Risks <strong>and</strong> risk managementRisks <strong>and</strong> risk managementVattenfall applies conscious <strong>and</strong> balanced risk-takingin which business transactions are reviewed from bothprofitability <strong>and</strong> risk perspectives. In accordance with theSwedish Corporate Governance Code <strong>and</strong> the Board ofDirectors’ Rules of Procedure, Vattenfall’s risk managementframework ensures thorough identification of Vattenfall’srisks <strong>and</strong> acceptable risk exposure. Risks <strong>and</strong> risk managementare part of the financial statements in accordancewith IFRS, which can be found on pages 73–142.Enterprise Risk ManagementEnterprise Risk Management (ERM) at Vattenfall is a systematic <strong>and</strong>structured process of identifying, analysing <strong>and</strong>, above all, managingrisks at an early stage that could have a negative impact onVattenfall’s business operations. The aim of ERM is to improve thebusiness operations <strong>and</strong> optimise risk management. Vattenfall basesits ERM on the risk management st<strong>and</strong>ards of the Committee ofSponsoring Organizations of the Treadway Commission (COSO) <strong>and</strong>coordinates the process with the company’s financial <strong>report</strong>ing.Vattenfall’s risk management process quantifies <strong>and</strong> compares riskswith respect to both financial <strong>and</strong> non-financial consequences (suchas reputation, environment, health <strong>and</strong> safety). After aggregating therisks, a composite overview is made of Vattenfall’s risk situation <strong>and</strong>the potential financial impact is coupled to relevant financial key datainformation that is used for the financial governance of the company.Vattenfall is exposed to three main categories of risk:Strategic risk – such as a change in political control <strong>and</strong> changes inlegislation <strong>and</strong> rules <strong>and</strong> regulations governing the energy industry.Operational risk – such as risks associated with operation <strong>and</strong>maintenance of electricity <strong>and</strong> heat production plants, high processsafety, supplier cooperation, <strong>and</strong> competence succession <strong>and</strong> planning.Financial risk – such as currency risk, interest rate risk, electricityprice risk, fuel price risk, <strong>and</strong> credit <strong>and</strong> liquidity risks.Selected examples of risks that Vattenfall is exposed to <strong>and</strong> how thecompany manages these are provided on the following pages.Enterprise Risk ManagementStrategic risk Operational risk Financial riskFinancialrisk (short- tomedium-term)Risks in operational assets <strong>and</strong>infrastructure, <strong>and</strong> personnel <strong>and</strong>organisational risks (short- to long-term)Risk for changes in political control, changes in publicopinion, changes in rules <strong>and</strong> regulations, <strong>and</strong> risk inchoice of technology (medium- to long-term)Examples of risksElectricity price riskFuel price riskVolume riskCredit riskOperational asset riskSecurity riskPersonnel riskLegal riskTax riskPolitical riskInvestment riskLiquidity riskInterest rate riskCurrency riskPrice risk in equitiesExamples of risk mitigationHedging of electricity <strong>and</strong> fuel pricesEffective management of debt portfolioAnalysis <strong>and</strong> selection of counterpartiesRisk m<strong>and</strong>ateMaintenance <strong>and</strong> renewalsOptimisation of asset managementInsuranceHigh process safetyInternal governance <strong>and</strong> controlSuccession <strong>and</strong> competence planningActive business intelligence activitiesDiversified <strong>and</strong> sustainable production portfolioScenario analyses in the strategic processThis illustration above shows Vattenfall’s general risk structure <strong>and</strong> indicates a relative net exposure/impact on the value of Vattenfall’s production<strong>and</strong> distribution portfolio after suitable risk mitigation actions have been taken.66 Vattenfall Annual <strong>and</strong> <strong>sustainability</strong> <strong>report</strong> <strong>2014</strong>
