The policy of value creation that motivates the Prysmian Group has always been based on effective risk management. Since 2012, by adopting the provisions on risk management introduced by the "Italian Stock Exchange Self-Regulatory Code for Listed Companies - Ed. 2014" (Self-Regulatory Code), Prysmian has taken the opportunity to strengthen its model governance and implement an advanced system of Risk Management that promotes proactive management of risks using a structured and systematic tool to support the main business decision-making processes. In fact, this Enterprise Risk Management (ERM) model, developed in line with internationally recognised models and best practice, allows the Board of Directors and management to consciously evaluate the risk scenarios that could compromise achievement of the strategic objectives and to adopt additional tools able to anticipate, mitigate or manage significant exposures.
The Group Chief Risk Officer (CRO), designated to govern the ERM process, is responsible for ensuring, together with management, that the main risks facing Prysmian and its subsidiaries are promptly identified, evaluated and monitored over time. A special Internal Risk Management Committee (consisting of the Group's Senior Management) also ensures, through the CRO, that the ERM process is developed in a dynamic way by taking account of changes in the business, of needs and events that have an impact on the Group over time. The CRO reports periodically (at least twice a year) on such developments to the top management. Please refer to the "Corporate Governance" section of this report for a discussion of the governance structure adopted and the responsibilities designated to the bodies involved.
The ERM model adopted (and formalised within the Group ERM Policy issued in accordance with the guidelines on the Internal Control and Risk Management System approved by the Board of Directors on 25 February 2014) follows a top-down approach, whereby it is steered by Senior Management and by medium to long-term business objectives and strategies. It extends to all the types of risk/opportunity for the Group, represented in the Risk Model - shown in the following diagram - that classifies the risks of an internal or external nature characterising the Prysmian business model in five categories:
- Strategic Risks: risks arising from external or internal factors such as changes in the market environment, bad and/or improperly implemented corporate decisions and failure to react to changes in the competitive environment, which could therefore threaten the Group's competitive position and achievement of its strategic objectives;
- Financial Risks: risks associated with the amount of financial resources available, with the ability to manage currency and interest rate volatility efficiently;
- Operational Risks: risks arising from the occurrence of events or situations that, by limiting the effectiveness and efficiency of key processes, affect the Group's ability to create value;
- Legal and Compliance Risks: risks related to violations of national, international and sector-specific legal and regulatory requirements, to unprofessional conduct in conflict with company ethical policies, exposing the Group to possible penalties and undermining its reputation on the market;
- Planning and Reporting Risks: risks related to the adverse effects of incomplete, incorrect and/or untimely information with possible impacts on the Group's strategic, operational and financial decisions.
Members of management involved in the ERM process are required to use a clearly defined common method to measure and assess specific risk events in terms of Impact, Probability of occurrence and adequacy of the existing Level of Risk Management, meaning:
- economic-financial impact on expected EBITDA or cash flow, net of any insurance cover and countermeasures in place and/or qualitative type of impact on reputation and/or efficiency and/or business continuity, measured using a scale that goes from negligible (1) to critical (4);
- probability that a particular event may occur within the specific planning period, measured using a scale that goes from remote (1) to high (4);
- level of control meaning the maturity and efficiency of existing risk management systems and processes,
measured using to a scale that goes from adequate (green) to inadequate (red).
The overall assessment must also take into account the future outlook for risk, or the possibility that in the period considered the exposure is increasing, constant or decreasing.
The results of measuring exposure to the risks analysed are then represented on a 4x4 heat map diagram, which, by combining the variables in question, provides an immediate overview of the risk events considered most significant.
Risk assessment criteria
This comprehensive view of the Group's risks allows the Board of Directors and Management to reflect upon the level of the Group's risk appetite, and so identify the risk management strategies to adopt, meaning the assessment of which risks and with what priority it is thought necessary to improve and optimise mitigation actions or simply to monitor the exposure over time. The adoption of a particular risk management strategy, however, depends on the nature of the risk event identified, so in the case of:
- external risks outside the Group's control, it will be possible to implement tools that support the assessment of scenarios should the risk materialise, by defining the possible action plans to mitigate impacts (eg. continuous monitoring activities, stress testing of the business plan, insurance cover, disaster recovery plans, and so on);
- risks partially addressable by the Group, it will be possible to intervene through systems of risk transfer, monitoring of specific indicators of risk, hedging activities, and so on;
- internal risks addressable by the Group, it will be possible, being inherent in the business, to take targeted actions to prevent risk and minimise impacts by implementing an adequate system of internal controls and related monitoring and auditing.
ERM is a continuous process that, as stated in the ERM Policy, forms part of the Group's three-year strategic and business planning process, by identifying potential events that could affect sustainability, and that are updated annually with the involvement of key members of management.
In 2014 this process involved more than 30 business managers, allowing the most significant risk factors to be identified and assessed; the main information emerging from this process, along with the strategies adopted to mitigate the impacts, are reported in the following paragraphs.
The classification used in the Risk Model just described is used to discuss the significant risk factors for each category and the strategies adopted to mitigate such risks. Financial risks are discussed in detail in the Explanatory Notes to the Consolidated Financial Statements in Section D (Financial Risk Management). As stated in the Explanatory Notes to the Consolidated Financial Statements (Section B.1 Basis of preparation), the Directors have assessed that there are no financial, operating or other kind of indicators that might provide evidence of the Group's inability to meet its obligations in the foreseeable future and particularly in the next 12 months. In particular, based on its financial performance and cash generation in recent years, as well as its available financial resources at 31 December 2014, the Directors believe that, barring any unforeseeable extraordinary events, there are no significant uncertainties, such as to cast significant doubts upon the business's ability to continue as a going concern.