Risks
Alliander works hard to keep energy reliable, affordable and accessible for everyone. This work involves risks, including safety and financial risks. These risks cannot be entirely eliminated. However, risk management does provide insight into these risks, so that we can take informed decisions about these risks and risk management measures. In addition, risk management helps us refine Alliander’s strategy. Alliander uses a single risk management method. This ensures that the risk management process takes place in accordance with the same steps everywhere in the organisation.
Risk levels
Risks can be subdivided into five categories, ranging from very low to very high. The risk category depends on two factors: the probability of occurrence and the impact on the achievement of our strategic objectives. The potential impact on our objectives is assessed based on various aspects. Based on their probability and impact, each risk is assigned a place in the risk matrix.
Our most important current risks (click an item in the online report for an explanation)
- ACompletion of work package →
- BCapacity for change ↓
- CSafety →
- DLong-term regulatory focus →
- EPrivacy: Reviewed
- FFuture-proof IT landscape→
- GCybersecurity ↑
- HFinancing →
- IMeeting customers’ expectations: New
- JFuture-proof investments: New
Completion of work package →
Probability
Very high.
Impact
Very high.
What is the risk?
The volume of work, especially in the electricity domain, is increasing much faster than anticipated due to the energy transition and economic growth. At the same time, the tight labour market for technical staff (combined with the long training time) makes it difficult to scale up capacity at the same pace. As a consequence, we cannot do all the work that comes our way, or not within the desired time frame. Congestion on the grid and complaints about voltage may therefore increase.
How is the risk managed?
Alliander is addressing the challenge surrounding the completion of its work package by engineering more work, making better use of the grid and preventing additional work. We engineer more work by increasing our production systematically and substantially, by investing in solutions focused on improving productivity and increasing capacity. Better use is being made of the existing grid by means of smart solutions and the active application of customer flexibility. This reduces peak loads and enables more customers to be connected without expanding the grid. We prevent additional work by effectively influencing national and regional policy decisions and the behaviour of consumers and companies, with the aim of reducing demand for power.
What is the risk trend?
Neutral. The risk is and remains very high. This is despite the control measures put in place. The work package is also expected to increase further in the years to come and so remain at a challenging, high level.
Capacity for change ↓
Probability
High.
Impact
High.
What is the risk?
Our customers and society in general have high expectations of Alliander. Changes are needed if we are to continue to fulfil our social role. At the same time, we are dealing with an organisation in which employees are under pressure due to the challenges we face and uncertainty about whether and how we will be able to fulfil our task for customers and each other. COVID-19 has also put the engagement with the company under pressure. A failure to change could pose a threat to achieving our goals.
How is the risk managed?
To increase the capacity for change, we work on the basis of one common goal: being an agile, effective and cost-efficient organisation that works together as one team. This means addressing our strategy, our organisation and our culture and leadership. We work on the basis of a clear strategy with critical success factors and performance indicators which are incorporated at all levels of the organisation. We seek to have an agile, effective and cost-efficient organisation by being aware of each other’s production process, continuing to develop the organisation structure and implementing a new Alliander consultative structure. We make use of strategic staff planning so that we can proactively respond to staffing developments in a much more targeted manner. We work as one team by drawing up new leadership profiles and developing activities to promote professional skills, lasting personal effectiveness and inclusivity. We also invest in leadership by holding leadership days at various levels.
What is the risk trend?
Decreasing. Progress has been made in our new organisation structure in the past year. We have started working with a consultative structure in which we set priorities and make adjustments each quarter, adding focus and ensuring that we can meet our enormous challenge. Employees are asked to reflect, learn and perform.
Safety →
Probability
Medium/high.
Impact
High.
What is the risk?
The regional distribution of energy, such as electricity, biogas, gas and heat, involves health and safety risks for our employees, contractors, customers and local communities. Insufficient safety awareness and lack of knowledge of safe working instructions, quality and safety requirements and safety measures heighten the risk of accidents. Unsafe practices of third parties working on Alliander’s behalf can also lead to safety risks. In addition, materials used in the past may pose more serious health and safety risks than initially assumed.
