To operationalize the risk governance model in EDP Group, all employees should be involved, from the General Supervisory Board and the Executive Board of Directors to the individual employee, within the scope of their responsibilities.
EDP Group is exposed to a set of risks inherent to its dimension as well as diversity of businesses and geographies in which it is present, thus the company recognizes risks as an inevitable and integrant component of its activity, both as a threat or as an opportunity.
Nevertheless, the maintenance of a low risk profile is, for the last years, one of the strategic pillars of EDP Group.
Risk governance model
EDP Group follows a risk governance model based on the concept of 3 lines of defence internal to the organization, which are complemented by an external fourth line of defence, external audit and regulation/ supervision.
For every line of defence there are clearly defined responsible bodies and forums for debate and decision, formally established to materialize each line of defence at corporate and Business Units levels, avoiding duplication of efforts and/ or the existence of gaps and promoting the cooperation and collaboration between different areas.
In addition, Risk Committees are held at corporate level and in key Business Units, gathering top management and relevant specialists for analysis, debate and advice on key risk exposures for the Group, respective limits and other mitigation actions.
Types of risk in EDP Group
The taxonomy of risks for the EDP Group combines in an integrated approach and in common language the various mapped risks existing in relation to the Group's several Business Units, structured around four major families: strategic, business, financial and operational.
Strategic risks typically embody disruptive events, with time horizons for materialization in medium-long term. Notwithstanding, EDP Group closely monitors and reports those risks, as it may have a significant impact in case of materialization.
Business risks aggregate all factors intrinsically related to the remuneration of the activities of energy production, transmission, distribution and commercialization in the several geographies where EDP operates. This category of risks may be disaggregated within two different types: energy market risks (e.g., electricity and other commodities prices, renewable generation volumes and demand), and regulatory risks, related with legislative and regulatory changes that EDP Group comply with, in the several geographies and markets where it operates.
Financial risks aggregate market risk factors complementary to energy business factors in the several geographies and markets where EDP Group acts, and other risks of financial nature. It may be discriminated into four different categories: financial variables risks (e.g., fluctuations of interest rates, exchange rates, inflation), credit and counterparty risks, liquidity/ solvability risks and risks related with social responsibilities.
Operational risks include risk factors, of internal or external source, related with the operational activity of EDP Group in the several geographies and markets where it acts. This nature of risks may be disaggregated in risks associated with the planning, construction and operation of physical infrastructures, processes execution, human resources, systems, and legal, compliance and ethical risks.
For more information, please consult the risk management sections of EDP Annual Report.
Process of risk management
Given the size of EDP Group and its geographical diversity, it is important to define a common process for all Business Units that recognizes and manages the heterogeneity of businesses and activities in which the Group operates. Accordingly, risk management in the EDP Group can be divided into five major integrated and structured phases (identification, analysis, evaluation, treatment and monitoring), complemented by a previous phase of establishment of context, and adequate levels of communication between all stakeholders: