Introduction
In order to continuously improve effective risk management, PGNiG S.A. has implemented an integrated approach involving continuous and coordinated management of individual risk categories, taking into account their interrelationships, protection of all PGNiG resources and impact on the implementation of the Strategy. The risk management system is an element of the coordinated cooperation of the other PGNiG management systems, its operation designed to support the achievement of operational objectives of PGNiG’s organisational units and objectives defined in the PGNiG Group Strategy.
The system covers integrated and coordinated management of individual risk categories at PGNiG, organised into a three lines model. It enables the collection of comprehensive and structured information on risks at PGNiG, the monitoring of risk exposures in terms of PGNiG’s ability to meet its operational and strategic objectives, and coordinating the flow of management information. The PGNiG Risk Management Policy and the Procedure for Risk and Opportunity Management in PGNiG’s processes have been implemented as part of the system.
In 2021, in line with the Procedure for Risk and Opportunity Management in PGNiG S.A.’s processes, a review was performed of the risks and opportunities inherent in processes carried out by PGNiG’s organisational units, as defined in the PGNiG Group’s Process Architecture.
Three lines model
Considering the profile and scale of the Company’s operations, the risk management system has been based on a three lines model.
The function of line 1 is performed by all PGNiG business units. The operational mechanisms of day-to-day risk management are built into existing business processes, which are tailored to the nature of operations and extent of potential consequences caused by risks that affect PGNiG’s objectives and performance. Measures taken as part of line 1 are to mitigate risks to an acceptable level. Risks are mitigated by designing and implementing appropriate controls, monitoring risk levels and implementing response measures.
The function of line 2 is performed by specialised business units. They provide complementary expertise, support, monitoring and supervision of risk management issues. Measures taken as part of line 2 are designed to monitor and control the solutions applied within line 1, as well as to support the managers of other business units in order to ensure that the deployed controls are correctly designed and effective.
The function of line 3 is performed by the internal audit department, which verifies the adequacy and effectiveness of the entire Risk Management System at PGNiG S.A. The role of line 3 is to independently and objectively check the system’s operation, advise the management staff on the optimum and effective risk management and directly report to the Management Board. The function of third parties ensuring effectiveness of the system may be performed by external service providers through external audits, certifications, accreditations, etc.
The overriding role in the three lines model is that of the Management Board, which sets directions for the organisation, defining the Company’s vision, mission and values. It delegates responsibilities for achieving the Company’s objectives to the management staff and provides the necessary resources. The management staff in turn provides the Management Board with reports on the planned, actual and expected results, as well as reports on corporate governance and risk management.