Therefore, it has a risk management system covering both the risks of internal processes and those related to the environment in which the Company's activities are carried out. The system complies with the ISO 31000 Standard on the principles and guidelines regarding risk management. Additionally, Red Eléctrica has two specific systems, one for internal control over financial reporting (based on the US Sarbanes-Oxley) and another for internal control over operational activities (based on the SSAE 16 standard). These systems are subject to periodic internal and external audits.

The most relevant risks to which the Red Eléctrica Group is subject and that are integrated into the risk management system are:

  1. Regulatory: due to the fact that the main activities of the Group are subject to regulation.
  2. Operational: derived fundamentally from the activities they have been assigned within the electricity system, including those related to cybersecurity. The critical nature of the functions carried out by Company means that this type of risk could have widespread social and economic importance.

In addition to the specific risks indicated above, the Red Eléctrica Group faces other risks that are common to the development of economic and business activities, and which include:

  1. Financial and counterparty risks. These are financial risk, market risk and those related to the non-fulfilment of counterparties of their contractual obligations. The increased cost of equipment and raw materials, the increased interest rate and changes in exchange rate, the conditions of access to financial markets and the coverage of accidents, are included.
  2. Other risks. These are risks arising from the relevance of other businesses conducted by the Red Eléctrica Group. Risks associated with the telecommunications business relating to the management and operation of the dark fibre network and risks from foreign business related to the activities carried out by the Company through its subsidiaries abroad, are included.​

Risk structure 2016

Risk structure 2016


Comprehensive Risk Management Policy

The Board of Directors is responsible for the approval of the comprehensive risk management policy as well as for having full knowledge of the internal control, prevention and information systems and for the regular monitoring of these systems. Twice a year, the Board proceeds to review the risk control system and material risks, independent of the information that it regularly receives from the Audit Committee as part of the monitoring framework the Committee continually performs.

The Red Eléctrica Group has a risk policy that sets out the directives and guidelines for ensuring that material risks, which could affect the objectives and activities of the Group, are systematically identified, analysed and controlled with uniform criteria and within the established risk limits.