Enel Group
Index Index

Risk management

The Enel Group risk governance model

In performing its industrial and commercial activities, the Enel Group is exposed to risks that could impact its performance and financial position if not effectively monitored, managed and mitigated.

In this regard, in line with the architecture of Enel’s internal control and risk management system (ICRMS), the Group has also adopted a risk governance model based on a number of “pillars” described below, as well as a uniform taxonomy of risks (the “risk catalogue”) that facilitates their management and organic representation.

The “pillars” of risk governance

Enel has adopted a reference framework for risk governance that is implemented in the real world through the establishment of specific management, monitoring, control and reporting controls for each of the risk categories identified. 

The Group’s risk governance model is in line with the best national and international risk management practices and is based on the following pillars:

The "pillars" of risk governance
I “pilastri” della risk governance
  • Lines of defense. The Group’s arrangements are structured along three lines of defense for risk management, monitoring and control activities, in compliance with the principle of segregating roles in the main areas in respect of significant risks.
  • Group Risk Committee. This body, set up at management level and chaired by the Chief Executive Officer, is responsible for strategic guidance and risk management supervision through:
    • analysis of the main exposures and the main risk issues faced by the Group;
    • adoption of specific risk policies applicable to Group companies, in order to identify roles and responsibilities in risk management, monitoring and control processes, in compliance with the principle of organizational separation between the units responsible for operations and those responsible for monitoring and controlling risks;
    • approval of specific operating limits, authorizing, where necessary and appropriate, exceptions to these limits for specific circumstances or needs;
    • definition of risk response strategies.

The Group Risk Committee generally meets four times a year and can also be convened, where deemed necessary, by the Chief Executive Officer and the head of the “Risk Control” unit, which forms part of the “Administration, Finance and Control” Function.

  • Integrated and widespread system of local risk committees. The presence of specific local risk committees, organized in accordance with the main global business lines and geographical areas of Group operations and chaired by their respective top managers, provides adequate oversight of the most characteristic risks at the local level. The coordination of these committees with the Group Risk Committee facilitates appropriate agreement with Group top management of the information and mitigation strategies for the most significant exposures, as well as local implementation of the guidelines and strategies defined at Group level.
  • Risk Appetite Framework (RAF). The Risk Appetite Framework constitutes the reference framework for determining risk appetite and is an integrated and formalized system of elements that enable the definition and application of a single approach to the management, measurement and control of each risk. The RAF is summarized in the Risk Appetite Statement, a document that summarily describes the risk strategies identified and the indicators and/or limits applicable to each risk.
  • Risk policies. The allocation of responsibilities, coordination mechanisms and the main control activities are represented in specific policies and organizational documents defined in accordance with specific approval procedures involving the corporate structures directly involved.
  • Reporting. Specific and regular information flows on risk exposures and metrics, broken down at Group level and by individual global business line or geographical area, allow Enel’s top management and corporate bodies to have an integrated view of the Group’s main risk exposures, both current and prospective.
  • Risk Landscape Enel Group©. Acting on the basis of its risk governance arrangements and on the international risk management standard ISO 31000:2018, the Group constantly monitors risks using a process supported by a data visualization tool (e-Risk Landscape©). This system collects and organizes information coming from the different geographical areas and business lines of the Group, categorizing them in accordance with the definition in the Group’s risk catalogue. The monitoring and control process involves the assignment of metrics based on the risk events’ probability of occurrence (likelihood) and the scale of potential economic-financial impact, providing the Group’s top management with a dynamically updated view of the Group’s risk profile and the associated management and mitigation actions. These dimensions, modulated through representative grids, provide an indication of the level of individual risks.

At December 31, 2023, the Enel Group monitored a set of about 300 risks, 11 of which were identified as Top Risks (with an above average likelihood and significant potential financial impacts), mainly identified as regulatory and legal/ tax risks and/or uncertainties.

Il Risk Landscape Enel Group©
Enel Group Risk Landscape

The Enel Group Risk Landscape© enables the selection and visualization of medium-to-high risks (i.e. excluding highly unlikely and/or low impact events). It is also possible to make a multidirectional selection:

  • by category;
  • by country/legal entity;
  • by business line.
Il Risk Landscape Enel Group©

With regard to the Top Risks identified and examined for the Plan period, we find the greater concentration of strategic risks, in particular legislative-regulatory risks (5) in Italy (3) and Spain (2), deriving from exposures to rate revisions, the renewal of concessions and recognition in profitability parameters. As regards the section linked to compliance risks (6), we find a concentration mainly linked to tax risks in Brazil (4) and Italy (1) and legal risks in the United States (1).

Top Risks identified
Il Risk Landscape Enel Group© - Top Risk

The following graphic offers an example of the variability of the main risk clusters in terms of both probability and potential impact in the Top Risk categories. These ranges of variation are representative of the timeline with which the individual risk driver is examined (for example, for a possible evolution of the regulatory framework and ongoing mitigation actions) and the heterogeneity of the type of risks belonging to the same cluster.

Example of the variability of the main risk clusters
Variabilità dei principali cluster di rischio

The Group risk catalogue

Enel has adopted a risk catalogue that represents a point of reference at the Group level and for all corporate units involved in risk management and monitoring processes. The adoption of a common language facilitates the mapping and comprehensive representation of risks within the Group, thus facilitating the identification of the main types of risk that impact Group processes and the roles of the organizational units involved in their management.

The risk catalogue groups the types of risk into macro-categories, which include, as shown below, strategic, financial and operational risks, (non)-compliance risks, risks related to governance and culture as well as digital technology.

Risk catalogue
Il catalogo dei rischi
risk management

Risk management

Which renewable energies are leading the energy transformation?
Go back to the main view