Enagás has established a risk management and control model aimed at ensuring the achievement of the objectives of the company in a predictable manner and with a medium-low profile for all of its risks. The model allows Enagás to adapt to the complexity of its business operations amid a globally competitive and economically complex environment, where risks materialise more quickly and with increasingly evident knock-on effects. The model is based on the following aspects:
- The consideration of some standard types of risk that the company is subject to:
- Strategic and Business.
- Operational and Technological.
- Financial and Tax-related.
- Credit and Counter party
- Criminal Liability.
- Compliance and Model.
- The segregation and independence of the functions of risk control and management at the company, on three lines of “defence”:
- On the one hand, the business units that are responsible for the risks they take on when conducting their ordinary business activities, and are therefore responsible for identifying and measuring them.
- Moreover, there is a risk control and management area responsible for:
- Ensuring that the risk control and management system functions properly.
- Active participation in the development of the risk strategy and definitions of impacts on their management.
- Ensuring that the control and management systems adequately mitigate risks.
- Lastly the internal audit function, is in charge of supervising the efficiency of the risk controls in place.
- The existence of certain Governing Bodies with responsibilities in the process of risk control and management in the company:
- The Board of Directors is responsible for approving the risk control and management policy. Other responsibilities with respect to risks are delegated in the Audit and Compliance Committee.
- The Audit and Compliance Committee mainly supervises the efficiency of the risk systems and evaluates the risks to the company (identification, measurement and establishment of measures for their management).
- The Risks Committee establishes the overall strategy for risks, the limits of global risk for the company, and reviews the level of exposure to risk and the corrective actions, should there be any non-compliance.
- Establishing a context of appetite for risk, a level of risk that is considered acceptable, and that is consistent with the established business goals and the market context in which the company is developing its activities.
- The transparency of information supplied to third parties, to guarantee its reliability and accuracy.
The integral analysis and periodic monitoring of all risk permit the appropriate control and management thereof, an understanding of the relationships between them and facilitates their joint assessment. This is accomplished by taking into account the differences of each type of risk in terms of its nature, handling capacity, risk measurement tools, etc.
The existing model is completed by the carrying out of specific risk analyses that facilitate the decision-making process based on risk-profitability criteria in those strategic Enagás Group initiatives, new businesses or initiatives of special relevance from the risk standpoint. There is a risk function that performs this analysis independently, transversally (covering all risk types) and homogeneously (with similar operations and measuring overall risks).
Comprehensive analysis and periodic monitoring of all risks enable their appropriate control and management
|Type of risk||Risk description||Level of risk||Control and Management Measures|
|Strategic and business risks|
|Regulatory risk||The activities carried out by the Enagás Group are notably affected by the current remuneration framework. Any change in regulatory frameworks or compensation parameters could affect the revenues of business activities.||Acceptable|| |
|Commercial risk and demand|| ||Acceptable|| |
|Risk in the development of infrastructures|| ||Acceptable|| |
|Legal risk||The results of the company may be affected by the uncertainties related with the different interpretation of contracts, laws or regulations which the company and third parties may have, as well as the results of any law suits undertaken.||Acceptable|| |
|Operational and technological risks|
|Industrial risks in infrastructure operation||In the operation of the infrastructure for transmission, regasification plants and underground storage facilities, accidents, damage or incidents involving loss of value or lost profits may occur.||Manageable|| |
|Cybersecurity||Damage to corporate and industrial systems as a result of deliberate attacks by third parties.||Manageable|| |
|Financial and fiscal risks|
|Interest rate, exchange rate and liquidity||Volatility of interest and exchange rates, as well as movements in other financial variables that could negatively affect the company’s liquidity.||Acceptable|| |
|Tax risks||Possible changes to tax legislation that could affect the company's results.||Acceptable|| |
|Credit and counterparty risks|
|Credit and counterparty||Possible losses due to third parties failing to pay the Enagás group.||Not applicable|| |
|Direct reputational risks||Possible deterioration of the perception or image of the Enagás Group from the different interest groups.||Manageable|| |
Additionally, the Enagás Group has started a direct contact process (prior to international arbitration) with the Peruvian State for the recovery of the investment in the Gasoducto Sur Peruano project due to interpretative differences in the concession contract.Additional information on the risks arising from climate change is included in the chapter 'Climate Change and Energy Efficiency'.