Risks

Alliander works hard to keep energy reliable, affordable and accessible for everyone. This work involves risks, including safety and financial risks. These risks cannot be entirely eliminated. However, risk management does provide insight into the risks, so that we can take informed decisions about these risks and risk management measures. In addition, risk management helps us tweak Alliander’s strategy. Alliander uses a single risk management method. This ensures that the risk management process takes place in accordance with the same steps everywhere in the organisation.

Risk levels

Risks can be subdivided into five categories, ranging from very low to very high. The risk category depends on two factors: the probability of occurrence and the impact on the achievement of our strategic objectives. The potential impact on our objectives is assessed based on various aspects. Based on their probability and impact, each risk is assigned a place in the risk matrix.

Our most important current risks (click online on an item for an explanation)
  • 1Safety →
  • 2Completion of work package ↑
  • 3Long-term regulatory focus →
  • 4Cybercrime ↓
  • 5Privacy of energy data ↓
  • 6Required capacity and competences ↓
  • 7Anticipating and keeping up with the energy transition ↑
1 2 3 4 5 6 7

Safety →

Probability

Medium/high

Impact

High

What is the risk?

As a network company, we are responsible for the regional distribution of energy, such as electricity, natural gas, biogas and heating. These activities involve health and safety risks for our employees, contractors, customers and surroundings. Insufficient safety awareness and lack of knowledge of safe working instructions, quality and safety requirements and safety measures heighten the risk of accidents. Unsafe practices of third parties working on Alliander’s behalf can also lead to safety risks. In addition, materials used in the past may pose more serious health and safety risks than initially assumed.

How is the risk managed?

Our safety efforts are based on three themes: network safety, safe working practices and safety awareness. We assure the safety of our networks by making the mitigation of safety risks an integral part of our network maintenance and replacement planning. We ensure safe working practices by preparing our colleagues for their work on operational assets with instructions and training and requiring strict adherence to work instructions. Safe working practices are also maintained at our contractors by performing audits of their quality system. Finally, safety awareness is promoted by making safety an inherent part of our mindset and actions at work.

What is the risk trend?

Neutral. Safety is prominently on the agenda within Alliander: various controls are in place. Nevertheless, due to the nature of our work, the trend for this risk is neutral. 

Completion of work package ↑

Probability

Very high

Impact

Very high

What is the risk?

Owing to vigorous economic growth and accelerating energy transition, the workload is surging, rising more rapidly than expected, particularly in the field of electricity. At the same time, the tight labour market for technical staff (combined with the long training time) makes it difficult to scale up capacity at the same pace. As a consequence, we cannot do all the work that comes our way, or not within the envisaged time frame. Some customers are connected later than hoped and technical network maintenance is sometimes postponed. This can have a negative effect on the outage duration.

How is the risk managed?

Alliander is addressing the challenge surrounding the completion of its work package by preventing more work, engineering more work and managing the risks of non-engineerability. To prevent more work, we gain a better picture of the customer’s needs at an earlier stage and influence the customer’s choices. Where possible, we form coalitions in the sector and the supply chain. We engineer more work by making our organisation smarter, improving our recruitment, training and retention of technical employees, outsourcing work and using smarter working processes. Finally, we are managing the risks of non-engineerability by meeting our customers’ requirements as much as possible and communicating proactively and transparently.

What is the risk trend?

Increasing. Despite existing and ongoing measures, the risk is increasing, notably due to scarcity in critical technical labour capacity and growing demand.

Long-term regulatory focus →

Probability

High

Impact

Very high

What is the risk?

Policy and regulations within the energy domain have an impact on our activities and profitability. Owing to the energy transition policy, we are seeing a mismatch between regulations and reality. This may affect our ability to facilitate the energy transition and achieve the objectives of Alliander.

How is the risk managed?

This risk is basically managed by building long-term constructive relationships with the legislator and the regulator. Together with the legislator, we discuss developments that are important for Alliander and potential bottlenecks that Alliander may encounter in practice. We paint a picture of what is necessary for the adequate fulfilment of the network operator’s responsibilities in the energy transition and seek official backing for a fitting role for our company in such developments as the transmission, distribution and metering of renewable gases and in heating. In addition, we actively make proposals for required adjustments to national and European laws and regulations. Where relevant, we address issues collectively with other network operators within the Association of Energy Network Operators (Netbeheer Nederland).

What is the risk trend?

Neutral. Policy involvement and regulations are increasing within the energy domain. Alliander is gradually gaining more clarity about the legislative agenda of authorities such as the Dutch Ministry of Economic Affairs and Climate Policy.

Cybercrime ↓

Probability

Medium

Impact

High

What is the risk?

Our energy networks and above-ground installations are steadily being digitised. Cyberattacks with a political or terrorist motive are increasingly targeting vital infrastructure. Alliander is expected to respond in a proactive and timely manner to the rise and changes in cybercrime. This is how we can prevent a successful attack on our digitised networks from jeopardising the continuity of our services. For this reason, we are continuing to take above-average measures to protect and safeguard vital infrastructure.

How is the risk managed?

We protect our energy and data networks and computers against attacks at various levels. We make our employees aware of cybersecurity risks, with a strong focus on prevention, detection and response. Alliander’s security function was expanded further with the creation of a fully fledged security domain within IT. We are also addressing this issue extensively with other network operators within the Association of Energy Network Operators (Netbeheer Nederland) and maintain close contacts with the Dutch National Cyber Security Centre and other parties. Together, we can keep up with rapidly evolving developments and identify external signals of attacks at an early stage.

