Risk Management
(GRI 1.2, 4.11)
According to the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the basic premise of Risk Management is that the organization exists to create value for its stakeholders. All companies are faced with uncertainties, and management's challenge is to determine to what extent those uncertainties should be accepted and how they may affect the company's effort to create value for its stakeholders.
Managing corporate risks allows executives to deal efficiently with uncertainties, as well as the risks and opportunities associated with them, to increase their ability to create value for the company, which is maximized when the organization adopts strategies and sets goals to reach the ideal balance between growth targets and shareholder return.
Because this is such an important issue, CTEEP introduced its Integral Risk Management (IRM) policy in 2008, following ISA's guidelines. Since then, the Company itself has been managing the main risks involved in its macro activities.
CTEEP's IRM is intended to guide and control processes and activities by continuously assessing the risks to which the Company is exposed, thus safeguarding corporate integrity, preventing negative impacts and ensuring business efficiency.
In 2013, IRM underwent significant changes reflected in the Company's risk map.
This update was mainly due to two factors. On the one hand, the renewal of CTEEP's concession contract, in December 2012, led to a complete change in the assessment scale for financial resources. The other factor was an effort to adapt IRM to the ISO 31000 standard better, which resulted in a revision of the whole IRM cycle. This made it a more dynamic tool, with a change mainly in the PDCA (Plan, Do, Check and Act) cycle of risk management (as seen below), where the ''communication and dissemination'' and ''monitoring and revision" stages now run parallel to the others.
As a result of these changes, many risks previously assessed as mild are now considered moderate or even critical, such as, trespassing on rights of way.
In addition, new scenarios were identified and incorporated into CTEEP's risk map, for example, the ''social and political'' risk, in response to demonstrations or crimes that may damage the Company's infrastructure.
CTEEP's new risk management methodology also involved identifying administrative measures that may be adopted to allow finding controls not yet applied that may decrease the possibility that these risks may materialize. These measures were listed in 2013 and will be considered by risk managers so that the IRM tools can effectively identify, prioritize and manage the organization's exposure to different risks that may affect its business.
In addition to the above-mentioned revisions, CTEEP has been adopting the methodological guidelines and aspects established by COSO and the Sarbanes-Oxley Act. As a result, CTEEP checked in 2013 which principles of the COSO recommendations were already followed and which were not, mainly those related to assessing the possibility that a given risk will materialize. This adaptation is expected to continue in 2014 until all principles are incorporated.
Therefore, CTEEP's risk matrix consists currently of 18 risks, eight of which are rated as priority risks, four as moderate risks and six as low risks, in four broad categories: Vicinity; Strategic; Financial and Operational.
Vicinity Risks Related to the area in which CTEEP performs its activities |
Strategic Risks Events that may impact strategic goals |
Financial Risks Situations that may negatively impact the Company's financial indicators |
Operational Risks Events that may adversely affect the Company's operations |
Vicinity Risks
The following risk indicators are monitored: environmental damage, environmental phenomena or external physical agents; trespassing on rights of way, equipment damage or failure; and social and political factors.
Strategic Risks
Regulatory risks are the main strategic risks for CTEEP. Growth risks, which involve tariff issues, and reputation risks are also monitored.
Financial Risks
Financial risks are those involving a lack of cash or transaction fraud. Governance, pension plan, construction and project delay risks also fall under this category.
Operational Risks
These risks involve: human or procedure failures; interruptions of information technology and communication services; occupational accidents, unethical or unlawful behavior; human capital and; poor supplier management.
©Copyright 2014 CTEEP
Company Paulista Electric Energy Transmission
Rua Casa do Ator, 1.155 - 04546-004 - Vila Olimpia
São Paulo - SP - Brazil - Phone: +55 11 3138-7000