Risk management
Managing risks and opportunities is essential to achieving our strategic objectives. The risks and opportunities are therefore an integral part of the annual planning cycle. This approach helps Stedin Group purposefully deal with uncertainties (risks and opportunities) in attaining its objectives.
Risk governance
Risk management is a joint responsibility of the Board of Management and the management team, supported by corporate services departments such as Corporate Risk Management, Safety, Health, Environment & Quality, Business Continuity Management, Security, Corporate Affairs, Compliance & Integrity and Treasury. The Asset Management department is in charge of drawing up proposals for investments, including replacement investments, based on a risk analysis according to the NTA 8120 (ISO 55000) standard. Operational asset risks are included in the investment plan. The topic of risk is discussed four times a year during the meetings of the Supervisory Board’s Audit Committee. Major deficiencies, significant changes or major improvements in the internal management and control system are addressed with the Board of Management and the Supervisory Board’s Audit Committee. Our website features a detailed description of our risk management governance.
Risk management process
Stedin Group’s Enterprise Risk Management (ERM) framework covers both long-term and short-term uncertainties. A large part of this framework has been translated into an In- Control Framework (ICF) consisting of the risk categories Tactical/Operational, Financial, Fraud, Business Continuity, Compliance/Privacy, Information Security and Financial Reporting. We based the design of this framework on the COSO framework and the ISO 31000 standard. The risk management process is an integral part of the standard business planning and control cycle. We also apply the Corporate Governance Code to our risk management.
Long-term uncertainties
We update both risks and opportunities that constitute uncertainties in relation to the long-term strategy and report on these uncertainties to the Strategy MT every quarter. We compare these uncertainties against our risk tolerance and use them as input for the selection of change programmes within Stedin. These long-term uncertainties are also part of the financial-strategic forecasts and are incorporated in the process for the annual plan. An explanation of our key risks and opportunities can be found below in the subsection ‘Key strategic opportunities and risks for Stedin Group in 2023'.
Short-term uncertainties
Short-term uncertainties, with a horizon of around one year, include operational risks such as power failures, fraud and reporting risks. Management maps and updates risks and control measures at least once a year through risk and control sessions. The departmental management teams periodically review whether the controls are effective and define potential improvements and actions. Twice a year, the management of each business unit reports to the Board of Management on integrity, strategy and goals, risks and control, external reporting and laws and regulations by means of an ‘In-control statement’. These statements serve as an important basis for the In-control statement of the Board of Management.
Risk tolerance
We have to accept a certain degree of risk in order to achieve our organisational objectives. In response to the new strategy, we have recalibrated our risk tolerance and adjusted the categories for which the risk tolerance is stated. As a result of this adjustment, the categories are now aligned with the internal control model. In recalibrating our risk tolerance, we have taken into account the changing environment in which we operate. The extent to which we are prepared to incur risks (the risk tolerance) differs for each risk category:
With regard to both risks and opportunities, Stedin Group is continually seeking a balance between its role in society, the available financial and other resources and the environment.
Safety: Averse
At a company like Stedin, safety always comes first. In relation to safety, we do not want any negligence by Stedin employees resulting in minor injuries (and lost time) or more serious consequences. For a description of accidents in 2023, see Safety & Cybersecurity.
Quality of services: Avoiding / Neutral
In relation to the quality of services, we do not want any risks resulting in a moderate degree of grid congestion or serious deterioration of the quality and efficiency of services.
Financial: Neutral
In relation to finances, we do not want any unexpected financial losses with a potential impact in excess of € 20 million.
Laws and regulations: Neutral
In relation to laws and regulations, we do not want any risks resulting in an order for incremental penalty payments, a category 5-6 fine, or criminal prosecution of a member of the Board of Management.
Customer and Image: Avoiding
In relation to Customer and Image, we do not want any risks risks resulting to a moderate extent in a negative image among customers, shareholders and other stakeholders.
Sustainability: Averse
In relation to sustainability, we do not want any risks resulting in a limited or higher increase of the environmental impact of our own operations.
Developments in 2023
The developments in society and the energy market have implications for the risks and developments in this respect that Stedin manages. As in 2022, geopolitical developments have led to increased risks that had an impact this year. In addition, the acceleration in the energy transition is a reality. The uncertainties associated with its impact lead to focus and adjustments. The continuous changes in external developments are to some extent outside Stedin’s sphere of influence, but can have a major impact on the organisation. This sometimes makes it more difficult to determine whether the organisation as a whole is ‘in control’. Mitigating measures therefore relate to matters within our sphere of influence and to monitoring as well as predicting external developments.
