Non-financial risk monitoring and management
GRI Indexes
-
102-11
-
102-15
-
103-2
-
GOV-2/A1
-
GOV-2/A2
-
GOV-1/C3
Risk management at the PGNiG Group
As part of the continuous effort to enhance the effectiveness of risk management, PGNiG has implemented an integrated approach assuming constant and coordinated management of individual risk categories, taking into account the relationship between them, protection of all the Company’s resources and the impact on the delivery of the Strategy. The comprehensive approach to risk management is consistent with the Strategy’s vision, the continuous pursuit of operational excellence and the principles of sustainable and responsible business.
The risk management system is aligned with the coordinated cooperation of the other PGNiG management systems, and its operation has been designed to support the achievement of operational goals of the Company’s organisational units and the objectives set out in the PGNiG Group Strategy. The system consists in integrated and tailored management of individual risk categories at PGNiG and is based on the three lines model. This facilitates gathering comprehensive and structured information on risks within the organisation, monitoring the level of risk exposure in the context of achievement of operational and strategic objectives, and coordinating the flow of management information.
According to the proposed model, risk is managed within individual risk categories, based on separate internal regulations. Risk categories within the PGNiG risk management system have been identified taking into account the applicable standards and legal requirements which standardise or require the management of specific risks in a specialised and distinct manner. Three main categories have been identified: operational risk, financial risk, and legal risk.
The risk management system includes a Risk Management Policy at PGNiG SA which sets out a systemic and integrated approach to risk management at the Company and defines rules to be followed in order to effectively minimise the impact of risk on achievement of the Group’s operational and strategic objectives.
A Procedure for risk and opportunity management in the Company’s processes has also been implemented as part of the system. The Procedure details the order of stages of the process, the roles and responsibilities of participants, and the method of risk and opportunity management at PGNiG. The Procedure relates to operational risk in the Processes specified in the Architecture of the Company’s processes.
One of the operational risks is health, safety and environment risk, managed as part of the QHSE (Quality, Health Safety & Environment) Management System at PGNiG, which is based on the following standards: ISO 9001, ISO 14001, and ISO 45001. Risk and opportunity management is critical for effective operation of the QHSE Management System. Its objective is to create awareness of existing threats and risks in order to take appropriate control measures, and of opportunities that can be captured to improve process efficiency.
In addition, for the purposes of reports, studies and analyses, operational risks may be grouped according to their common features. The features may result from processes in which particular risks are present or may be based on other criteria identified according to business needs.
The Company considers as material a group of non-financial ESG risks related to environmental, climate, social, HR and ethical aspects, namely respect for human rights and preventing corruption and bribery.
Under applicable regulations, all business processes are subject to an analysis identifying and assessing any risks which could possibly interfere with the delivery of the objectives of a process. Risk is assessed based on a matrix which presents a five-level scale of impact and probability of occurrence to determine the level of risk. In the next step, measures to reduce the risk parameters to an acceptable level are defined. A detailed risk analysis is carried out at least once a year, with the participation of owners of respective processes. Risks are analysed and parameterised based on potential causes and impact, as well as probability of occurrence. At the same time, the analysis takes into account the controls or mechanisms currently applied to prevent materialisation of risks and mitigate the potential impact of risk events. In addition, the system gathers and analyses information on risk materialisation
(both potential incidents and key risk indicators).
The risk management system is subject to ongoing improvement and assessment with regard to the effectiveness of preventive measures taken to minimise the potential impact of risk events. At the same time, the PGNiG Group expands the list of events which may turn into potential risks in the future. For any identified risks, the organisation determines the measures to be taken to drive down the level of unacceptable risks or, where risk mitigation measures have been exhausted, decides to accept such risks. Those residual risks are subject to ongoing monitoring to prevent their materialisation.
The transition to a low-carbon economy and the achievement of global targets for reducing the impact of climate change requires risk management to take into account risks to sustainable development.
With respect to non-financial risk management, the PGNiG Group is determined to minimise the possibility of non-financial risks inherent in business activities materialising. Due to the Group’s extensive organisational structure and multiple simultaneous processes, the Management Board members are therefore the owners of risk management in specific areas, in accordance their respective competencies. Risk management is supported by the certified QHSE Management System implemented at PGNiG, making it possible to identify, assess and monitor risks with regard to significant environmental aspects and occupational health and safety.