effective, in connection with the 'Jointly in Control process'. We also define potential improvements and actions. Every quarter, we discuss the outcomes of these self-assessments with the operational management; twice a year, the management of each business unit reports to the Board of Management in a Letter of Representation. In that Letter, they report on risks, external reporting and integrity. These statements are one of the inputs that form the basis for the In-control statement of the Board of Management.

Risk tolerance

We have to incur a certain degree of risk in order to achieve our organisational objectives. Given the public and regulated nature of Stedin Group, the general risk tolerance tends predominantly toward risk aversion and avoidance. The extent to which we are prepared to be exposed to risks (the risk tolerance) differs for each risk category:

With regard to both risks and opportunities, Stedin Group is continually seeking a balance between its role in society, the available financial and other resources and the environment. In 2020, we focused more extensively on further mitigating the risks incurred. 

• Strategic – Neutral: Stedin Group is prepared to take moderate risks to achieve its mission, vision and strategic objectives.
• Operational – Avoiding: Stedin Group is risk averse in connection with risks concerning supply security. In this light, Stedin Group seeks a balance between supply security and social and other affordability.
• Financial – Avoiding: Stedin Group is a capital-intensive enterprise. In order to ensure that our service provision to customers remains both reliable and affordable, we aim for an A category rating from Standard & Poor’s. We do not accept any risks that may endanger that rating. The reliability of our financial reporting is one of the preconditions for retaining this rating.
• Compliance – Averse: we perform a regulated task in the energy world. We therefore seek to comply with all applicable laws and regulations.
• Safety – Averse: the electricity and gas infrastructure is potentially dangerous (and can pose a threat to lives). We have the lowest possible risk tolerance in connection with the safety of our employees and our environment.