Key external developments in 2023:
Government contribution : The State has reinforced Stedin’s equity by joining as a shareholder, paying in € 500 million in exchange for an 11.9% stake. The risk of ‘Increasing pressure to maintain the ‘A’ category credit rating (at S&P) in the long term’ has thus diminished to the extent that it is no longer monitored as a long-term uncertainty.
Congestion : two key strategic risks that play a role here are ‘Insufficient grip on future customer demand’ and ‘Insufficient connection and transmission capacity’. We expect that in the coming years, there will continue to be risks associated with the alignment of customer demand to the available transmission capacity. These risks are described in detail in the explanations of the six main risks later in this section.
Voltage bottlenecks : Another important development in 2023 is the rapid increase in rooftop solar generation, as well as the rise in the number of heat pumps and use of electric cars, all of which increases the load on our low-voltage grids. The result is an increasing incidence of voltage bottlenecks. ‘Sharp rise in voltage bottlenecks in low-voltage grids’ has therefore been added as a new strategic risk.
Feasibility : Factors constraining the feasibility of our construction task include limited availability of materials, labour and space. Stedin, like other grid managers, has published its new investment plan . The plan sets out Stedin’s strategy and large-scale investments in expanding, maintaining and reinforcing the electricity and gas grid. These investments are essential to prepare for the energy system of the future. For further clarification of the risk relating to the realisation of sufficient connection and transmission capacity and how we have addressed this risk, see the description of the main risks later in this section. Geopolitical tensions are continuing to have an impact on our supply and materials markets. As a result, Stedin is experiencing an overall lack of certainty as regards the availability of components and materials. We have taken additional measures to secure the supply of strategic materials in particular. As we increased our strategic stocks in 2023, this risk dropped from ‘Top’ to ‘High’. Two other aspects posing risks that affect the feasibility of our construction task are labour shortages and limited availability of space underground and above-ground.
Other developments
ESG: We recalibrated our ESG strategy in 2023. The strategic risks have been linked to the resulting themes. As soon as ESG targets have been incorporated into the annual plans of the various business units, these targets will be in scope of the process described above for short-term uncertainties.
Infra contracts: Stedin has strengthened cooperation with contractors by entering into new infra contracts . Entering into new forms of contracts involves uncertainties (both opportunities and risks). To manage these uncertainties, the organisation has organised several risk workshops and regularly discusses them. The benefits and risks of this form of contract will become apparent in the coming year.
Other topics
Besides the aforementioned developments, there are developments in other risk-related topics that do not ultimately affect our key strategic opportunities or risks. For example, the climate changes that may affect the Stedin area in the long term. Climate is not currently considered to be one of the biggest strategic risks. This does not mean that these developments do not pose a risk to Stedin. For a description of climate-related risks and Stedin’s approach to these risks, see ‘Risks due to climate change’. For insights into our financial risks, see ‘Financial risk management’. Our financial reporting risks are discussed in more detail in ‘Judgements, estimates and assumptions’.
Key strategic opportunities and risks for Stedin Group in 2023
This section contains an overview of our key opportunities and risks, and a description of our top 5 strategic risks. We explain the strategic risk process in greater detail in the ‘Risk governance’ subsection at the start of this section.
