Risk management

Risk Management

Redeia has a Comprehensive risk management system in place in order to facilitate the fulfilment of the company’s strategies and objectives, ensuring that the risks that could have an impact on them are identified, analysed, evaluated, managed and controlled in a systematic manner, with uniform criteria and within the level of acceptable risk approved by the Board of Directors.

The management System conforms to the ISO 31000 standard regarding risk management principles and guidelines and is ongoing and comprehensive in nature, consolidating risk management by business unit, subsidiary, and support areas within the corporate scope.

Accordingly, Redeia periodically conducts sensitivity analysis (stress testing) to monitor on certain financial and non-financial risks, with the aim of anticipating the potential impact on the Company of the materialisation of these on the basis of certain future scenarios, and monitoring potential developments of the main variables that could have an impact on the compliance of the strategic plan, both in terms of Financial aspects and interest rates, inflation, etc., as well as other more operational factors.

blank
Management and control: organisational structure and responsibilities

blank

icono flecha

Redeia has a Comprehensive Risk Management Policy and a general Procedure for comprehensive risk management and control, based on the COSO ERM Enterprise Risk Management-Integrated Framework for Corporate Risk Management.


Comprehensive Risk Management Policy

The Board of Directors is responsible for approving the Comprehensive Risk Management Policy, as well as for awareness and periodic monitoring of internal control, prevention, and reporting systems. Twice a year, the Board reviews the risk control system and relevant risks, without prejudice to the information regularly received from the Audit Committee as part of its ongoing monitoring.

Read our Comprehensive Risk Management Policy - PDF, 211 KB

Emerging Risks

Redeia's Risk Management System also specifically analyses risks considered as emerging, which are either new risks whose origin differs from traditionally managed risks or existing risks that may undergo significant changes in the medium or long term due to their scope or considerable changes in the consequences they generate. These risks are considered to potentially impact the organisation, which given their nature, they are difficult to predict, estimate and assess and their time horizon is uncertain, all due to economic, social, technological, geopolitical and environmental transformation, with possible impacts of special relevance for the organisation.

This risk type also refers to those risks that already exist and have been identified but which in the medium and/or long term may undergo significant changes, either because of their scope or because of a considerable change in their consequences.

The main difference between emerging risks and other risks within the organisation lies in the process of identification, evaluation, and measurement of these risks due to their inherent nature. The impacts of emerging risks are difficult to estimate and quantify, so there is no measurement process in terms of probability and impact. Additionally, the time horizon for emerging risks extends beyond that used for measuring traditional risks or beyond the time horizon of the current strategic plan.

Moreover, Redeia is making progress in identifying and analysing long-term trends and scenarios, conducting various micro-studies focused on identifying potential future risk trends that could impact Redeia. The following are identified as emerging risks:

The disinformation phenomenon
The phenomenon of disinformation
DescriptionImpactAction Plan

Disinformation refers to false or manipulated information that is deliberately created, presented, and disseminated with the intent to deceive or cause reputational, institutional, or economic harm. Unlike factual errors (due to ignorance or accident), disinformation has a specific motive: to distort reality for the purpose of manipulation.

In English, a distinction is sometimes made between “misinformation” and “disinformation,” with the former referring to erroneous, false, or inaccurate information disseminated without the intent to deceive, and the latter referring to information deliberately disseminated with the intent to manipulate or cause harm.

The rapid spread of fake news can be decisive in shaping an organization’s standing, as it facilitates its dissemination at the expense of accurate information.

The expansion of the Internet, social media, and the rise of artificial intelligence have fueled the emergence and amplification of disinformation, increasing its reach and reputational impact.

Given the nature of the company’s core activities, the impact of fake news on the company’s reputation can be particularly significant.

 

  • Intensive monitoring of the media and social media to detect disinformation.
  • Analysis of the disinformation incident and activation of the appropriate response based on the assessment of the incident. Options:
    • No intervention where the content is harmless.
    • Request for correction.
    • Publication of a clarifying statement or explanatory infographic.
    • Mobilisation of the legal team.
    • Request for removal or demonetisation from digital platforms.

