We are a global operator of essential infrastructure
Redeia has a Comprehensive risk management system in place in order to facilitate the fulfilment of the company’s strategies and objectives, ensuring that the risks that could have an impact on them are identified, analysed, evaluated, managed and controlled in a systematic manner, with uniform criteria and within the level of acceptable risk approved by the Board of Directors.
The management System conforms to the ISO 31000 standard regarding risk management principles and guidelines and is ongoing and comprehensive in nature, consolidating risk management by business unit, subsidiary, and support areas within the corporate scope.
Accordingly, Redeia periodically conducts sensitivity analysis (stress testing) to monitor on certain financial and non-financial risks, with the aim of anticipating the potential impact on the Company of the materialisation of these on the basis of certain future scenarios, and monitoring potential developments of the main variables that could have an impact on the compliance of the strategic plan, both in terms of Financial aspects and interest rates, inflation, etc., as well as other more operational factors.
Redeia has a Comprehensive Risk Management Policy and a general Procedure for comprehensive risk management and control, based on the COSO ERM Enterprise Risk Management-Integrated Framework for Corporate Risk Management.
The Board of Directors is responsible for approving the Comprehensive Risk Management Policy, as well as for awareness and periodic monitoring of internal control, prevention, and reporting systems. Twice a year, the Board reviews the risk control system and relevant risks, without prejudice to the information regularly received from the Audit Committee as part of its ongoing monitoring.
Redeia's Risk Management System also specifically analyses risks considered as emerging, which are either new risks whose origin differs from traditionally managed risks or existing risks that may undergo significant changes in the medium or long term due to their scope or considerable changes in the consequences they generate. These risks are considered to potentially impact the organisation, which given their nature, they are difficult to predict, estimate and assess and their time horizon is uncertain, all due to economic, social, technological, geopolitical and environmental transformation, with possible impacts of special relevance for the organisation.
This risk type also refers to those risks that already exist and have been identified but which in the medium and/or long term may undergo significant changes, either because of their scope or because of a considerable change in their consequences.
The main difference between emerging risks and other risks within the organisation lies in the process of identification, evaluation, and measurement of these risks due to their inherent nature. The impacts of emerging risks are difficult to estimate and quantify, so there is no measurement process in terms of probability and impact. Additionally, the time horizon for emerging risks extends beyond that used for measuring traditional risks or beyond the time horizon of the current strategic plan.
Moreover, Redeia is making progress in identifying and analysing long-term trends and scenarios, conducting various micro-studies focused on identifying potential future risk trends that could impact Redeia. The following are identified as emerging risks:
| The phenomenon of disinformation | ||
|---|---|---|
| Description | Impact | Action Plan |
Disinformation refers to false or manipulated information that is deliberately created, presented, and disseminated with the intent to deceive or cause reputational, institutional, or economic harm. Unlike factual errors (due to ignorance or accident), disinformation has a specific motive: to distort reality for the purpose of manipulation. In English, a distinction is sometimes made between “misinformation” and “disinformation,” with the former referring to erroneous, false, or inaccurate information disseminated without the intent to deceive, and the latter referring to information deliberately disseminated with the intent to manipulate or cause harm. The rapid spread of fake news can be decisive in shaping an organization’s standing, as it facilitates its dissemination at the expense of accurate information. The expansion of the Internet, social media, and the rise of artificial intelligence have fueled the emergence and amplification of disinformation, increasing its reach and reputational impact. | Given the nature of the company’s core activities, the impact of fake news on the company’s reputation can be particularly significant.
|
Proactive strategy to minimise the risks of disinformation:
|
| Disruptive technological transformation | ||
|---|---|---|
| Description | Impact | Action Plan |
The rapid adoption and evolution of disruptive technologies - such as artificial intelligence, advanced automation, intensive digitalisation and, in the medium term, quantum computing - is creating a highly uncertain environment for the company’s operating models, business processes and regulatory frameworks. This technological transformation is characterised by the speed of change, the growing complexity of systems and the difficulty in anticipating their medium- and long-term impact, which increases exposure to both operational and strategic risks. In this context, the ability to adapt and integrate new technologies becomes a critical factor in ensuring the organisation’s continuity, efficiency and competitiveness in a constantly evolving environment.
| This transformation may lead to technological obsolescence, security breaches, dependence on strategic technology suppliers, insufficient internal capabilities and digital skills, as well as ethical and regulatory compliance risks associated with the intensive use of data and automated systems. These factors may affect operational continuity and the ability to adapt in the medium term. |
|
Climate change risks comprise both physical risks associated with modifications in climate parameters (which can directly affect the facilities or impact the services rendered by Redeia) and transition risks (related to changes stemming from the fight against climate change, including regulatory, technological, market, and reputational).
To enhance the management of risks associated with climate change, in 2018, Redeia started working on implementation of the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). Since then, key actions have been taken to develop and improve this implementation, such as revising the governance model, developing a specific methodology for identification, prioritisation, and economic quantification, considering different scenarios and time horizons, reviewing methodologies, and expanding the analysis to businesses in Latin America and telecommunications.
Our Comprehensive Risk Management System includes relevant tax risks and mechanisms for their mitigation, control, and management.
Awareness, training and sensitization are fundamental elements for the development of a risk culture that adapts to the needs and responsibilities of Redeia's functional areas and affected areas.
The company strengthens the risk culture through the continuous development of dissemination, awareness and training actions on the relevance and strategic nature of the Integrated Risk Management System for the members of the organization, among which the following stand out:
- Inclusion of risk criteria in the development of products and services. Before entering a tender, a risk analysis is performed by Redeia in order to determine whether it is appropriate to proceed with the tendering process.
- Specific training in relevant areas such as occupational risk prevention, environmental, human rights, cybersecurity, ethics and compliance.
- Organization of forums aimed at specific groups of the organization with a special involvement in risk management.
- Publication of informative news on the corporate website and on the intranet.
- Specific sessions for members of the management body on risk management where both financial and non-financial risks are analyzed.
Redeia provides the company's professionals with the necessary tools to manage possible risk situations in the development of their functions and responsibilities, as well as the appropriate means to communicate any issue related to risks.
