Corner image

Roles and responsibilities

Our Risk Management and Internal Control system is at the heart of our 'three lines of defence model', which details the relationship between, and the responsibilities of, the business, risk management & internal control and internal audit.

First line of defence: Business

TenneT's management bears primary responsibility for identifying, controlling and monitoring risks associated with processes and for maintaining an appropriate ICF. These internal controls ensure the reliability of our processes and provide assurance for the second and third line and, ultimately, our financial and management reporting.

Second line of defence: Risk management & internal control

Risk Management & Internal Control is responsible for coordinating, developing and monitoring TenneT's Risk Management and Internal Control system and supports and challenges the business on Risk Management and Internal Control matters. Risk Management & Internal Control is also responsible for independent risk reports to the Executive Board, the Supervisory Board and the Audit, Risk and Compliance Committee.

Third line of defence: Internal audit

Internal audits are fundamental to TenneT's Risk Management and Internal Control system. These audits provide insight into how and to what extent we control the risks that may affect realisation of our strategic and other objectives. These audits provide management with additional assurance on the effectiveness of internal controls.

The Internal Audit Department schedules its audits according to a three-year cycle, revised annually to reflect the latest operational and strategic risk assessments performed by Corporate Risk Management and Internal Control. Specific audits are planned during the year to target areas of heightened sensitivity or interest. The annual audit plan is submitted to the Executive Board and the Audit, Risk and Compliance Committee for approval.

The Internal Audit Department reports its findings and the status of follow-up actions to the Audit, Risk and Compliance Committee and the Executive Board every quarter.