The generation of value and the sustainability of the businesses in which we participate are a commitment in our Organization. To achieve this end, comprehensive risk management is a priority principle in the actions of all our employees; it allows us to plan events that may significantly affect us and prepare to mitigate their impacts, thus reducing uncertainty in decision making. In this way, we obtain reasonable security in achieving the objectives.
At Celsia we identify opportunities to enhance and manage them correctly.
Our risk-management methodology includes the permanent identification, measurement, treatment and monitoring of the risks to which we are exposed. It aims to agilely and proactively evaluate the favorable and unfavorable impacts that may affect the achievement of the strategic objectives and business performance.
The Comprehensive Risk Management System (CRMS) focuses on identifying the most relevant risks in the strategy to address the incidence and criticality of the impacts on our objectives in:
During 2019 we identified global trends with influence on our businesses and create value from them:
updated subprocesses in risk matrices.
finalized action plans associated with risk treatment with high effectiveness.
risk-management workshops in processes, projects, new businesses and business continuity.
of the risk managers trained in the updating of the Governance Portal – Protiviti tool.
progress in the implementation of the Business Continuity Plan.
At Celsia, we continuously carry out interdisciplinary work to identify and evaluate the Company’s strategic and emerging risks:
Risk Governance
- Ensure the implementation of the CRMS.
- Approve the policy.
- Approve the risk appetite.
- Respond to the Board of Directors and Shareholders for the implementation of the CRMS.
- Report on the risk profile.
- Report on the status of the risk-mitigation plans.
- Report on the operation of the CRMS in the processes.
- Alert about new identified risks.
- Construct and update the risk maps and controls of their processes.
- Provide support to the training in and diffusion of the risk culture.
- Assist the Board of Directors and in all the responsibilities related to the supervision of the CRMS.
- Monitor the risk map.
- Apply integral risk management in accordance with the policy and methodology.
- Alert about possible risks in their processes.
- Report risk events.
- Design and lead the implementation of the Risk Policy, processes and methodology.
- Monitor the effective administration of the risks.
- Implement the risk-management methodology and support the processes.
- Evaluate the efficiency and effectiveness of the CRMS.
- Issue recommendations to improve the operation of the CRMS.
- Monitor risk-mitigation plans.
- Evaluate the operation of the controls.
Risk Culture
To generate awareness and appropriation against risks.
As a preventive measure of the cyber risk; help to make employees aware of the importance of protecting information and using the best security practices.
This prepares us to control and mitigate adverse events.
Likewise, we continued the conversation sessions called Let’s Talk about Risks; the Strategic Supply process had a discussion about risks with 24 suppliers from Antioquia.
We constantly have the accompaniment of risk specialists and share best practices. Last year we had the participation of an expert advisor on risks and claims related to renewable energies in the world, a key issue in the diversification of our business and in compliance with our MEGA (Big and Strategic Goal).
(102-15)
Those potential events that may threaten compliance with our MEGA, our strategy and the guidelines of our Board of Directors; among them are:
- Culture and human talent.
- Regulatory.
- Political risk.
- Technology.
- Climate variability.
- Projects.
- Commercial.
- Fuel.
- Obsolescence of assets.
- Cybersecurity.
- Demand.
- Financial.
- Acquisitions.
- Supply and distribution chain.
- Competitors.
- Energy portfolio.
- Social.
- Reputation.
(C-RI1)
Those risks recently identified and that could have an impact on both the Organization and the industry, within a time horizon of approximately three to five years; some of their consequences may start impacting business performance today.
Some of these emerging risks are:
The electric-energy industry is changing rapidly: new customer requirements demand innovative, efficient and environmentally friendly products; clients who are close to consumption centers and who behave like producers and consumers at the same time.
The most important changes are evident in distributed power generation, in particular self-generation with photovoltaic solar roofs. Thus, clients become “prosumers”: their self-generation reaches them for their consumption and for the marketing of surpluses.
