integral risk management - isagen · professional integral risk management "our integral management...
TRANSCRIPT
-
INTEGRAL RISK MANAGEMENT
-
STRUCTURE
Risk management
Business continuity management
Challenges
Carmen Rosa Ángel Cotes Professional Integral Risk Management
"Our Integral Management of Risks is aimed at creating value for ISAGEN and it is a key element in organizational decision making, loss reduction, and optimization opportunities. This enables us to protect corporate soundness and sustainability, through an effective management of risks at all levels of the organization, the administration of all risk transferring mechanisms, and the issuance of effective responses to events that could jeopardize our business continuity. Our business continuity methodology is aimed at identifying potential impacts, establishing the context of the situation, developing recovery
strategies, and building effective responses in preparation for said impacts".
-
We carried out the exercise of identifying business risks associated with our Senior Management strategy, including two new analysis elements: risk appetite in function of EBITDA and inherent risk.
We trained 100% of management to highlight the importance of integral risk management and strengthen their roles and responsibilities.
We carried out a more complex drill that consisted in the simultaneous activation of the crisis management, emergency management and business continuity plans. We obtained a comprehensive response, addressing operational and strategic aspects.
We carried out 39 business continuity plans to confirm their functionality and to generate learning among the persons involved.
2016 MILESTONES
-
The current environment requires companies to go beyond mitigation of day to day risks, with an approach of adapting to the global risk and developing the organizational capacity to overcome complex situations. We used these aspects to create business initiatives to secure our business sustainability, ensure its continuity, preserve business resources, and manage adequately the impact of relations with stakeholders.
Our Integral Risk Management understands the risk management and business continuity management. Both practices have different scopes, but are mutually supplementary. The first one is responsible for the comprehensive mitigation of all business risks, acting more forcefully prior to the occurrence of an event. The second one is responsible for establishing an anticipated, comprehensive response to minimize the potential impact from critical activities, operating more forcefully after the events that gave rise to the interruption of operations and reducing their consequences.
In this chapter, we will share the main results and challenges of 2016:
RISK MANAGEMENTRisk management is a logical, systematic process that establishes the context, and identifies, analyzes, assess, addresses, monitors and communicates risks associated with Company processes and strategies. This administration is performed based on a methodology aligned with business strategy and best practices and regulations such as ISO 31000 and NTC 5254.
In 2016 we identified corporate risks associated to our strategy with Senior Management (Management Team). It covers the analysis of our business objectives and Superior Purpose, emerging events, trends and risks identified by the World Economic Forum; we also included the analysis of two elements: risk appetite in function of EBITDA, that is, the maximum amount that we are willing to accept in case of risk materialization and the inherent risk, that is, the risk rating without taking controls into account.
The corporate risk inventory is approved by the Audit and Risk Committee and the Board of Directors. For each risk, we identify and analyze the respective causes and controls, as well as situations that could materialize it. Similarly, we implemented monthly follow up of corporate risk situations and the respective mitigation actions in the Management Committee. The result of this follow up is analyzed during the Audit and Risk Committee and the Board of Directors.
Included below are the 15 corporate risks with their description, level of inherent risk (before controls) and residual (after controls), as well as their association with the trends and risks emerging from the World Economic Forum, the relevant management issues and the Sustainable Development Goals (SDG):
-
Business Risk Description of RiskLevel of inherent
risk
Level of residual risk
Trends and risks emerging from the World
Economic Forum
Material or relevant management issues*
SDGs prioritized by ISAGEN
Occupational Safety and Health Risk
Inadequate management of activities leading to undermining the protection, safety, health and well-being of personnel. Extreme High
Appearance of chronic diseases
Aging of the population Propagation of infectious diseases
Occupational health and safety
DECENT WORK AND ECONOMIC GROWTH
Physical security of people and facilities risk
Social conditions or malicious actions by third parties that threaten the security of ISAGEN's people (personnel, contractors or community members) or assets and/or affect the business operations. Extreme High
Urbanism Increase of geographical mobility
Changes in power Deep Social instability Inter-state conflict Failure in national governance Terrorist attacks
Occupational health and safetyHuman rights and peace
DECENT WORK AND ECONOMIC GROWTH
Environmental and Social Risk
Inadequate social and biophysical management for contributing to environmental sustainability of ISAGEN and its influence areas during the construction or operation of power generation plants.
Extreme Moderate
Environmental degradation Climate change Increased revenues and disparity of wealth
Failures in mitigation and adaptation to climate changes
Extreme climate events Collapsing at ecosystem level and reduction of biodiversity
Environmental catastrophes caused by men
Water crisis Food crisis Large scale involuntary migration
Comprehensive water management Climate changeBiodiversity ManagementTransformation role in the regionsHuman rights and peaceDevelopment of new business opportunitiesEnergy production and commercialization
PEACE, JUSTICEAND STRONGINSTITUTIONS
CLIMATEACTION
LIFE ON LAND
CLEAN WATERAND SANITATION
AFFORDABLE AND CLEAN ENERGY
DECENT WORK AND ECONOMIC GROWTH
* We recognize that the good quality of relations is the base to prevent that any risk materializes and, therefore, all corporate risks are connected to this material or relevant aspect of management. Our human-being based company conception is in turn related to material issues.