Risks <strong>and</strong> risk managementStrategic riskVattenfall is exposed to a number of different factors that are difficult to influence. To manage strategic risk, Vattenfall relies on scenario analyses<strong>and</strong> business intelligence activities as well as on risk diversification in the production <strong>and</strong> distribution portfolios with respect to markets as wellas to sources of energy.RiskPolitical riskBusiness risk that can arise as a result ofpolitical decisions or changes in the laws,rules <strong>and</strong> regulations that govern the energyindustry.Risk managementVattenfall conducts active business intelligence <strong>and</strong> related activities to mitigate political risk.In addition, Vattenfall belongs to various national <strong>and</strong> international trade organisations in orderto promote the company’s interests.Investment riskThere are several different types of investmentrisks, including procurement risk,market risk, risk in choice of technology, <strong>and</strong>risk of changes in environmental permits.Vattenfall is a highly capital-intensive company with an extensive investment programme. Thecompany has a very thorough project management process in which risk assessment is anintegrated part. Before every investment decision, the risk unit performs an independent review ofobligations <strong>and</strong> transactions. In addition to a strategic investment roadmap, a detailed investmentplan is updated yearly to provide the Executive Group Management (EGM) with guidance in theinvestment decision process.Operational riskIn the course of its operations, Vattenfall is exposed to a range of operational risks, such as in plants, infrastructure, personnel <strong>and</strong> organisation.RiskOperational asset riskRisks associated with the operation ofelectricity <strong>and</strong> heat production plants, opencast lignite mines, <strong>and</strong> damage to distributionnetworks.Risk managementAn important part of the management of operational asset risks involves a rolling inspectionprogramme, continuous control of plant conditions, <strong>and</strong> effective maintenance. Nuclear powersafety <strong>and</strong> dam safety are special focus areas for Vattenfall’s Safety <strong>and</strong> Risk Committee.Vattenfall’s Chief Nuclear Safety Officer (CNSO) is responsible for overseeing nuclear powersafety at the Group level. Vattenfall’s ambition is to be world-leading in nuclear power safety bypromoting a strong safety culture, by having competent employees <strong>and</strong> by establishing clear<strong>and</strong> effective processes.Environmental riskEnvironmental impacts take place primarilythrough emissions to air, water <strong>and</strong> soil, <strong>and</strong>the production of waste.Vattenfall’s Environmental Management System lays out how environmental work is to beorganised <strong>and</strong> conducted throughout the Group <strong>and</strong> is integrated with Vattenfall’s overarchingmanagement system. The Group-wide <strong>sustainability</strong> targets in the environmental areaare broken down into regional <strong>and</strong> local environmental targets <strong>and</strong> activities. Read more aboutVattenfall’s <strong>sustainability</strong> targets on page 23. Identification <strong>and</strong> management of environ mentalrisks are h<strong>and</strong>led by the respective units, <strong>and</strong> <strong>report</strong>ing is conducted via the Group-wide risk<strong>report</strong>ing system. Environmental risk management is also closely linked with the <strong>report</strong>ing onenviron mental accidents <strong>and</strong> incidents, which is presented to the EGM monthly.Security riskFraud <strong>and</strong> other types of security risk.Vattenfall works with loss prevention <strong>and</strong> mitigating security measures to protect the Group’sassets, IT systems, information, personnel <strong>and</strong> continuing operations. The Group ensures thatassets <strong>and</strong> information are protected from improprieties <strong>and</strong> fraud, among other things byadherence to the “four eyes principle”, entailing that decisions must be approved by at leasttwo persons unless special exceptions exist.Supplier riskRisks in the supply chain that could have anegative impact on the company’s business,reputation <strong>and</strong> financial results.Vattenfall has a Code of Conduct for Suppliers <strong>and</strong> performs risk assessments <strong>and</strong> reviews of itssuppliers. Read more about Vattenfall’s work within the supply chain on page 51.Vattenfall Annual <strong>and</strong> <strong>sustainability</strong> <strong>report</strong> <strong>2014</strong> 67