Edison developed an integrated risk management model based on the international principles of Enterprise Risk Management (ERM), the COSO framework (sponsored by the Committee of Sponsoring Organizations of the Treadway Commission) specifically.
The main purpose of ERM is:
- to make the Management aware of the main risks profile and their evolution;
- to connect risk management activities, decisional procedures and company’s strategy;
- to assure risk management activities effectively coexist with company’s processes.
In pursuit of this objective, Edison adopted a Corporate Risk Model and a risk mapping and risk scoring method that assigns a relevance index to risks based on an assessment of their overall impact, probability of occurrence and level of control. The Corporate Risk Model, which was developed based on best industry and international practices, covers within an integrated framework the types of risks that are inherent in the businesses in which the Group operates and makes a distinction between risks related to the external environment and internal process and strategic risks.
The Enterprise Risk Management process is carried out concurrently with the development of the Budget and Strategic Plan by means of a Risk Self-Assessment process, the results of which are presented on predetermined dates at meetings of the Control and Risk Committee and the Board of Directors and are used by the Internal Auditing Department as a source of information to prepare special risk-based audit plans. Working with the support of the Risk Office, the managers of the Company’s business units and departments use a Risk Self-Assessment process to identify and assess the risks that affect the areas under their jurisdiction and provide an initial indication of the mitigating actions they have taken.
The results of this process are then consolidated at the central level in a mapping system in which risks are prioritized based on the resulting scores and aggregated to facilitate the coordination of mitigations plans with the aim of managing risks on an integrated basis.
Regular updates are performed during the year to monitor the implementation of the identified mitigating actions and assess their potential impact.