What is the risk trend?

Decreasing. The combination of evermore complex attacks and digitisation of our networks calls for increased cyber resilience within Alliander. This has greatly improved over the past period, so that we are better able to withstand these threats. This resilience is permanently adjusted and expanded.

Privacy of energy data ↓

Probability

Low

Impact

High

What is the risk?

As part of our energy network management activities, we have access to privacy-sensitive data. such as connections, energy contracts, usage and costs. Violation of the privacy of energy data leads to penalties and reputation loss.

How is the risk managed?

We work closely with the other parties in the energy sector to ensure the effective protection of privacy-sensitive data. Information is exchanged with regulators (the Netherlands Authority for Consumers & Markets and the Dutch Personal Data Authority), industry associations (the Association of Energy Network Operators and Energie-Nederland) and other parties.
Within its own organisation, Alliander has taken various initiatives to shield confidential data more effectively. The Alliander Code of Conduct, for instance, describes how we deal with confidential information and an email address has been set up for the disclosure of data breaches. Controls have also been put in place for processes that have been outsourced to Energie Data Service Nederland (EDSN). These include the use of unique customer keys to protect customer data. A GDPR scan has been carried out in the sector to identify all existing risks at EDSN as well as at individual and collective regional network operators.

What is the risk trend?

The risk is decreasing thanks to the implementation of effective controls.

Required capacity and competences ↓

Probability

High

Impact

Medium

What is the risk?

One of the main challenges for Alliander in our rapidly changing environment is to recruit and retain the right staff, particularly people in critical positions.

How is the risk managed?

Our labour market efforts and campaigns are fully targeted at scarce groups. Where possible, we also approach less obvious groups, such as lateral hires, people with reskilling potential and international candidates. We maintain close contacts with schools and universities to spot young talent and identify their wishes and expectations at an early stage. In addition, we are working with HR teams whose core task is to recruit the required capacity and competences.

What is the risk trend?

Decreasing. Alliander is increasingly able to find and retain people. the reason being that the energy sector is becoming more and more popular to work in.

Anticipating and keeping up with the energy transition ↑

Probability

High

Impact

High

What is the risk?

The energy transition is accelerating. Our society is in the throes of far-reaching electrification and the use of natural gas for residential heating is being phased out. As natural gas is being replaced by solar panels, wind farms, heat pumps and electric cars, many parts of the electricity grid need to be rapidly upgraded. But it is difficult to predict how quickly society will embrace the new energy system. The uncertainty surrounding the various energy transition scenarios (what will happen where and at what pace?) makes it harder than ever to accurately anticipate events. If we are not sufficiently flexible to deal with the uncertainty of different transition scenarios and their associated investments, and do not have sufficient alternatives to avoid network upgrades, we may make ill-advised investments, invest too late or too early, or develop unnecessarily complex products. Added to this, falling revenue from the gas grid may put the affordability of the energy system under further pressure.

How is the risk managed?

We manage the risk by seeking to increase our predictive insight into the future energy requirement in our regions and the impacts on our networks. This helps us to invest more efficiently and effectively. In addition, we are trying to exert a positive influence on the heating transition through a proactive customer approach. Innovative solutions enable us to prevent network upgrades and investments/disposals. Finally, we are sharpening our focus on capacity issues within Alliander.

What is the risk trend?

Increasing. The energy transition is gathering momentum and applications for renewable feed-in are flooding in. The arrangements made in the upcoming Climate Agreement set out the increased level of ambition in more concrete terms.

Risk awareness

The management of risks forms part of our governance and decision-making. The Management Board and Supervisory Board of Alliander regularly discuss the principal risks. They assess what effects the risks can have on the strategic objectives, the operations and our reputation. In 2018, Alliander’s strategic risks were recalibrated in a session with the Alliander management team. Risk management is also a permanent item on the agenda for the other executive and management layers within Alliander.

Alliander is committed to complying with the guidelines from the revised Corporate Governance Code. The Corporate governance, Statement by the Management Board and Other information chapters provide more information on how risk management has explicitly been embedded in the company’s governance and decision-making procedures. For more general information about risk management, go to http://www.alliander.com/.

Connecting risks to strategic pillars

 

1 customer choice first

2 open networks

3 digitisation

4 excellent network management

1. Safety

   

2. Realisation of work package

  

3. Long-term regulatory focus

4. Cybercrime

  

5. Privacy of energy data

   

6. Required capacity and competences

7. Anticipating and keeping up with the energy transition

   

Risk appetite

To achieve the corporate objectives, we sometimes need to accept risks to a certain extent. The extent to which we are prepared to do so (our ‘risk appetite’) ranges from risk to risk.

  • When it comes to the safety of our employees, our customers and our networks, we take no risk whatsoever. All risks are excluded, where possible and realistic.

  • Our risk appetite is low when it comes to compliance. We are expected to comply with laws and regulations and want to act in accordance with internal procedures and the Alliander Code of Conduct

  • Where strategic risks are concerned, we seek the right balance between the risks and our longer-term ambitions.

  • We have a low appetite for financial risks. This ensures that we have a healthy financial basis and meet our key financial ratios.

Explanation of risks

Below we describe what each risk entails, how Alliander manages the risk, any developments in the past year and the controls that are in place.

decreasing: ↓
neutral: →
increasing: ↑


Financial risks, including our credit risk, are explained in note 34 to the financial statements. For a detailed description of all our operational asset risks, we refer to the Quality and Capacity Documents (QCD) that we draw up every two years. (see www.liander.nl/kcd).