Risk governance

Risk governance

When developing and implementing Stedin Group's strategy, the Executive Board pays a great deal of attention to the risks and opportunities associated with this. The Executive Board is ultimately responsible for the implementation of risk management, together with the management of the various business units.

Corporate Risk Management is responsible for the policy frameworks, the coordination as well as the reporting of the risk management process. Stedin Group's Enterprise Risk Management (ERM) framework contains both long-term and short-term uncertainties. These uncertainties are always taken into account when making plans for the long term (the strategy) and the short term (the annual plans).

BCM covers the company-wide approach to continuity management. The approach focuses on the scope for ensuring that Stedin's primary services are maintained in case of a disruption. This not only concerns calamities in relation to electricity and gas, but also, for example, IT and telecom failures and the supervision of large public events.

Stedin Group applies various ISO standards for the certification of the management system. These standards are aimed at managing and improving various aspects and processes within our organisation. Designing, maintaining and external auditing of the management system by a certifying institution contributes to managing risks.

The Stedin Group Security Office is responsible for ensuring an integral approach to physical and digital security. This improves our defences against physical and digital threats to our grids. The Security Office also contributes to the availability and safety of the services provided by Stedin Group.

Privacy concerns the protection of personal data and is laid down in European privacy legislation. The Stedin Group Privacy Office (PO) has developed policy and guidelines with associated tools to ensure compliance with this applicable legislation. Stedin has established a data breach reporting centre and has appointed a Data Protection Officer, while privacy coordinators are provided for each department.

The Compliance & Integrity (C&I) function is tasked with ensuring that the organisation complies with external and internal laws and regulations. C&I provides the organisation with instruments in the shape of a framework of standards (code of conduct and guidelines), a reporting centre and training (including training for increasing awareness). The C&I is also tasked with handling incidents reported and occurring within the organisation.

The Treasury department is responsible for the management of capital as well as financial risks including market risks, credit risks and liquidity risks of Stedin Group. The Treasury department also handles the internal financing of wholly-owned subsidiaries. The control principles for the aforementioned risks are laid down in the Treasury Charter, as adopted by the Board of Management. The Treasury Charter describes, amongst other things, the risk appetite and the instruments available for managing risks.