Risk management and internal control framework
Strategic risk management (SRM)
SRM focusses on future events which may influence strategic objectives in positive or negative ways. The Executive Board evaluates the risks as they develop as well as the effectiveness of applicable mitigating actions. TenneT’s strategic risk position is shared and discussed with the Supervisory Board and the Audit, Risk and Compliance Committee.
In 2018 the strategic risks assessment, performed as Executive Board interviews, was split into three different strategic risk dimensions to ensure a broad view and the future perspective of strategic objectives. These dimensions include events in the current playing field, events that tilt the current and events that could even create new playing fields for TenneT as TSO. Additionally, discussion on opportunities was strengthened.
Operational risk management (ORM)
The operational risks affecting the various business units and corporate departments are documented and evaluated to assess the adequacy of mitigating actions at least twice a year. TenneT’s Corporate Risk Management & Internal Control department challenges the organisation to review its risks and related mitigating actions. TenneT’s updated operational risk position is part of the Letter of Representation (LoR).
Risk & portfolio management
Furthermore to strengthen the security of supply TenneT’s asset management uses condition monitoring and risk based assessments to plan maintenance and investments. Grid constraints are identified by analysing grid components and failures and by monitoring the necessary transport capacity. These constraints are assessed according to the risk they pose to TenneT’s objectives. Should the risk exceed a predefined level, a measure to mitigate this risk is proposed and included in our investment portfolio.
Project risk management (PRM)
To face challenges of the enormous investment portfolio and derived objectives around ten years ago TenneT started to implement project risk management, first with a focus on large projects. PRM aims at enhancing the chance of realising project goals on time, budget and quality. For all large projects, dedicated project risk managers review and manage risks together with project leads systematically within the quality and uniformity standards safeguarding by corporate risk management.
Other Risk Management activities
Risk Management process is more and more integrated in day to day decision making processes. For example in management and board decision submissions, risks and alternatives have to be named and assessed.
TenneT introduced Lean Management to work on the efficiency of processes. Those improvement projects follow the DMAIC steps. In the “Definition” phase as well as “Improve” phase risks have to be identified and assessed. Certified green belts and black belt ensure the quality.
Internal control (IC)
Our internal control framework is designed to support and safeguard the realisation of our process objectives, as well as fulfil our legal obligations and establish the reliability of our internal and external reporting. To assess the effectiveness of this framework and identify opportunities for improvement, a control self-assessment is performed by control owners and validated by management twice a year. Risk Management & Internal Control performs quality assessments on the outcomes. Internal Audit checks randomly selected self-assessments during the year to form an independent opinion. The outcomes of these control self-assessments are direct input for the Letter of Representation procedure. Identified issues are reported to Risk Management & Internal Control, which monitors and follows up on mitigating steps with the relevant business owners. Overall control effectiveness is reported in our State of Risk report.
As a direct result of the integrated approach IC framework, IC developed in 2018 from country specific frameworks to one harmonised leading Corporate Internal Control Framework. Focus of our framework is continuing to gradually shift from a core finance perspective towards a business objective driven approach with the inclusion of core business- and additionally non-financial reporting processes.