The generation of value and the sustainability of the businesses in which we participate are a commitment in our Organization. To achieve this end, comprehensive risk management is a priority principle in the actions of all our employees; it allows us to plan events that may significantly affect us and prepare to mitigate their impacts, thus reducing uncertainty in decision making. In this way, we obtain reasonable security in achieving the objectives.
Our risk-management methodology includes the permanent identification, measurement, treatment and monitoring of the risks to which we are exposed. It aims to agilely and proactively evaluate the favorable and unfavorable impacts that may affect the achievement of the strategic objectives and business performance.
The Comprehensive Risk Management System (CRMS) focuses on identifying the most relevant risks in the strategy to address the incidence and criticality of the impacts on our objectives in:
During 2019 we identified global trends with influence on our businesses and create value from them:
updated subprocesses in risk matrices.
finalized action plans associated with risk treatment with high effectiveness.
risk-management workshops in processes, projects, new businesses and business continuity.
of the risk managers trained in the updating of the Governance Portal – Protiviti tool.
progress in the implementation of the Business Continuity Plan.
At Celsia, we continuously carry out interdisciplinary work to identify and evaluate the Company’s strategic and emerging risks:
Risk Governance
Risk Culture
To generate awareness and appropriation against risks.
As a preventive measure of the cyber risk; help to make employees aware of the importance of protecting information and using the best security practices.
This prepares us to control and mitigate adverse events.
Likewise, we continued the conversation sessions called Let’s Talk about Risks; the Strategic Supply process had a discussion about risks with 24 suppliers from Antioquia.
We constantly have the accompaniment of risk specialists and share best practices. Last year we had the participation of an expert advisor on risks and claims related to renewable energies in the world, a key issue in the diversification of our business and in compliance with our MEGA (Big and Strategic Goal).
(102-15)
Those potential events that may threaten compliance with our MEGA, our strategy and the guidelines of our Board of Directors; among them are:
- Culture and human talent.
- Regulatory.
- Political risk.
- Technology.
- Climate variability.
- Projects.
- Commercial.
- Fuel.
- Obsolescence of assets.
- Cybersecurity.
- Demand.
- Financial.
- Acquisitions.
- Supply and distribution chain.
- Competitors.
- Energy portfolio.
- Social.
- Reputation.
(C-RI1)
Those risks recently identified and that could have an impact on both the Organization and the industry, within a time horizon of approximately three to five years; some of their consequences may start impacting business performance today.
Some of these emerging risks are:
New Challenges
- Short Term0 to 2 years
- Medium Term3 to 5 years
- Long Term6 years or more
Advance in the quantitative analysis of the valuation of relevant strategic and operational risks.
Begin identifying correlations between strategic risks and operational risks.
Finalize the implementation of the Business Continuity Plan in the 100% of the Organization.
Validate the effectiveness of the Crisis-Management Plan by having drills.
Review the current transfer and retention mechanisms in risk management.
Strengthen the opportunity-management methodology by establishing clear parameters to identify and evaluate initiatives that maximize the economic benefits for the Company.
Strengthen the culture of risk and opportunity management throughout the Organization.
Continue with the implementation of emergency plans and disaster response in our facilities in accordance with Decree 2157 of 2017.
Review the efficiency of controls and action plans at risk related to compliance (fraud, bribery, corruption and money laundering).
Strengthen strategic risk assessment and correlation exercises by implementing mathematical risk-measurement and quantification models for the adoption of appropriate mitigation strategies.
Optimize the Risk-Management Model with the appropriate transfer and retention mechanisms.
Lead the Organization towards a trend-management approach, strengthened in risk-assessment methodologies, with an implemented correlation model between strategic-operational risks and with an implemented and tested Business Continuity Plan.
Glossary
Comprehensive Risk Management System (CRMS)
A systematic application of policies, procedures and practices for the identification, analysis, evaluation, treatment, follow-up and review of risk, communication and monitoring.
Governance Portal – Protiviti
A tool that allows the registration of strategic and operational risks, as well as their administration and its controls, and the registration and monitoring of action plans to mitigate risks.
MEGA
A Big and Ambitious Goal that provides strategic guidelines to the Organization.
Self-Generation
Electric power generation carried out in the home, school or business. As a requirement to inject it into the grid, it must have been generated using non-conventional renewable energy. Self-generated energy will supply part of the total electrical consumption.