To ensure the effectiveness of the Internal Control and Risk Management System (SCIGR, by its acronym in Spanish), a three-level action model has been defined, called three lines of defense, which segregates functions. The first two lines of defense are responsible for containing and reporting to management, while the third reports to the Directors' Committee in accordance with international Corporate Governance best practices.
The Board of Directors and the executive team are key internal stakeholders that are served by the lines of defense and are in the best position to help ensure that the model is also applied to the Company's risk management and control processes.
Risks and opportunities related to the Strategic Plan
The Company seeks protection for all risks that may affect the achievement of business objectives. In January 2020, a new risk taxonomy was approved for the entire Enel Group, consisting of six macro categories: Strategic, Governance and Culture, Compliance, Financial, Operational and Digital Technology. This document also includes 37 subcategories and incorporates ESG risks.
The analysis includes environmental, social and governance (ESG) risks, described in the Main ESG Risks section, which are analyzed by the Risk Control area in conjunction with the Sustainability area, to identify those that affect or could affect the Company's business, according to its materiality.
This involves a comprehensive understanding of the value chain, as well as the multidirectional, dynamic relationships over different time horizons between external variables and each of its stages under different scenarios, considering mega trends and their likely impacts over different time periods.
A structured and systematized theoretical framework is used to identify risks, which considers the contributions of financial analysts, sustainability analysts, perception surveys, guidelines of the Task Force on Climate-related Financial Disclosures (TCFD), results of human rights due diligence, internal, external and ISO audits, among others. For each risk, a probability of occurrence and impact is estimated, with the participation of the business lines and staff areas actively involved, as a way of creating a culture of risk and sustainability. If necessary, actions are agreed upon at different times to mitigate such risks.