How is the risk managed?
Our safety efforts are focused on ensuring network safety, maintaining safe working practices and boosting safety awareness. We assure network safety by including safety in the design of the network and in decisions about procuring assets. We also weigh up safety risks as an integral part of our network maintenance and replacement planning. Instructions and training courses for employees prepare them for working on assets and they follow work instructions. We also provide them with safe tools, materials and protective equipment. We monitor safety at work by conducting workplace inspections and safety observation rounds, and we investigate incidents. We promote safe working at our contractors too by auditing their quality systems. Finally, we work on safety awareness: thinking and acting with safety in mind at all times should be a given. We do this by consciously focusing on safety and giving each other critical feedback about undesirable behaviour, so that together we can make improvements to safety every day.
What is the risk trend?
Neutral. Safety was prominently on the agenda again in 2021. Qirion, Maintenance & Outages, Private Customers and Business Customers, Reconstruction & Energy Networks rose to rung 3 on the Safety Culture Ladder for the first time in 2021. At the same time though, we see an increase in the LTIF. In Q1 2022, we will investigate whether control measures are adequate and whether there are any developments that have increased the safety risk.
Long-term regulatory focus →
Probability
High.
Impact
Very high.
What is the risk?
Policy and regulations within the energy domain have an impact on our activities and profitability. We are seeing a mismatch between laws and regulations and Alliander’s ambitions, at least to some extent. As a result, we run the risk of having insufficient financial resources, and there may also be insufficient leeway for us to both perform our statutory duties and fulfil the role we would like to play in the energy transition. This may affect our ability to facilitate the energy transition and achieve the objectives of Alliander.
How is the risk managed?
This risk is basically managed by building long-term constructive relationships with the legislator and the regulator. In so doing, bottlenecks for Alliander are discussed on a continuous basis. We focus on ensuring a reasonable return for regulated activities and sufficient financial scope to perform our statutory duties. In addition, we paint a clear picture of what is necessary for us to perform our role and fulfil our responsibilities effectively now and in the future. We actively put forward proposals for necessary amendments to national and European legislation and regulations and proactively enter into dialogue with policy-making parties, often in alliance with Netbeheer Nederland.
What is the risk trend?
Neutral. We are still critical of the method decisions which govern the permitted income. They do not yet take sufficient account of the break in the trend of cost development as a consequence of the energy transition.
Dialogue with the relevant stakeholders is continuing about the Energy Act and secondary legislation, the new Heating Act and the Heat Transition (Municipal Instruments) Act. Good progress is being made, but not everything is as we would wish. It is important to develop this legislation and these regulations further to make them sufficiently flexible and future-proof.
Privacy: Reviewed
Probability
Medium/high.
Impact
Low/medium.
What is the risk?
The digitalisation of Alliander’s work is accelerating fast. As a result, we are gathering, storing and exchanging even more data on all aspects. There is an associated risk that personal data is processed unlawfully with respect to the statutory requirements of the General Data Protection Regulation (GDPR). In addition, personal data may not be appropriately protected by technical and organisational measures, making it accessible to unauthorised persons (data leak).
How is the risk managed?
We comply with the GDPR by recording the rules on working with personal data in our Code of Conduct. We have a privacy policy which sets out the organisation, implementation, management, monitoring and continuous improvement of privacy. We promote awareness of privacy among our employees by the active application of e-learning. We make use of processing registers to keep track of which personal data is processed for which purpose. Should a data leak occur, we have a data leak procedure to report the leak correctly and in good time to the regulator. We also work with processing agreements with suppliers to safeguard the privacy of personal data. And finally, we have set up authorisation management to protect data effectively.
What is the risk trend?
Not applicable, this is a new risk (the existing risk of ‘privacy of energy data’ is described elsewhere, from a broader privacy perspective).
Future-proof IT landscape→
Probability
Medium/high.