-
Business Risk Description of RiskLevel of inherent
risk
Level of residual risk
Trends and risks emerging from the World
Economic Forum
Material or relevant management issues*
SDGs prioritized by ISAGEN
Commercial Management Risk
Inadequate commercial management that prevents or hinders the achievement of the EBITDA target. Extreme High
Effects of energy price Failure in management of inflation
Energy production and commercialization
CLIMATEACTION
CLEAN WATERAND SANITATION
AFFORDABLE AND CLEAN ENERGY
National disaster risk
Natural phenomenon of certain extent, intensity and duration, with the potential to cause damage on people, assets or the environment, which affect operations. Extreme High
Environmental degradation Climate change Failures in mitigation and adaptation to climate changes
Extreme climate events Environmental catastrophes caused by men
Natural catastrophe
Climate changeCLIMATEACTION
AFFORDABLE AND CLEAN ENERGY
Risk of Unavailability at Power Generating Plants
Internal or external events that affect the operations of the electric power plants and impact their availability. Extreme High
Natural catastrophe Critical drop in technological infrastructure
Failure in physical infrastructure
Energy production and commercialization
CLIMATEACTION
CLEAN WATERAND SANITATION
AFFORDABLE AND CLEAN ENERGY
Fuel Shortage Risk Fuel shortage (supply and transport) to ensure back up and/or generation of ISAGEN's electric power plant. High Moderate
Effects of energy price Collapsing at ecosystem level and reduction of biodiversity
Energy production and commercialization
SupplyCLIMATEACTION
AFFORDABLE AND CLEAN ENERGY
* We recognize that the good quality of relations is the base to prevent that any risk materializes and, therefore, all corporate risks are connected to this material or relevant aspect of management. Our human-being based company conception is in turn related to material issues.
-
74
Business Risk Description of RiskLevel of inherent
risk
Level of residual risk
Trends and risks emerging from the World
Economic Forum
Material or relevant management issues*
SDGs prioritized by ISAGEN
TIC Management and Cyber-Security Risk
Inadequate management of information technology and communications that prevents or limits the achievement of business goals, and vulnerability of information caused by internal or external cyber-attacks.
Extreme Moderate
Cyber Attacks Adverse consequences due to technological progress
Critical drop in technological infrastructure
Fraud or data theft Increased cyber dependency
Innovation and development of competences for management of characteristic technologies
AFFORDABLE AND CLEAN ENERGY
Legal Management Risk
Errors or omissions in the legal representation or legal advisory of the company. Extreme Moderate
Inter-state conflict Failure in national governance Crisis or state collapse Changes in power Changes in international governance perspective
All
PEACE, JUSTICEAND STRONGINSTITUTIONS
CLIMATEACTION
LIFE ON LAND
CLEAN WATERAND SANITATION
AFFORDABLE AND CLEAN ENERGY
DECENT WORK AND ECONOMIC GROWTH
Human Talent Management Risk
Inadequate management of human talent that hinders the integral development of employees and prevents the company from upholding competent workers, with efficient succession plans. High Low
Large scale involuntary migration
Unemployment or sub-employment
Employees' comprehensive development PEACE, JUSTICEAND STRONG
INSTITUTIONS
DECENT WORK AND ECONOMIC GROWTH
* We recognize that the good quality of relations is the base to prevent that any risk materializes and, therefore, all corporate risks are connected to this material or relevant aspect of management. Our human-being based company conception is in turn related to material issues.
-
75
Business Risk Description of RiskLevel of inherent
risk
Level of residual risk
Trends and risks emerging from the World
Economic Forum
Material or relevant management issues*
SDGs prioritized by ISAGEN
Macroeconomic Changes Risk
Macroeconomic changes that negatively affect the Company's operational results and the creation of value therein. Extreme Moderate
Deflation Failure in management of inflation
Company value Development of new business opportunities
DECENT WORK AND ECONOMIC GROWTH
Fraud, bribery and corruption risk
Fraud, bribery and corruption acts by company workers or stakeholders.
Extreme Low
Increased cyber dependency Changes in power Changes in international governance perspective
Increased revenues and disparity of wealth
Fraud or data theft Adverse consequences due to technological progress
Failure in national governance Crisis or state collapse
Business EthicsPEACE, JUSTICEAND STRONGINSTITUTIONS
DECENT WORK AND ECONOMIC GROWTH
Regulatory and Compliance Risk
Default or ignorance of laws, norms and/or regulations.
Extreme High
Inter-state conflict Failure in national governance Crisis or state collapse Changes in power Changes in international governance perspective
Energy production and commercialization
Biodiversity Management Transformation role in the regions
Development of new business opportunities
Comprehensive water management
Climate change Company value PEACE, JUSTICE
AND STRONGINSTITUTIONS
CLIMATEACTION
LIFE ON LAND
CLEAN WATERAND SANITATION
DECENT WORK AND ECONOMIC GROWTH
* We recognize that the good quality of relations is the base to prevent that any risk materializes and, therefore, all corporate risks are connected to this material or relevant aspect of management. Our human-being based company conception is in turn related to material issues.
