Internal Control and Risk Management System

The Internal Control and Risk Management System (“SCIGR”) consists of the set of rules, procedures, and organisational entities aimed at allowing the main corporate risks within the Group to be identified, measured, managed and monitored.

Main ESG risk types

Due to the nature of its business and geographic presence, the Group is exposed to various types of environmental, social and governance-related (ESG) risks, of which the main types are indicated in the table below, together with the activities for mitigating their effects and ensuring their proper management

The following was considered in identifying potential risks:

  • the results of the materiality analysis (see the section “At a Glance” - “Definition of priorities” and the Methodological note in this document);
  • the 2020 Global Risk Report of the World Economic Forum (WEF), involving more than 1,000 experts and leaders from around the world;
  • the risk assessment carried out as part of Enel’s due diligence process on human rights, which involved a wide range of experts from different sectors, including civil society, academic institutions, local communities, customers and suppliers, in the various countries where the Group operates;
  • the analyses of some of the world’s most highly acclaimed ESG rating agencies, which use specific risk assessment systems to rate companies’ sustainability performance.

The risks identification from the analysis of these results, which gather the level of risk perceived by the relevant external stakeholders, is aligned with the overall identification of the risks carried out by Enel to select the main risks (financial, strategic, governance, operational, digital and compliance) to which it may be exposed and which require continuous monitoring through the internal auditing process. Moreover, in the risk identification and assessment stage, the “Precautionary Principle”(1) was applied, particularly to risks relating to the environment, health and safety. For each type of risk, specific actions have been identified to mitigate their effects and ensure their proper management. Enel also applies this principle to risk management, especially with regard to the development and introduction of new products/technologies, planning of operating activities and the construction of new plants/assets.

(1) Rio Declaration on the Environment and Development (Rio de Janeiro, June 3-14, 1992), Principle 15.