Proactive strategy to minimise the risks of disinformation:

  • Proactive and reactive communication measures, with continuous updates.
  • Strengthening relationships with the media and opinion leaders.
  • Promoting awareness-raising initiatives through corporate channels
  • Cross-functional coordination between different departments such as Communications, Public Affairs, Human Resources and Legal for the preventive management of reputational risk
  • Development of the prevention model through specific manuals, common principles and the reinforcement of corporate culture in this area.
Disruptive technological transformation
Disruptive technological transformation
DescriptionImpactAction Plan

The rapid adoption and evolution of disruptive technologies - such as artificial intelligence, advanced automation, intensive digitalisation and, in the medium term, quantum computing - is creating a highly uncertain environment for the company’s operating models, business processes and regulatory frameworks. This technological transformation is characterised by the speed of change, the growing complexity of systems and the difficulty in anticipating their medium- and long-term impact, which increases exposure to both operational and strategic risks. In this context, the ability to adapt and integrate new technologies becomes a critical factor in ensuring the organisation’s continuity, efficiency and competitiveness in a constantly evolving environment.

 

This transformation may lead to technological obsolescence, security breaches, dependence on strategic technology suppliers, insufficient internal capabilities and digital skills, as well as ethical and regulatory compliance risks associated with the intensive use of data and automated systems.

These factors may affect operational continuity and the ability to adapt in the medium term.
Furthermore, new developments in the energy and telecommunications sectors - such as wireless power transmission, distributed generation and modular systems close to the point of consumption - may have a significant impact on the group’s current business models.

  • Integration of technological risks into continuity and resilience plans, incorporating emerging risks into security analyses.
  • Regular assessment of the robustness and obsolescence of critical systems, including the use of AI, directing investment towards solutions that strengthen stability, security and operational resilience.
  • Strengthening technology governance, monitoring trends and ensuring alignment with corporate strategy.
  • Strengthening coordination with cybersecurity frameworks and prioritising architectures that reduce critical dependencies.
  • Fostering digital talent and capabilities, including AI skills, by integrating the management of critical technology profiles and encouraging continuous adaptation to change.
  • Incorporating principles of data ethics and the responsible use of AI, alongside compliance with the applicable regulatory framework.
  • Technology monitoring, testing and early evaluation of emerging technologies.
Risks associated with climate change

Climate change risks comprise both physical risks associated with modifications in climate parameters (which can directly affect the facilities or impact the services rendered by Redeia) and transition risks (related to changes stemming from the fight against climate change, including regulatory, technological, market, and reputational).

To enhance the management of risks associated with climate change, in 2018, Redeia started working on implementation of the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD). Since then, key actions have been taken to develop and improve this implementation, such as revising the governance model, developing a specific methodology for identification, prioritisation, and economic quantification, considering different scenarios and time horizons, reviewing methodologies, and expanding the analysis to businesses in Latin America and telecommunications.

Tax risks

Our Comprehensive Risk Management System includes relevant tax risks and mechanisms for their mitigation, control, and management.

Find out more about them in our Tax Transparency section

Risk culture

Awareness, training and sensitization are fundamental elements for the development of a risk culture that adapts to the needs and responsibilities of Redeia's functional areas and affected areas.

The company strengthens the risk culture through the continuous development of dissemination, awareness and training actions on the relevance and strategic nature of the Integrated Risk Management System for the members of the organization, among which the following stand out:

  • Inclusion of risk criteria in the development of products and services. Before entering a tender, a risk analysis is performed by Redeia in order to determine whether it is appropriate to proceed with the tendering process.
  • Specific training in relevant areas such as occupational risk prevention, environmental, human rights, cybersecurity, ethics and compliance.
  • Organization of forums aimed at specific groups of the organization with a special involvement in risk management.
  • Publication of informative news on the corporate website and on the intranet.
  • Specific sessions for members of the management body on risk management where both financial and non-financial risks are analyzed.

Redeia provides the company's professionals with the necessary tools to manage possible risk situations in the development of their functions and responsibilities, as well as the appropriate means to communicate any issue related to risks.