Connection of risks to strategic spearheads and material topics
No. | Description | Category | Construction | Utilisation | Management | Preconditions | Double Materiality | Development compared with 2022 |
|---|---|---|---|---|---|---|---|---|
1 | Cyberattack causing damage to society and business operations | Quality of services | x | Access to energy and supply reliability | = | |||
2 | Insufficient connection and transmission capacity | Quality of services | x | x | Access to energy and supply reliability | = | ||
3 | Insufficient grip on future customer demand | Quality of services | x | x | Access to energy and supply reliability | + | ||
4 | Availability and quality of data insufficiently compliant | Laws and regulations | x | Access to energy and supply reliability | = | |||
5 | Gas investments difficult to plan | Financial | x | x | Access to energy and supply reliability | = | ||
6 | IT/OT landscape insufficiently prepared for the future | Quality of services | x | x | x | x | Access to energy and supply reliability | ↑ |
7 | High activity in outdoor space and underground | Quality of services | x | x | Access to energy and supply reliability | ↑ | ||
8 | Sharp rise in voltage bottlenecks in low-voltage grids | Customer & Image | x | x | x | Access to energy and supply reliability | + | |
9 | Increased likelihood of surge in replacement of obsolete assets | Financial | x | Access to energy and supply reliability | = | |||
10 | Lack of sufficient number of people with the required competences | Quality of services | x | Good employment practices | = | |||
11 | Availability of materials | Quality of services | x | x | x | Access to energy and supply reliability | ↓ | |
12 | Services on core tasks insufficiently compliant | Customer & Image | x | x | x | Customer and stakeholder perception | ↑ | |
13 | Network losses | Financial | x | Access to energy and supply security | ↓ | |||
14 | Impact of accidents related to Stedin Group | Safety | x | Good employment practices | = | |||
15 | Focus on cultural values and conduct insufficiently effective | Quality of services | x | Business ethics, integrity and good governance | = |
Connection of opportunities to strategic spearheads and material topics
No. | Description | Construction | Utilisation | Management | Preconditions | Double Materiality | Change compared to 2022 |
|---|---|---|---|---|---|---|---|
1 | Application of new energy carriers | x | Access to energy and supply reliability | = | |||
2 | Perform comprehensive assessment for allocating investments between electricity, gas or future energy sources | x | x | Access to energy and supply reliability | = | ||
3 | Develop and deploy disruptive technologies and methods | x | x | Access to energy and supply reliability | ↓ | ||
4 | Position Stedin as a highly relevant partner in the energy transition | x | x | x | Customer and stakeholder perception | = |
Developments in strategic risks and opportunities
In evaluating risks and opportunities, we compare the likelihood of their occurrence with their potential impact on the achievement of our three strategic spearheads. This comparison led to the risk matrix below for 2023.
Risks are always changing, due to the multitude of uncertainties involved. A number of strategic risks have been mentioned above in the section ‘Key external developments in 2023’. Compared with 2022, we see that thanks to the focus on construction, utilisation and management under our new strategy, we no longer need to consider some risks and opportunities as long-term uncertainties. This does not mean that they are no longer risks or opportunities for Stedin, but that they are monitored in a different way. This concerns the following risks: ‘Large-scale product recall’, ‘Environmental pollution of local environment’, ‘Uncertainty about implications of changing E&G laws and regulations (NL and/or EU)’ and ‘Excessive (own) environmental impact (footprint)’. The opportunities that are no longer considered to be long-term uncertainties are: ‘Entering into strategic supplier relationships’ and ‘Rates structure of the future’.
The fast-changing environment means that some opportunities have merged into risks. The opportunity to ‘Increase predictability of investments through improved prediction of customer demand’ is now the new risk ‘Insufficient grip on future customer demand’. The opportunity ‘Enable future-proof grid management by means of data-driven forecasts and decision-making’ is now the risk ‘Availability and quality of data insufficiently compliant’.
The matrix below shows the likelihood of the main opportunities and risks materialising and the potential impact of this on Stedin.
Risks
Below are descriptions of the top 5 strategic risks.
Cyberattack causing damage to society and business operations | |
|---|---|
Risk tolerance | Neutral |
Risk assessment | Top |
Description: As a result of its strategic position as well as its social and economic importance, the Stedin Group infrastructure is an attractive target for cyberattacks. This is why cybersecurity is of fundamental importance to the continuity of Stedin’s activities. The chance of a cyberattack is progressively increasing as a result of technological developments and the increasing dependency on digitalisation. A cyberattack can have major consequences for the services of Stedin Group and its stakeholders. This can endanger vital infrastructure and hence the stability of the energy grid. | |
Causes: well funded and organised, whether or not directly related to foreign powers, whose actions are inspired by political motives. actions are inspired by political, social or other activist motives. Driven by their ideological motives, they carry out targeted attacks on Stedin due to its social relevance. their actions are driven by economic motives. They use various means, including ransomware. Target personal data or attempt to set up fraudulent financial transactions. often able to access the internal network by virtue of their work. From this position, they can cause damage, intentionally or unintentionally. use a code published online to carry out unsophisticated attacks. Competition between hackers and their great personal interest in the topic of security play a key role. | |
