Management of non-financial risks

The ENEA Group regularly identifies enterprise risks, including non-financial risks related to its operations and manages them accordingly, making sure that the organization is well-prepared for the potential consequences should they materialize. In the coming years, it intends to pay special attention to risks related to climate change.

The enterprise risk management (ERM) system, which covers the key companies, is coordinated by the Group Risk Management Department, which is a unit within the ENEA S.A. structure consisting of the teams responsible for financial risk and management of business risk, business continuity and insurance. The companies covered by the system have units within their structures that are in charge of this area and cooperate with the Group Risk Management Department.

The aforementioned system is augmented by the Group’s business continuity management system. Within its confines, the Group’s key companies identify critical processes and resources necessary for their deployment and roll out mechanisms and procedures to ensure the continuity of operation of these processes in emergency situations. Risks whose materialization might pose a threat to the continuity of critical processes are identified and managed within the enterprise risk management system.

Risk management at the ENEA Group is governed by the respective policies, procedures and methodologies. The overriding document governing the whole risk management area is the ENEA Group Enterprise Risk Management Policy.

The reliability of the enterprise risk management is ensured by observing the guidelines defined in the policies, procedures and methodologies governing the management of specific risk areas, in particular:

• ongoing identification and assessment of risks at the level of the Group’s key companies,
• monitoring of and reporting on existing risks,
• operational management of distinct risks by individual companies within the assigned limits (in terms of financial risks), in line with the terms laid down in the documents approved by the ENEA Group Risk Committee.

The cyclical assessment of enterprise risks is carried out in accordance with the requirements of the ENEA Group Enterprise Risk Management Methodology by risk owners in consultation with risk managers. It involves updating the assessment of the likelihood of risk materialization and the potential implications in the financial and reputational dimensions, in terms of health and safety impact, as well as environmental impact.

The estimation of the likelihood of risk materialization and the assessment of potential implications enable the classification of risks as critical, key, medium and low. Risk owners define mitigating actions aimed at reducing the likelihood of their occurrence and of the effects of risk materialization, and response plans in the event of risk materialization.

All identified and assessed risks related to the operations of the respective Group company are entered in the so-called Risk Register. Members of the companies’ management boards are notified of new and archived risks, material changes in risks and potential operational events related to the identified risks. Moreover, these management boards and the ENEA S.A. Management Board receive periodic reports on the status of enterprise risks.

Regardless of the periodic risk assessment, monitoring and reporting, the following measures were taken in the enterprise risk management area in 2022:

• risk owners verified and identified risks in the context of the geopolitical situation caused by Russia’s military invasion on Ukraine and in connection with the sanctions imposed on Russia,
• the ENEA Group Enterprise Risk Management Policy and the ENEA Group Enterprise Risk Management Methodology were updated,
• the enterprise risk management process was audited as part of the periodic assessment of the internal control system at ENEA S.A.

The key authority in the risk management process at the ENEA Group is the Risk Committee. The Committee is a permanent internal team within the ENEA Group established to support the ENEA S.A. Management Board in:

• managing enterprise risk in the ENEA Group;
• managing business continuity in the ENEA Group;
• managing the Compliance area in the ENEA Group;
• managing insurance policy in the ENEA Group.

1. Giving recommendations to the ENEA S.A. Management Board on approving the policies governing the process of managing risks, business continuity, insurances, and Compliance as well as on any relevant updates.
2. Accepting and analyzing information in the area of risk management, business continuity and insurance received from substantive units.
3. Issuing opinions and accepting reports on the implementation of the Compliance Policy and issuing binding interpretation (construction) of the provisions of the Compliance Policy.
4. Approving the operating documentation governing the process of managing risks, insurances, and business continuity with approval of any relevant updates (strategies, procedures, methodologies, tools, instructions, guidelines, etc.).

The Risk Committee is comprised of permanent members who participate in each Committee meeting (they are dedicated Management Board Members and the heads of the ENEA S.A. departments) and supplementary members (Management Board Members of Subsidiaries) representing the key Companies in the ENEA Group in matters relating to these companies.