Internal Control and Risk Management System
Edison's Internal Control and Risk Management System consists of a structured and organic set of rules, procedures and organisational structures with the aim of enabling proper business management consistent with the Company's objectives and the pursuit of Sustainable Success. This system is based on an appropriate process for identifying, measuring, managing and monitoring the main risks, and is integrated into Edison's organisational, administrative and accounting structure and, more generally, corporate governance. It also takes as its reference the indications of the Corporate Governance Code, as well as national and international models and best practices (COSO ERM Framework). The Internal Control and Risk Management System pervades the entire Company and involves different subjects to whom specific roles and responsibilities are assigned.
Main actors involved
- Board of Directors: defines the guidelines of the internal control system, which are formally integrated with the risk management guidelines. It analytically examines the analyses conducted, and the results achieved, concerning the monitoring and management of risks.
- Control, Risk and Sustainability Committee: assists and supports, in an advisory and propositional capacity, the Board of Directors in evaluations and decisions concerning the Internal Control and Risk Management System and periodic financial reports. It monitors the adequacy, effectiveness, efficiency and autonomy of the Internal Audit function and supervises ESG issues.
- Enterprise Risk Committee: provides support to the CEO in assessing the effectiveness of the company's risk management process and in verifying compliance with risk management and control policies, as well as in monitoring the Group's overall exposure to risk.
The heads of each Business Unit, Department and Division are responsible for designing, managing and monitoring the effective functioning of the Internal Control System within their sphere of responsibility, as defined by the Board of Directors with the guidelines and directives received to implement these guidelines. All employees, each according to their respective roles, contribute to ensuring the effective functioning of the Internal Control and Risk Management System.
Risk Management
With regard to risk management, Edison has developed an integrated corporate risk management model that is inspired by the international principles of Enterprise Risk Management (ERM), in particular the Committee of Sponsoring Organisation (COSO) methodological framework, the main purpose of which is to adopt a systematic approach to the identification of the company's priority risks, in order to assess their potential negative effects in advance and take appropriate action to mitigate them and seize any opportunities.
The approach is based on the bottom-up identification of risk and opportunity events that may impact both short- to medium-term objectives and long-term industrial and strategic targets.
In 2023 and then later in 2024, the integration of sustainability issues within the Enterprise Risk Management Framework was expanded, in line with the Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS), which provides for the dual materiality assessment of Impacts, Risks and Opportunities.
The Corporate Risk Model, developed on the basis of industry and international best practices, encompasses in an integrated framework the different types of risks that characterise the business in which the Group operates, distinguishing between risks related to the external environment and internal process and strategic risks.
The risk mapping and risk scoring methodology adopted assigns a relevance index to the risk according to the assessment of impact, also through financial quantification, probability of occurrence and level of control.
In particular, with the coordination and support of the Risk Office, the managers of the various corporate areas identify and assess the risks they are responsible for, also with the help of the Sustainability Division with respect to the reference ESG profile, through a Risk Self Assessment process, also providing information on the activities, mitigation plans and related actions to be carried out in the short, medium and long term to mitigate the effects of each identified risk, including ESG risks.
The results of the ERM and the Risk Self Assessment process are communicated to the Control, Risk and Sustainability Committee and the Board of Directors at set intervals, and are used by the Internal Audit, Privacy & Ethics Department as information elements aimed at preparing specific risk-based audit plans.
The updated risk mapping is submitted to the Board of Directors at the meeting in which it approves the budget for the following year; the Board, on the basis of this analysis, then defines the nature and level of risk compatible with the strategic objectives of the Company and the Group, including in its evaluations also those elements that may be relevant in view of their sustainability in the medium-long term.
Quarterly updates of the Edison Group's risk mapping and risk exposure are submitted to the Enterprise Risk Committee, the Risk Control and Sustainability Committee, and semi-annually to the Board of Directors.
During the year, the Risk Office presents the updated annual risk mapping to those involved in the Risk Self-Assessment process and organises training meetings on the Enterprise Risk Management process.
In addition, the Edison Group manages, through dedicated policies, exposures to:
- Commodity Price Risk: the Edison Group is exposed to the risk of fluctuations in the prices of all traded energy commodities. The objectives and guidelines of the risk management policy are aimed at minimising the uncertainties connected with the volatility of the energy markets, reducing the variation in the Group's economic-financial results for subsequent years as a result of the volatility of energy commodity prices, and stabilising the cash flows generated by the physical and contractual assets included in the Group's portfolio in order to ensure the achievement of long-term strategic objectives and the protection of the value of the assets in the portfolio.
- Exchange Rate Risk: The Group's operations in currencies other than the euro expose the Company to changes in exchange rates and require it to manage currency procurement policies as a strategic factor. The Company adopts a management model functional to hedging the various manifestations of exchange rate risk within Edison, with the main objective of contributing to the achievement of the Edison Group's financial commitments.
- Credit risk: the activities carried out by the Edison Group in the various businesses in which it operates, by their very nature, expose the company to credit risk. Credit risk is defined as the risk of a loss or decrease in the value of a credit position due to the possibility that the counterparty may fail to fulfil its contractual obligations in the manner and/or on time or suffer a significant deterioration in creditworthiness. In order for value creation to be sustainable over the long term, the Edison Group has adopted strategies, governance tools and policies aimed at managing and controlling credit risk, with the main objective of ensuring that exposure to this risk does not compromise the Group's financial and development objectives.
Dual materiality analysis: ESG risks and opportunities
The Corporate Sustainability Reporting Directive (CSRD) and the European Sustainability Reporting Standards (ESRS) provide for the dual materiality assessment of Impacts, Risks and Opportunities (IRO) on sustainability issues.
The identification of IRO is based on a dual materiality analysis process consistent with the EFRAG guidelines, which envisage: analysis of the external context, analysis of the internal context also with the contribution of Top Management.
The dual materiality analysis asks companies to define which IROs are ‘material’, from a dual perspective: ‘impact materiality’ - inside-out and ‘financial materiality’ - outside-in. An ESG issue is impact material when it concerns the actual or potential, positive or negative, impacts of the company on people and the environment, in the short, medium or long term. An ESG issue is financially relevant if it generates risks and/or opportunities that could affect the company's economic-financial situation in the short, medium or long term.
The impact analysis is conducted by the Sustainability Division through an assessment process involving all stakeholders, consistent with specific EFRAG guidelines and best international standards.
The financial materiality analysis is integrated into the Group's risk mapping, through the Entrerprise Risk Management process risks and opportunities identified among the IROs are collected and assessed.
The process enables the Group to effectively monitor and manage ESG risks within the enterprise risk universe, integrate sustainability into strategies and transparently and comprehensively communicate ESG information to stakeholders.
For several years, ERM analysis has included the impact of short- and medium-term climate change, assessing physical and transition risks to 2030. Edison has also integrated the ERM process by developing a Plan that assesses climate change resilience to 2050.