RISK MANAGEMENT

GRI 102-11, 102-15, 103-2
 
Based on an annual review of the internal control and risk management systems, the PGNiG Group does not operate a comprehensive corporate risk management system. At the PGNiG level, risk management processes are formalised and defined for key business areas. 

Risks are identified, addressed and assessed in accordance with the methodologies and assessment scales adopted in respective business areas. Risk management processes in particular areas are based on internally developed risk models and records, and risk management processes are identified and submitted for assessment to representatives of individual organisational units (management staff).

However, the Company recognises the need to build a comprehensive and integrated risk management system, encompassing business and non-financial risks, especially environmental and climate risks. At the strategic level, the Company is pursuing a process mapping project across the PGNiG Group. It is expected that the project will also cover the defining and structuring of a process integrating risk management at the PGNiG Group level.

The transition to a low-carbon economy and the achievement of global targets for reducing the impact of climate change requires risk management to take into account risks to sustainable development.

With respect to non-financial risk management, the PGNiG Group is determined to minimise the possibility of non-financial risks inherent in business activities materialising.

Due to the Group’s extensive organisational structure and multiple simultaneous processes, the Management Board members are therefore the owners of risk management in specific areas, in accordance their respective competencies. Risk management is supported by the certified QHSE Management System implemented at PGNiG S.A., making it possible to identify, assess and monitor process risks, while specific measures are governed by the Process Risk Management Procedure.

Under applicable regulations, all business processes are subject to an analysis identifying and assessing any risks which could possibly interfere with the delivery of set objectives. Risk assessment is performed against a matrix based on a three-step scale used to define the measures to be taken in order to mitigate risks and reduce the likelihood of their occurrence. A detailed risk analysis is carried out at least once a year, with the participation of owners of respective processes. Risks are analysed and parametrised based on place of occurrence, potential causes and impact, as well as probability of its occurrence. At the same time, the analysis takes into account the mechanisms currently applied to prevent materialisation of risks and mitigate the potential impact of risk events.

The risk management system is subject to ongoing improvement and assessment with regard to the effectiveness of preventive measures taken to minimise the potential impact of risk events. When looking at the number of identified non-financial risks in particular years, the PGNiG Group has seen a slight downward trend with respect to new risks. This is due to the choice of correct preventive measures making risk management efforts more effective. At the same time, the PGNiG Group expands the list of events which may turn into potential risks in the future. For any identified risks, the PGNiG Group determines the measures to be taken to drive down the risk level or, where risk mitigation measures have been exhausted, decides to accept such risks. Those residual risks are subject to ongoing monitoring to prevent their materialisation.

Non-financial risk management model