Impact
Medium/high.
What is the risk?
Alliander needs an integrated IT architecture to be able to accommodate current and future primary processes and enable the energy transition. The IT landscape is complex and still insufficiently flexible to address future challenges. Our current systems have high reliability but are currently receiving too little long-term attention, which complicates the digital transformation to a data-driven network operator.
How is the risk managed?
We are investing in the long-term development of our core systems: we are prioritising making a blueprint of them and planning how to tackle these systems. And we are putting together IT Guidelines & Principles that describe boundaries and freedoms for IT development to create a clear scope of action for the various teams. At the same time, we are documenting policies and communicating them. In addition, we are defining a long-term vision for our IT landscape and creating an overview of our applications and technical building blocks.
What is the risk trend?
Neutral.
Cybersecurity ↑
Probability
High.
Impact
High.
What is the risk?
Our energy networks and above-ground installations are increasingly being digitised. Cyberattacks with a political or terrorist motive are increasingly targeting vital infrastructure. Topical events which attract world-wide attention affect this threat assessment. Ransomware – maliciously encrypting files and systems before demanding a ransom to make them accessible again – has developed to such a degree that it poses a risk to the Netherlands’ national security. Disruptions to or outages of the digital infrastructure can lead to disruptions in daily life or even to a breakdown of society. The supply of electricity is inextricably bound up with this.
How is the risk managed?
The CISO Office has overall responsibility for the entire process of information security and therefore has a key role in managing cyber risks.
We manage this risk by working on our digital resilience and by applying the ISO CyberSecurity Framework. We seek to identify threats and vulnerabilities by making use of Alliander Security Governance, the Security Policy, risk identification and external sources. We protect Alliander from cyber risks by managing risks and by having a culture in which security is a given. We detect risks by actively monitoring identified threats and we respond effectively by resolving and further investigating security incidents. Finally, risk control is set up to enable recovery when cyber risks occur: we have organised business continuity management and set up Disaster Recovery Plans for this purpose.
What is the risk trend?
Increasing. The risk has increased given that more and more companies are affected by attacks every year and the complexity of these attacks is growing.
Financing →
Probability
High.
Impact
Medium.
What is the risk?
As the Dutch Climate Agreement was given more substance, greater clarity was created last year on the level of investment needed for the energy transition: network operators can expect a sharp increase in the required investments. Current regulatory methods provide for compensation during the term of the asset in which an investment has been made, but not at the moment of investing. As investments rise, we are largely financing investments that we will only be able to recoup in the course of 40 years. At the same time, the compensation for the cost of capital for borrowed capital and equity is falling. Taken together, the result is an increase in the need for financing, which may put financial ratios and ratings under pressure.
How is the risk managed?
The energy transition and our social task require substantial investments in the coming years. To find a structural solution to this financing challenge, we are taking a three-pronged approach: capital injection, a cost-efficient organisation and exploratory talks. To maintain a sound financial position, it is necessary to strengthen our equity. Alliander accordingly asked shareholders for a capital injection in 2021: the shareholders agreed to this at the end of 2021 and a reverse hybrid convertible bond loan has now been issued. In addition to strengthening equity, we continue to work towards an agile, effective and cost-efficient organisation, to lower the organisation’s costs and increase production. And finally, in conjunction with the other network operators, we are conducting talks with the regulator and the Dutch Ministries of Economic Affairs and Climate Policy and Finance about the network operators’ current revenue system and ways of ensuring sufficient equity for regional network operators in the longer term.
What is the risk trend?
Neutral. Alliander has made significant progress in managing this risk in the past year thanks to the capital injection of €600 million from its shareholders. Further capital injections will however remain necessary in the coming years.
Meeting customers’ expectations: New
Probability
Very high.
Impact
Very high.
What is the risk?
