Enterprise Risk Management

 

Acea envisages specific procedures for managing the categories of risk peculiar to its Business Model or identified as relevant from a strategic perspective.

Detail of a man's hands leafing through a stack of documents while sitting at a desk Detail of a man's hands leafing through a stack of documents while sitting at a desk

As an integral part of its Internal Control and Risk Management System, Acea has set up an Enterprise Risk Management (ERM) framework, with a view to integrating the risk management process on an ongoing basis.

 

The Enterprise Risk Management (ERM) Framework comprises a combination of culture, governance, processes and methodologies that allow identification, assessment and integrated management of the main risks pertaining to the entire organisation, thereby bringing the company’s overall exposure into line with the Business Plan and Sustainability objectives.


The ERM Framework, which aims to enhance the integrated vision of risks and their proactive management, is divided into a series of “fundamental elements”, characterised by reciprocal coherence and synergy, as briefly described below.

 

Risk Appetite Framework

 

The Risk Appetite Framework (RAF) is the strategic and management policy tool used by the Acea Group to define its risk appetite and establish the acceptable risk level in pursuing strategic goals. In fact, by way of the “RAF” it is possible to clarify, from a medium-long term perspective, the degree of uncertainty tolerated by the company when balancing risk and reward, ensuring consistency between the guidelines approved by the Board of Directors and management decisions. It is applied in reference to all the strategically relevant initiatives implemented by the Group during the year.

 

@Risk Budget and Plan 

 

The @Risk analysis, which is complementary to the activity performed by the corporate functions responsible for preparing the Budget and Strategic Plan, enables integration of the risk prospective as part of these processes. The methodology, based on a risk-informed approach, allows consolidation of the assumptions on which the business strategy is based by quantifying and modelling specific risk scenarios via Monte Carlo simulations. The purpose of these simulations is to evaluate the budget and business plan risk profile and verify the coherence of the same with the RAF via the potential variability of the indicators defined therein. The findings of the said analyses offer a perspective view of the possible evolving scenarios, supporting the decisional process and the definition of the Group’s management strategies.

@Risk extraordinary operations

 

The @Risk analysis process pertaining to extraordinary operations expands the application of the ERM methodology to include specific initiatives that are relevant to the Group from a strategic viewpoint, by integrating risk assessment into the analysis, project evaluation and decisional phases. This approach allows identification of the main criticalities and uncertainties with short, medium and long-term impacts.

The Risk Models

To facilitate the functioning of all components comprising the entire ERM Framework process, Acea has adopted a standardised risk taxonomy (so-called Risk Model), which reflects the array of risk categories to which Acea is potentially exposed. This model was developed following an in-depth analysis of both the socio-economic and business context in which the company operates and the objectives defined in the Business and Sustainability Plan.

The Risk Model’s logic of representation

 

Various risk type aggregation levels, with increasing granularity, based on the following elements:

 

Risk driver: provides an indication regarding the risk source characteristics (external, internal or associated with the company’s guideline activities).

 

Risk category: this groups together the risks ascribable to a specific operating procedure or corporate activity, having as common characteristic the same risk origin.

 

Risk type: this concerns the aggregation of risk scenarios, of a similar nature, based on a logic of prevalence that allows the risk event to be catalogued.

Synthetic representation of the Acea risk model

Synthetic representation of the Acea risk model

ERM Risk Assessment

The ERM Risk Assessment process reflects the operating procedure used by Acea to guarantee a structured and ongoing evaluation of its risk profile, ensuring an up-to-date and shared knowledge of the factors that may affect the attainment of business objectives.

 

The main phases of the ERM Risk Assessment process

The purpose of ERM Risk Assessment is to:


• represent the nature and significance (probability and quantitative and/or qualitative impact) of the main risks, with implications also in terms of sustainability issues, liable to compromise the achievement of strategic and business goals;


• direct the response strategies and the consequent additional mitigation actions.

The methodologies and tools used to identify the risks and ascertain their seriousness are developed with increasing attention to ESG aspects. During the risk assessment process, which is carried out on at least an annual basis, the “risk owners” identify the risk scenarios and assign to the same the related applicable ESRS.

For further informations

 

For further information on all the risks and uncertainties to which Acea companies are exposed, please read our 2025 Consolidated Financial Statement.

For further information on our central monitoring stations for particular risk categories, please read our  2025 Report on corporate governance and ownership structures