Enterprise Risk Management (ERM)
In the world of business, creating sustainable value for stakeholders brings inherent risks. Trenord therefore ensures that the company is run in a consistent manner with regard to its mission and objectives (strategic, operational and compliance), cultivating an adequate risk and opportunity management process within its business operations.
Trenord is acutely aware that risk management is one of the key elements underpinning any decision-making and business process. As a result, it has long applied an Enterprise Risk Management (hereinafter referred to as "ERM") model, inspired by national and international best practices in the field of "Internal Control and Risk Management Systems" (ICRMS). Through a structured and systematic process of Risk & Opportunity Assessment, monitoring and reporting, this model allows for effective management of the main corporate risks and opportunities.
This model is subject to continuous quality review, allowing it to gradually evolve into a structured and systematic risk management system, aligned with the best practices adopted by internationally recognised companies.
Enterprise Risk Management encompasses all the roles, responsibilities, processes and procedures that are involved in defining and executing the strategy, as well as in conducting special projects and any normal business activities. The overarching goal is to protect the creation of long-term sustainable value and provide reasonable assurance on the achievement of the Organisation's objectives.
Main Objectives
- to define a methodology and suitable tools and models for the purpose of understanding, evaluating and managing the risks and opportunities to which the organisation is exposed;
- to support the strategic decision-making process and managerial choices in pursuit of the company's objectives, providing the company with appropriate information regarding risks/opportunities, the possible consequences of management options, the interrelationships and the strategic objectives;
- to strengthen the risk culture at all levels of the organisation, raise awareness of choices and risks/opportunities, and reinforce the technical and operational skills related to this matter.
Reference Principles
The company identifies and addresses risks and opportunities on an ongoing basis – focusing on the most important aspects to achieve corporate objectives and strategies – to provide the Board of Directors and senior management with useful information for making decisions based on the risk assessments.
Every level of the company (from Top Management to Line Management) takes a proactive approach to identifying, assessing and managing risks and opportunities.
In its leading role, management oversees risks and opportunities on a daily basis, in line with the company's situation, and is required to communicate any emerging risks and opportunities deemed relevant for the company.
The adoption of an ERM model helps to create awareness within the organisation, and to spread and strengthen a culture of risk and opportunity management across all managerial levels.
Risk Governance
The governance model adopted by Trenord assigns the following specific responsibilities to the various parties involved:
Board of Directors
- Directs, supervises and evaluates the effectiveness and suitability of the Internal Control and Risk Management System, as well as the process and methodology adopted to identify, assess and manage risks and opportunities.
- The board is the main proponent of the ERM model, and is responsible for defining the appropriate risk appetite for the company's strategic objectives.
CEO
- Oversees the risk and opportunity management process.
- The CEO implements the guidelines defined by the Board of Directors by managing the Internal Control and Risk Management System and constantly verifying its adequacy and effectiveness.
- They also periodically review and approve the organisation's overall exposure to risks and opportunities.
ESG Committee
Oversees the "Double Materiality" analysis process, developing and promoting actions to manage current and future sustainability impacts, risks and opportunities.
Director of Internal Audits, Compliance and Risk Management
- Supports the company's top management and management in evaluating the adequacy and functioning of the Internal Control and Risk Management System;
- Discusses and validates the results of the Risk & Opportunity Assessment, proposing any changes/follow-ups to the assessments;
- Coordinates and supervises the risk assessment activities conducted by the various other functions, ensuring the integration of the results within the ERA.
Internal Audit Function
- Provides an independent and objective assessment of the efficiency, effectiveness and adequacy of the Internal Control and Risk Management System;
- Develops actions to improve the Internal Control and Risk Management System, supporting management in their implementation and monitoring.
Risk Management Function
- Establishes standards and updates the tools and methodology for the identification, assessment, management and monitoring of risks/opportunities and related treatment measures/enabling actions;
- Coordinates and provides support in the periodic Risk & Opportunity Assessment activities at the company-wide level;
- Acts as a facilitator;
- Organises and manages risk/opportunity reporting;
- Contributes to spreading a risk culture at all levels of the organisation.
Corporate and Line Management (so-called Risk/Opportunity Owner)
Holds primary responsibility for the identification, assessment, management and monitoring of risks and opportunities within its scope and the related treatment measures/enabling actions, with the support of the Risk Management Function.
Risk & Opportunity Model
Trenord has adopted a Risk & Opportunity Model: a tool created to facilitate the identification of risks and opportunities and awareness of the organisation's risk/opportunity areas, which provides for the classification of risks and opportunities into 4 categories:
- Strategic: risks/opportunities capable of influencing the achievement of the organisation's strategic objectives and/or significantly impacting the business model and its concrete applicability, or resulting from strategic decisions undertaken with regard to the organisational structure and the organisation;
- Financial: risks/opportunities connected to the availability of capital, the management of financial flows and liquidity and credit, and/or linked to the volatility of the main market variables (interest rates, commodity prices, etc.);
- Operational: risks/opportunities associated with the performance of business activities and related operational processes, with negative/positive consequences on the organisation's performance and operations;
- Legal & Compliance-Related: risks/opportunities relating to legal and contractual aspects and compliance with the relevant regulatory framework, laws and regulations, and standards applicable to the organisation.
