Risk control

Risk control

Internal and external events may pose a risk to our continuity or strategic goals. We monitor these risks closely, calculate their probability, and take action to mitigate their impact.

Because we are transparent about our risk exposure, we can adjust more rapidly to achieve our goals. It also allows us to comply promptly with statutory and regulatory requirements.

Risk management

We use Enterprise Risk Management to achieve our goals responsibly. Our ERM policy is based on the COSO Enterprise Risk Management model and covers all aspects of our business, ranging from strategic and operational risks to (financial) reporting reliability and legal and regulatory compliance.

Across all levels of the organisation, line management is responsible for identifying risks and implementing controls in a timely fashion. This decentralised responsibility is an essential element of the way in which Enexis Holding N.V. addresses its risk exposure.

At group level, compliance with the ERM policy implementation is monitored by the Management Consultation body, which comprises the Executive Board, the directors of INFRA, Asset Management, Finance, HR, ICT, Customers & Markets, Fudura and the Secretary. The Strategic Risk Analysis results and the status of the LOR issues are also reported to and discussed by the Audit Committee. The Executive Board issues its ‘In Control’ statement on the basis of this process.

Tools, procedures & control systems

  • STRATEGIC RISK ASSESSMENT
    To identify events that threaten the company’s continuity or its ability to achieve its strategic goals in a full or timely fashion.
  • PROCESS MANAGEMENT
    To identify, design, set up, implement and continuously improve the business processes.
  • OPERATIONAL RISK ASSESSMENTS
    To identify risks that may affect the process objectives. The risks identified and controls implemented are documented in the Internal Control Framework.
  • CONTROL SELF ASSESSMENT
    Semi-annual assessment of key controls by all departments. Key risks are reported to the Executive Board in an internal Letter of Representation (LOR).
  • BUSINESS CONTINUITY MANAGEMENT AND CRISIS MANAGEMENT
    To ensure the continuity of our services.
  • PLANNING & CONTROL CYCLE
    To discuss progress and relevant developments regarding strategic risks, LOR issues, and actions to be taken following internal audits.
  • RISK-BASED ASSET MANAGEMENT SYSTEM
    To draw up the asset maintenance and investment programme for the company’s assets.

In addition to Enterprise Risk Management, we use internal audits and the external auditors’ reports as a safety net.

Internal auditors

Enexis Holding N.V. has an internal audit function with independent auditors. They provide management and the Executive Board with additional assurance about operational control, effectiveness, efficiency and compliance.

The internal auditors report to the chairman of the Executive Board and are subject to supervision by the Audit Committee. The Audit Committee advises the Executive Board on the role and performance of the internal auditors.

The annual audit plan, adopted by the Supervisory Board, provides a description of the internal audits to be conducted. The progress achieved and the key audit findings are discussed by the Audit Committee. The Internal Audit & Risk findings are also reported to the external auditor.

External auditor

PricewaterhouseCoopers Accountants N.V. is the company’s external auditor. The Supervisory Board’s Audit Committee monitors the relationship with the external auditor, who also attends the Audit Committee meetings.

Code of conduct

Respect for one another, integrity, honesty, and safety and security form the basis of our operations and the way we work together. Legal compliance and corporate social responsibility are also key to our code of conduct.

WHISTLE BLOWING POLICY

We encourage our employees to report to management any – suspected – wrongdoing within the organisation that may have a wider social impact. Our whistleblowing policy describes how a wrongdoing is to be reported and handled. Our code of conduct also contains the whistle blowing policy.