Risk management

Risk management at Gasunie is focused on managing our business operations and the factors that affect the feasibility of our strategy and objectives. As an integral part of our activities and strategy formation, active risk management helps us achieve our goals and demonstrates that we act carefully and within the law.

In our current activities, risk management supports the organisation in mitigating the controllable operational, reporting and compliance risks to an acceptable level. In determining strategy and making decisions, we always strive for an optimum balance between risk and reward. Our risk appetite serves as a guideline in this.

Risk framework: policy and control

Risk management is a continuous process that is performed at all levels of the organisation. Our employees act on the basis of our core values and risk awareness, and form the basis of risk management at Gasunie in that sense.

The Executive Board is responsible for risk management within our company, and is accountable to the Supervisory Board for that. It is supported by the Corporate Risk Management department. At corporate and business unit level, we mainly identify and control the strategic and external risks and opportunities. Within the operational work processes and the projects, the focus is mainly on operational, reporting and compliance risks.

We use the Three Lines of Defence (3LoD) model. The first line is formed by our business/line management: this is primarily responsible for implementing the strategy and the activities and therefore also for the use of risk management. The second line consists of corporate departments, including Risk Management, Control and Safety, whose task it is to advise, challenge and sometimes also test the operating activities in the (business) units. An ‘Expert Committee’ is deployed to advise the Executive Board specifically for large or strategic projects. The third line is formed by the Operational Audit department, which carries out operational audits to assess the set-up and functioning of the risk management system and control and reports on this to the Chair of the Executive Board and the Audit Committee of the Supervisory Board.

The (business) units give accountability reports to the Executive Board using the Document of Representation (DoR). In doing so, they provide formal feedback on the fact that the business controls have been carried out in accordance with the internal requirements for management control and the Code of Conduct. This is also an extra opportunity to share ideas with the Executive Board on current dilemmas.

The Supervisory Board discusses management control with the members of the Executive Board on a regular basis. Developments regarding the objectives, strategy and policy, as well as the most important risks for the company and the outcomes of operational audits, are also addressed.

Gasunie’s risk management model

In order to reflect on and discuss risks in a structured and recognisable way, it is important to use a practical classification of our risks. We have set up the COSO Enterprise Risk Model we use in such a way that it facilitates our thinking and above all our actions as well as possible. We distinguish between strategic, external and avoidable risks.

Strategic risks involve making choices with a good balance between risk and reward. Our risk appetite in this regard differs per strategic pillar. External risks have no risk-reward relationship and can hardly be prevented, if at all. The focus is on being prepared for the impact of these risks. The COSO risk categories ‘operational, reporting, compliance’ involve risks the manifestation of which can be prevented with a good control structure (hence: avoidable risks). By applying the ALARA principle (As Low As Reasonably Achievable), we seek a balance in risk control which is appropriate to our risk appetite in combination with cost efficiency.

The table below summarises our risk appetite in the three strategic pillars. For a summary of our main current risks, see the chapter Our risk profile.

Control model Risk acceptance and explanation

External risks:

Be prepared.





  • Strategy

The likelihood that an external risk will manifest cannot be avoided or can hardly be avoided; control mainly focuses on limiting the impact.

  • Strategic pillar I: Low. In the regulated domain in our home markets, we are always very aware of our social role and position. We do not want to fall short here, not even in challenging circumstances. The dynamics of the social discussions on the future energy supply and curtailment of Groningen production mean that we cannot be prepared for all eventualities. Stable regulation that does justice to efficient costs is very important to us.
  • Strategic pillar II: Low. In Pillar II as well, we are alert to situations in which our social responsibility plays a role. We prevent external risks in this pillar from having a negative financial effect on our home markets.
  • Strategic pillar III: Neutral. In Pillar III, we accept that we operate in a rapidly changing environment. This can be seen from the social pressure and political discussions in which a range of opinions can be heard. We continue to adhere to our strategy within this environment.

Strategic risks:

Find risk/reward balance





  • Strategy

In pursuing our strategic objectives, a balance is sought between the expected risks and revenues (risk and reward).

  • Strategic pillar I: Very low. The limited margins in the regulated domain call for a low to very low risk appetite; strategic choices are weighed against the guaranteed revenues.
  • Strategic pillar II: Low. In the activities in our core area (the Netherlands and Germany), our risk acceptance is largely determined by our focus on the public interest, in addition to a thorough financial-economic consideration, of course. Outside our core area, there is a more pronounced focus on the balance between risk and reward.
  • Strategic pillar III: neutral. For Pillar III, it is very important for our strategy to be actively rolled out (very low acceptance of risk of stagnation). The projects call for a more enterprising attitude, even if legislation is still being developed. In very innovative environments, more risk is accepted than in the large-scale application of existing methods.
Risks for the three pillars cannot be seen as entirely unrelated to each other. Particularly in the case of risk accumulation, our risk acceptance is low.

Avoidable risks:

Manage on the basis of the ALARA principle





  • Operational
  • Reporting
  • Compliance

We do not tolerate unsafe situations in any of our activities. Risks that endanger the safety of our surroundings or Gasunie’s employees or contractors, or which could harm the environment, are tightly controlled and avoided as much as possible.

We adhere to the law and our Code of Conduct. Where dilemmas arise in our operating activities, we deal with these transparently. We stand for integrity in our conduct in our internal organisation and outside of it and are vigilant about preventing fraud.

For access to the financial markets, it is essential that our financial systems and reports are reliable.

  • Strategic pillar I: Very low to nil. In our regulated activities, the focus is on our ‘licence to operate’. An extraordinarily good performance in relation to safety and transport security is achieved by means of our strong control environment. We are also demonstrably efficient and concern for the environment and compliance with the law go without saying.
  • Strategic pillar II: Very low. A high degree of control is just as important for our activities in pillar II. Up to a certain point, we accept the risks resulting from dependency on partners and cooperation with other (corporate) cultures.
  • Strategic pillar III: Very low. In Pillar III, the innovative character of some projects and partners translates into somewhat higher risk acceptance. Nonetheless, safety, the environment and legislation are important starting points here too.


In Control Statement

The Executive Board is aware that no risk management systems, no matter how professional, can offer absolute certainty that the company objectives will be achieved or that such systems can fully prevent material inaccuracies, loss, fraud or violations of the laws and regulations.

With respect to the financial reporting risks, the Executive Board states that the internal risk management and audit systems provide a sufficient degree of certainty that the financial reporting does not contain any material inaccuracies and that the risk management and audit systems in the year under review functioned adequately. Any deficiencies, of which there were none this year, are included in the report.

Material risks that are relevant for the coming year are part of this report. It is therefore expected that the continuity of the company is guaranteed for the coming twelve months.