Consequences: Discontinuity due to failures throughout or in parts of the infrastructure and loss of control over the supply of energy. Reduction in quality and efficiency of service provision and loss of control over own data and information systems. A cyberattack slows down the role Stedin fulfils in the energy transition. Loss of control over switchgear can lead to serious personal injury. Very high repair costs: consequential loss for Stedin Group and society. | |
How we have responded to this: As the manager of part of the critical infrastructure in the Netherlands and a designated Essential Service Provider under the Security of Network and Information Systems Act, we actively and continuously take into account a dynamic threat assessment. We proactively adjust our operations to evolving European and national legislation. It is important to comply with legislation, but ensuring the reliability of our services is paramount. To this end, we apply a certified risk-based approach according to the ISO27001 standard, deploying our resources where they will have the most impact. The strategy underlying this approach was recalibrated over the course of 2023. Based on this recalibration, we will be focusing on strengthening the information security organisation. This involves actively strengthening our digital security culture through an awareness programme and continuously investing in knowledge. Our technological solutions remain a core feature, with continued investment in advanced technologies to manage information security risks and protect our services from cyber threats. Cooperation with partners in both the public and private sectors is an important part of our information security strategy. This cooperation is not limited to the supply chain. Our strategy is not static and we are constantly adjusting to the changes in the world around us, both internally and externally. These adjustments are based on the principle of continuous improvement in order to remain proactive and resilient. | |
For more on this topic, see the section entitled ‘Preconditions - Safety & Cybersecurity’. | |
Insufficient connection and transmission capacity | |
|---|---|
Risk tolerance | Avoiding |
Risk assessment | Top |
Description: We plan the expansion of our electricity grids on the basis of customer demand forecasts. Timely reinforcement of our grids may not be possible if customer demand evolves much faster than expected or if execution takes much longer than planned. In that situation, we can offer our customers a connection, but not the necessary transmission capacity, and will be unable to meet the customers’ requirements. The customer will then have to modify, postpone or cancel the planned project. The achievement of climate targets is also delayed if congestion management is not possible to a sufficient degree. Once congestion management is possible, a number of customers can still be connected. However, congestion management also entails certain costs. | |
Causes: The unpredictability of customer demand and the magnitude of external developments are key drivers of this risk. The realisation of new infrastructure is a very time-consuming process. Planning permission procedures for spatial integration of the infrastructure take (much) more time than the project completion timelines of our customers. The feasibility of the energy transition is also a crucial factor for us. Space, people and materials are not always immediately available to a sufficient extent. | |
Consequences: Due to various reasons, including the steep rise in the number of requests for connections and the fact that space, materials and people are not always immediately available to a sufficient extent, large parts of the Netherlands have become congestion areas. The ultimate consequence is that we will not be able to meet customer demand, or at least not in time. This means that customers will have to modify, postpone or cancel their projects. In the end this may also block progress towards the climate targets, leading to reputational damage and potential claims by property developers and other parties. | |
How we have responded to this: In 2023, the decentralised and national grid managers translated the latest energy and climate policy insights and sectoral plans into scenarios for the purpose of investment plans (IPs). The scenarios have been coordinated with stakeholders, and the IPs along with the submitted opinions and responses thereto have been submitted to the Netherlands Authority for Consumers and Markets (ACM). The investment plans are important for expanding grid capacity and scaling up the organisation (personnel, materials, land, process innovation, etc.) to enable us to realise our construction task. However, space will remain scarce in the coming years and we will need in some cases need to apply congestion management. We work closely with governments and our stakeholders to identify developments and offer advice to local communities on what actions they can take. The sector is developing a platform that will provide stakeholders with transparency on waiting lists, congestion areas, investments, flexible propositions and grid availability. Based on the scenarios and current customer and grid insights, the need for flexible control power capacity has been identified. Stedin’s target for cumulative flexible capacity contracting (45 MW) was met in 2023. However, for the coming years, the need for flexible capacity is many times higher (the target for 2024 is 500 MW of flexible capacity) and Stedin is working on several flexible tenders in order to contract flexible capacity. As part of the National Action Programme for Grid Congestion, the sector is developing joint contract forms to offer flexible propositions to the market. In addition, Stedin has launched a programme that will enable us to scale up our congestion management processes. | |
For more on this topic, see the ‘Utilisation’ section. | |
Insufficient grip on future customer demand | |
|---|---|
Risk tolerance | Avoiding |
Risk assessment | Top |
Description: There is a risk that we do not have sufficient grip on the future development of customer demand, as a result of which we don’t have enough room to change the course of or influence decisions affecting grid capacity made by parties in our environment. | |
Causes: We have identified two main root causes of this risk:
| |
Consequences: If this risk materialises, the possible consequences are:
| |
How we have responded to this: Stedin is investing to maintain and improve its grip on future customer demand. Risk mitigation efforts include the further development of funnels and targeted surveying of customer intentions among heavy-use consumers. Stedin is also investing raising awareness among customers (such as through campaigns) that it’s advantageous to them to share their plans in relation to the future energy supply at an early stage. This includes the development of digital tools that allow customers to easily and personally provide their plans to Stedin. | |
For more on this topic, see the section entitled ‘Utilisation - Predicting and managing customer demand’. | |
Availability and quality of data insufficiently compliant | |
|---|---|
Risk tolerance | Neutral |
Risk assessment | Top |
Description: Although good data quality and timely data provision is obviously relevant for all types of data, this risk specifically centres on three categories: data about the load and quality of our grid, smart meter data and asset data. We are seeing an ever-increasing demand for data about the load and quality of our grid and smart meter data, both internally and externally. To optimally utilise our grid and support our investment forecasts, there is a growing need for data that allows us to gain an understanding of the current and future load and quality of our low-voltage and medium-voltage grids. We are also seeing a growing demand for data externally and for data from smart meters in particular. Energy suppliers, for instance, use this data to make more accurate estimates of the development of energy needs, allowing for better matching of supply and demand (see also ‘Performance in other areas - market facilitation’. Finally, accurate and timely data about our assets (e.g. about their location) is instrumental to our daily operations. If this data is not available in time or its quality is insufficient, the quality of our internal and external processes suffers. | |
Causes: The growing demand for data is putting more and more pressure on new and existing processes. If these processes are not sufficiently robust or adapted to the growing demand for data, we run the risk of data not being delivered in time or being of insufficient quality. | |
Consequences: Failure to provide timely or inaccurate data can hinder the acceleration of work on our construction task, can impede capacity management aimed at preventing and managing grid congestion and has a potentially negative impact on the adequate management of our grids. It can also slow down internal and external processes relating to aspects such as matching supply and demand and developing products that can eliminate or prevent congestion. | |
How we have responded to this: as our construction activities intensify, the amount of asset data going through our processes also increases. To cope with this volume, we are investing in new systems and tools that allow us to process the data in a timely, complete and accurate manner without giving rise to an excessive administrative burden. These systems all need to be as easy to use as possible, to allow operational staff to focus on their primary activities. maintaining and further improving our asset data is a continuous process that consists of both major improvement actions and small initiatives. The biggest initiatives are:
through Netbeheer Nederland, chief data officers (CDOs) from the various grid managers are increasingly working together on initiatives to meet the rising demand for data from local communities. A number of open data products were made available in 2023, including the National Electricity Grid Capacity Map, and cross-grid manager open and closed data requests are coordinated by the Data Sharing Management Team. A great deal of investment is also being made in increasing technical and semantic data interoperability and jointly improving data quality, integrity and security. | |
For more on this topic, see the Construction | |
Gas investments needed are underestimated | |
|---|---|
Risk tolerance | Neutral |
Risk assessment | Top |
Description: There is still a great deal of uncertainty regarding the actual design of the future energy system; more specifically, there is still a lot of uncertainty about the role that heat grids and/or renewable gases, in addition to electrification, will play in the new energy system. It is clear that the Netherlands is moving away from natural gas. At the same time, our current gas grid can play a major role in the transmission of renewable gases. Our current investment forecasts take into account a possible future role for our gas grid in renewable gas transmission, for example by continuing to invest in maintaining our gas grid. At the same time, given the uncertainty, our forecasts do not yet make allowance for significant investment to make our grid ready for a specific renewable gas, such as hydrogen. Consequently, it is possible that investments in the gas grid are underestimated in our current forecasts. | |
Causes: Continuing uncertainty about the exact design of the new energy system and the role of heat grids and/or renewable gases in this new system. | |
Consequences: Higher investments than estimated in our current investment forecasts. | |
How we have responded to this: In our current investment forecasts, we remain committed to maintaining the high quality of our gas grids. We only apply a minimal deduction for the decline we are seeing in (natural) gas transmission and use. In our latest forecasts, we also take into account the latest available insights, for example regarding the growth of available green gas. In this way, we limit the risk of underestimating investments. We also actively facilitate the dialogue regarding the future design of the energy system. One of the ways we do this is by providing insight into the dilemmas and uncertainties through the publication of the comprehensive exploratory study of the energy system: ‘The energy system of the future: the II3050 scenarios’. This study, drawn up in the context of Netbeheer Nederland, supports policymakers in decision-making and provides a basis for a joint conversation on how we can work towards a climate-neutral 2050. This in turn helps us incorporate the latest insights into our investment forecasts. | |
For more on this topic, see the ‘Construction’ section. | |