-
76
Business Risk Description of RiskLevel of inherent
risk
Level of residual risk
Trends and risks emerging from the World
Economic Forum
Material or relevant management issues*
SDGs prioritized by ISAGEN
Financial Management Risk
Inadequate financial management that negatively affects the business operational results and the creation of value therein. Extreme Low
Fiscal crisis Deflation Failure in management of inflation
Failure in financing mechanisms or their implementation
Inter-state conflict Crisis or state collapse Changes in power Changes in international governance perspective
Effects of energy price Natural catastrophe Climate change
Valor de empresaDECENT WORK AND ECONOMIC GROWTH
Hydrological and climate variability risk
Climate and hydrological variability that affects negatively the production of electric energy at the Company's hydroelectric power plants. Extreme Moderate
Climate change Comprehensive water management
Biodiversity Management Development of new business opportunities.
Energy production and commercialization
CLIMATEACTION
CLEAN WATERAND SANITATION
AFFORDABLE AND CLEAN ENERGY
* We recognize that the good quality of relations is the base to prevent that any risk materializes and, therefore, all corporate risks are connected to this material or relevant aspect of management. Our human-being based company conception is in turn related to material issues.
-
77
We trained 100% of management to highlight the importance of integral risk management and strengthen their roles and responsibilities. Similarly, we highlight two encounters:
Annual Encounter of Risk Managers: opportunity to strengthen knowledge and updating of progress of integral risk management. We are assisted by 34 Risk Managers, corresponding to 63% of the 54 Organization managers. Duration of the encounter: 8 hours
Encounter of Business Continuity Managers: opportunity to identify accountability of teams and priority work issues; also, to provide guidelines that strengthen integral planning of training and tests. We are assisted by 38 business continuity managers, corresponding to 68% of the 56 Organization continuity managers. Duration of the encounter: 8 hours.
Policy for Integral Risk Management
and controls
Find out more:
Risk Managers’ Annual Event.
https://www.isagen.com.co/comunicados/integral-risk-management-policy.pdfhttps://www.isagen.com.co/our-company/management-practices/enterprise-risk-management/
-
78
Our business continuity management is based on national and international reference standards such as ISO 22301 and NTC 5722. It includes: response to emergencies, crisis management and operations continuity, aspects that guide our preparation to address potential impact on people, environment, reputation and operations. We have a management system for its implementation, maintenance and sustainability within a continuous improvement process. To such and, we identify potential threats and impacts that could affect us and, based on such information, we establish response strategies and build guidelines and procedures in advance to strengthen the organizational reaction capability in adverse situations, thus protecting the interests of the parties involved, their reputation, and their value generating activities.
We carried out 39 tests of the plans in order to simulate normal operating conditions in the event of an interruption, confirm functionality of the existing plans, and evaluate results to generate learning and establish improvement actions. The performance of tests corresponded to 75% of plans for responsible processes, mostly due to the fact that some plans were being updated based on changes in regulations or methodology for the plans' preparation and sustainability. These results were used as a base marker to determine improvement goals in subsequent years.
In 2016, we contributed to the strengthening of culture, skills and knowledge relative to business continuity management, through the following activities:
Training to business continuity managers, who coordinate activities required for sustainability of each of the plans.
Implementation and startup of the Information System for Business Continuity Management, which enable integrating information from
BUSINESS CONTINUITY MANAGEMENT
various plans and management systems with increased levels of security, integrity and availability of information.
Planning and performance of tests on the plans. We highlight the drill conducted, which was based on a hypothetical event at the Termocentro power plant. This test implied a coordinated action of several business continuity plans, which enabled as to strengthen the organizational response capacity for greater complexity events.
Finally, we contacted insurance policies, managed the claims received, and assessed some risks that were not covered by the current insurance program and the possibility of transferring them to the insurance market.
Training for Business Continuity Managers.
-
Strengthening appropriation of integral risk management and implementation of the methodology at all organizational levels, coordinating risk management and business continuity as a natural element of process design and work performance.
Strengthen the planning, execution, monitoring and reporting of individual tests, coordinated with the Business Continuity Management System to generate an adequate organizational culture to face complex situations.
Identify and assess risks associated with contracting to properly transfer them by means of a specific compliance assurance program that must include tailored conditions to facilitate administrative management and minimize associated risks.
Compliance
Continue strengthening the risk management culture through training of employees, risk managers and executives.
Conduct comprehensive tests of business continuity plans, taking into account several system components, which will allow strengthening organizational response capacity in greater complexity events that imply a coordinated action of several plans and, at the same time, contribute to greater efficiency of resources available for performance of these tests.
Manage the Insurance Program and analyze the viability of implementing risk alternative transfer schemes, other than the traditional insurance.
2016 CHALLENGES
2017 CHALLENGES