Risk management at Gasunie is focused on managing our business operations and the factors that affect the feasibility of our strategy and objectives. As an integral part of our activities and strategy formation, active risk management helps us achieve our goals and demonstrates that we act carefully and within the law.
In our current activities, risk management supports the organisation in mitigating the controllable operational, reporting and compliance risks to an acceptable level. In determining strategy and making decisions, we always strive for an optimum balance between risk and reward. Our risk appetite serves as a guideline in this.
Risk framework: policy and control
Risk management is a continuous process that is performed at all levels of the organisation. Our employees act on the basis of our core values and risk awareness, and form the basis of risk management at Gasunie in that sense.
The Executive Board is responsible for risk management within our company, and is accountable to the Supervisory Board for that. It is supported by the Corporate Risk Management department. At corporate and business unit level, we mainly identify and control the strategic and external risks and opportunities. Within the operational work processes and the projects, the focus is mainly on operational, reporting and compliance risks.
We use the Three Lines of Defence (3LoD) model. The first line is formed by our business/line management: this is primarily responsible for implementing the strategy and the activities and therefore also for the use of risk management. The second line consists of corporate departments, including Risk Management, Control and Safety, whose task it is to advise, challenge and sometimes also test the operating activities in the (business) units. An ‘Expert Committee’ is deployed to advise the Executive Board specifically for large or strategic projects. The third line is formed by the Operational Audit department, which carries out operational audits to assess the set-up and functioning of the risk management system and control and reports on this to the Chair of the Executive Board and the Audit Committee of the Supervisory Board.
The (business) units give accountability reports to the Executive Board using the Document of Representation (DoR). In doing so, they provide formal feedback on the fact that the business controls have been carried out in accordance with the internal requirements for management control and the Code of Conduct. This is also an extra opportunity to share ideas with the Executive Board on current dilemmas.
The Supervisory Board discusses management control with the members of the Executive Board on a regular basis. Developments regarding the objectives, strategy and policy, as well as the most important risks for the company and the outcomes of operational audits, are also addressed.
Gasunie’s risk management model
In order to reflect on and discuss risks in a structured and recognisable way, it is important to use a practical classification of our risks. We have set up the COSO Enterprise Risk Model we use in such a way that it facilitates our thinking and above all our actions as well as possible. We distinguish between strategic, external and avoidable risks.
Strategic risks involve making choices with a good balance between risk and reward. Our risk appetite in this regard differs per strategic pillar. External risks have no risk-reward relationship and can hardly be prevented, if at all. The focus is on being prepared for the impact of these risks. The COSO risk categories ‘operational, reporting, compliance’ involve risks the manifestation of which can be prevented with a good control structure (hence: avoidable risks). By applying the ALARA principle (As Low As Reasonably Achievable), we seek a balance in risk control which is appropriate to our risk appetite in combination with cost efficiency.
The table below summarises our risk appetite in the three strategic pillars. For a summary of our main current risks, see the chapter Our risk profile.
|Control model||Risk acceptance and explanation|
The likelihood that an external risk will manifest cannot be avoided or can hardly be avoided; control mainly focuses on limiting the impact.
Find risk/reward balance
In pursuing our strategic objectives, a balance is sought between the expected risks and revenues (risk and reward).
Manage on the basis of the ALARA principle
We do not tolerate unsafe situations in any of our activities. Risks that endanger the safety of our surroundings or Gasunie’s employees or contractors, or which could harm the environment, are tightly controlled and avoided as much as possible.
We adhere to the law and our Code of Conduct. Where dilemmas arise in our operating activities, we deal with these transparently. We stand for integrity in our conduct in our internal organisation and outside of it and are vigilant about preventing fraud.
For access to the financial markets, it is essential that our financial systems and reports are reliable.
In Control Statement
The Executive Board is aware that no risk management systems, no matter how professional, can offer absolute certainty that the company objectives will be achieved or that such systems can fully prevent material inaccuracies, loss, fraud or violations of the laws and regulations.
With respect to the financial reporting risks, the Executive Board states that the internal risk management and audit systems provide a sufficient degree of certainty that the financial reporting does not contain any material inaccuracies and that the risk management and audit systems in the year under review functioned adequately. Any deficiencies, of which there were none this year, are included in the report.
Material risks that are relevant for the coming year are part of this report. It is therefore expected that the continuity of the company is guaranteed for the coming twelve months.