It is becoming increasingly difficult to meet customers’ expectations. The shortage of transmission capacity is worsening and waiting periods for connections are getting longer. Interaction with customers is increasing too. All this has an impact on our customers and requires good, timely personal communication. At the same time, our customers have ever higher expectations concerning transparency and service provision. Consumers are uniting on specific topics and social and conventional media magnify issues. National and regional media are focusing more attention on network operators as well. This can cause customers to regard Alliander less positively, reducing public support for our work as a network operator.
How is the risk managed?
We are seeking to influence the image of our work by aiming to act before incidents happen. We are introducing guidelines on communicating with people who live in the surrounding area, and on customer policy. Our contractors will also have to comply with these guidelines. Our communication strategy is proactive, timely and transparent and shows what action the customer can take. We take a regional and customer-specific approach through various channels, with focal points per topic such as the shortage of transmission capacity, waiting times for connections, the shortage of low-voltage electricity and the image of our day-to-day work.
What is the risk trend?
Not applicable: new risk.
Future-proof investments: New
Probability
Very high.
Impact
High.
What is the risk?
We are building an energy infrastructure to last some 40 years. At the same time, we are dealing with an environment in which political and other choices are made which encourage developments under current market conditions leading to an energy solution that is not appropriate from the perspective of the ideal system in the long term. This may lead to suboptimal investments which will not be fully utilised up to the end of their useful lives, duplicate infrastructures and therefore higher costs for the infrastructure and for society. It can also lead to a greater challenge in terms of the task feasibility and delays in achieving the goals of the energy transition.
How is the risk managed?
We connect customers to the electricity grid when they put in a request to that effect, in line with our obligation to connect customers. We talk to customers to discuss the reason for the request and to offer them alternatives. In the short term, we show the sectors in which investments should be made for sustainable energy generation for the next 20 years. We thereby provide quantitative evidence for our lobbying activities. We are also conducting discussions in the relevant regions to get the problem on the agenda. The discussions about the areas being explored on the basis of the RES plans provide a platform for putting the problem on the agenda and for agreeing mitigating measures with our stakeholders for long-term prioritising and programming.
What is the risk trend?
Not applicable: new risk.
Risk awareness
The management of risks forms part of our governance and decision-making. The Management Board and Supervisory Board of Alliander regularly discuss the principal risks. They assess what effects the risks can have on the strategic objectives, the operations and our reputation.
Alliander is committed to complying with the guidelines in the revised Corporate Governance Code. The Corporate Governance, Statement by the Management Board and Other Information chapters provide more information on how risk management has explicitly been embedded in the company’s governance and decision-making procedures. For more general information about risk management, please visit www.alliander.com.
Connecting risks to strategic pillars
1 customer choice first | 2 open networks | 3 digitalisation | 4 excellent network management | |
A: Completion of work in work package | • | • | ||
B: Capacity for change | • | • | • | • |
C: Safety | • | |||
D: Long-term regulatory focus | • | • | • | • |
E: Privacy | • | • | ||
F: Future-proof IT landscape | • | |||
G: Cyber security | • | • | ||
H: Financing | • | |||
I: Meeting customer expectations | • | • | • | • |
J: Future-proof investments | • |
Risk appetite
To achieve the corporate objectives, we sometimes need to accept risks to a certain extent. The extent to which we are prepared to run risk in attaining our goals (i.e. our ‘risk appetite’) ranges from risk to risk.
When it comes to the safety of our employees, our customers and our networks, we take no risk whatsoever. All risks are excluded, where possible and realistic.
Our risk appetite is low when it comes to compliance. We are expected to comply with laws and regulations and are committed to acting in accordance with internal procedures and the Alliander Code of Conduct.
Where strategic risks are concerned, we seek the right balance between the risks and our longer-term ambitions.
We have a low appetite for financial risks. This ensures that we have a healthy financial basis and meet our key financial ratios.
Explanation of risks
The following provides details of each risk and how Alliander manages each of the risks listed, while also showing the development in each area over the past year in light of measures taken.
decreasing: ↓
neutral: →
increasing: ↑
Financial risks, including our credit risk, are explained in note [34] to the financial statements.