This situation decreases the income of public-utility companies and threatens the traditional business. The trend of increasing energy-storage technology is also noted, which will allow clients to save their generation surpluses to use them when their demand requires it.
The decrease in income for the energy-generation and commercialization businesses, especially in the Industry and Household segments.
We are turning this risk into an opportunity by providing our clients with the following business models:
- We develop photovoltaic solar energy projects in companies, real-estate and commercial projects and logistics complexes. Our innovative Business Model Power Purchase Agreement (PPA) makes our clients pay for the kWh consumed or generated at rates free of fluctuation in the price of energy, allowing them to take advantage of surpluses.
- We develop a new solution for our residential clients, through which they have the possibility of being part of the new trends in sustainable consumption with the self-generation of photovoltaic solar energy. We accompany them in the designs, procedures and in the assembly of their system; thus, they can enjoy sustainable energy in their homes. In 2019 we installed 102 kWp in residential clients, which will produce clean energy for 20 families.
For this we require:
- Strengthening of commercial skills.
- Permanent innovation.
- Market intelligence.
- Technological surveillance.
The trend to build smart cities with an integrating vision; its purpose is to connect people, information and its elements through technology. These cities demand high-quality, sustainable public services that respect non-renewable natural resources and provide a memorable service. Under this concept, companies from different economic sectors (communications, technology, software and public services) compete for the provision of services with disruptive business models. If a company does not match its capabilities, it may be excluded or limited to the traditional role, without the possibility of growth. Distributed generation and storage of energy can be the most popular components in a smart city, activities that generate a decrease in demand and a loss of conventional energy customers.
Decrease in income for the energy-generation and commercialization business, due to reduced demand and clients served in the Cities, Companies and Household segments through commercialization of conventional energy.
We adapt our commercial structure to meet the requirements of cities through a specific area for it, in order to create innovative responses to products and services. We are the ally of Serena del Mar, the proposal of the dream city in Cartagena, where we are offering public services and other products that guarantee comfort, well-being and quality of life:
- Energy.
- Sewage system.
- Cleaning services.
- Telecommunications.
- Thermal districts.
New Challenges
- Short Term0 to 2 years
- Medium Term3 to 5 years
- Long Term6 years or more
Advance in the quantitative analysis of the valuation of relevant strategic and operational risks.
Begin identifying correlations between strategic risks and operational risks.
Finalize the implementation of the Business Continuity Plan in the 100% of the Organization.
Validate the effectiveness of the Crisis-Management Plan by having drills.
Review the current transfer and retention mechanisms in risk management.
Strengthen the opportunity-management methodology by establishing clear parameters to identify and evaluate initiatives that maximize the economic benefits for the Company.
Strengthen the culture of risk and opportunity management throughout the Organization.
Continue with the implementation of emergency plans and disaster response in our facilities in accordance with Decree 2157 of 2017.
Review the efficiency of controls and action plans at risk related to compliance (fraud, bribery, corruption and money laundering).
Strengthen strategic risk assessment and correlation exercises by implementing mathematical risk-measurement and quantification models for the adoption of appropriate mitigation strategies.
Optimize the Risk-Management Model with the appropriate transfer and retention mechanisms.
Lead the Organization towards a trend-management approach, strengthened in risk-assessment methodologies, with an implemented correlation model between strategic-operational risks and with an implemented and tested Business Continuity Plan.
Glossary
Comprehensive Risk Management System (CRMS)
A systematic application of policies, procedures and practices for the identification, analysis, evaluation, treatment, follow-up and review of risk, communication and monitoring.
Governance Portal – Protiviti
A tool that allows the registration of strategic and operational risks, as well as their administration and its controls, and the registration and monitoring of action plans to mitigate risks.
MEGA
A Big and Ambitious Goal that provides strategic guidelines to the Organization.
Self-Generation
Electric power generation carried out in the home, school or business. As a requirement to inject it into the grid, it must have been generated using non-conventional renewable energy. Self-generated energy will supply part of the total electrical consumption.