Risks
Alliander works hard to keep energy reliable, affordable and accessible for everyone. This work involves risks, including safety and financial risks. These risks cannot be entirely eliminated. However, risk management does provide insight into these risks, so that we can take informed decisions about these risks and risk management measures. In addition, risk management helps us refine Alliander’s strategy. Alliander uses a single risk management method. This ensures that the risk management process takes place in accordance with the same steps everywhere in the organisation.
Risk levels
Risks can be subdivided into five categories, ranging from very low to very high. The risk category depends on two factors: the probability of occurrence and the impact on the achievement of our strategic objectives. The potential impact on our objectives is assessed based on various aspects. Based on their probability and impact, each risk is assigned a place in the risk matrix.
Our most important current risks (click an item in the online report for an explanation)
- ACompletion of work package →
- BCapacity for change (new in 2019)
- CSafety →
- DLong-term regulatory focus →
- EPrivacy of energy data ↓
- FFuture-proof IT landscape (new in 2019)
- GCybersecurity →
- HFinanceability (new in 2019)
Completion of work package →
Probability
Very high.
Impact
Very high.
What is the risk?
Due to the current rapid economic growth and the energy transition, the work volume is developing explosively and more quickly than anticipated, especially in the electricity domain. At the same time, the tight labour market for technical staff (combined with the long training time) makes it difficult to scale up capacity at the same pace. As a consequence, we cannot do all the work that comes our way, or not within the desired time frame. As a result, some customers are connected later than hoped or we may be forced to impose transmission restrictions.
How is the risk managed?
Alliander is addressing the challenge surrounding the completion of its work package by preventing more work, capacitating more work, and managing the risks of incapacity. To prevent more work, we gain a better picture of the customer’s needs at an earlier stage and influence the customer’s choices. Where possible, we form coalitions in the sector and the supply chain. We capacitate more work by making our organisation smarter, improving our recruitment, training and retention of technical employees, outsourcing work, and using smarter working processes. Finally, we are managing the risks of incapacity by meeting our customers’ requirements as much as possible and communicating proactively and transparently.
What is the risk trend?
Neutral. The risk is and remains very high.
Capacity for change (new in 2019)
Probability
Very high.
Impact
High.
What is the risk?
The world around us is changing rapidly and the energy transition is in full swing. The exact route and speed of the transition are uncertain. Alliander is committed to being up to the expectations of our customers and society as a whole, and so we have to be alert, resolute, and innovative. We also need to improve our forecasting accuracy to take measures. Change is needed to be able to do a lot more at greater pace and come up with and implement innovative solutions faster. If we fail to do so, we will not be able to achieve our strategic goals.
How is the risk managed?
Our stakeholders expect us to pursue a strategy that sees us substantially contribute to making energy supply more sustainable. It is essential, therefore, that we focus on our shared goal, organise ourselves more effectively, and that we operate as a team. Work is currently ongoing on an approach that will help us create an excellent organisation. We have seen that it is possible to further increase our focus in how we take on challenges as an organisation, how teams contribute to the pursuit of our strategy, and which priorities they must set. There is also scope for better collaboration between Alliander teams on clear choices that we make as an organisation for Alliander’s future. Finally, we are making changes to parts of our organisational design to make the work easier to manage, allow employees to be more flexible, and ensure that work is completed on time.
What is the risk trend?
Not applicable: new risk.
Safety →
Probability
Medium/high.
Impact
High.
What is the risk?
As a network company, we are responsible for the regional distribution of energy, such as electricity, natural gas, biogas and heating. These activities involve health and safety risks for our employees, contractors, customers and local communities. Insufficient safety awareness and lack of knowledge of safe working instructions, quality and safety requirements and safety measures heighten the risk of accidents. Unsafe practices of third parties working on Alliander’s behalf can also lead to safety risks. In addition, materials used in the past may pose more serious health and safety risks than initially assumed.
How is the risk managed?
Our safety efforts are based on three themes: network safety, safe working practices and safety awareness. We assure the safety of our networks by making the mitigation of safety risks an integral part of our network maintenance and replacement planning. We ensure safe working practices by preparing our employees for their work on operational assets with instructions and training and by requiring strict adherence to work instructions. We also ensure safe working practices are maintained at our contractors by performing audits of their quality system. Finally, safety awareness is promoted by making safety an inherent part of our mindset and actions at work.
What is the risk trend?
Neutral. Safety is prominently on the agenda within Alliander: various controls are in place. Nevertheless, due to the nature of our work, the trend for this risk is neutral.
Long-term regulatory focus →
Probability
High.
Impact
Very high.
What is the risk?
Policy and regulations within the energy domain have an impact on our activities and profitability. Owing to the energy transition policy, we are seeing a mismatch between regulations and reality. This may affect our ability to facilitate the energy transition and achieve the objectives of Alliander.
How is the risk managed?
This risk is basically managed by building long-term constructive relationships with the legislator and the regulator. Together with the legislator, we discuss developments that are important for Alliander and potential bottlenecks that Alliander may encounter in practice. We paint a picture of what is necessary for the adequate fulfilment of the network operator’s responsibilities in the energy transition and seek official backing for a fitting role for our company in such developments as the transmission, distribution and metering of renewable gases and in heating. In addition, we actively make proposals for required adjustments to national and European laws and regulations. Where relevant, we address issues collectively with other network operators within the Association of Energy Network Operators (Netbeheer Nederland).
What is the risk trend?
Neutral. Policy involvement and regulations are increasing within the energy domain. Alliander is gradually gaining more clarity about the legislative agenda of authorities such as the Dutch Ministry of Economic Affairs and Climate Policy.
Privacy of energy data ↓
Probability
Low.
Impact
Low.
What is the risk?
As part of our energy network management activities, we have access to privacy-sensitive data. This includes, for example, data on connections, energy contracts, usage, and costs. Violation of the privacy of energy data leads to penalties and reputation loss.
How is the risk managed?
We work closely with the other parties in the energy sector to ensure the effective protection of privacy-sensitive data. Information is exchanged with the regulators, the Netherlands Authority for Consumers & Markets (ACM), the Dutch Data Protection Authority [DPA], industry organisations (Netbeheer Nederland and Energie-Nederland [E-NL]), and other relevant parties.
Within its own organisation, Alliander has taken various initiatives to shield confidential data more effectively. The Alliander Code of Conduct, for instance, describes how we deal with confidential information, and an email address has been set up for the disclosure of data breaches. Controls have also been put in place for processes that have been outsourced to Energie Data Service Nederland (EDSN). These include the use of unique customer keys to protect customer data. A GDPR scan has been carried out in the sector to identify all existing risks at EDSN as well as at individual and collective regional network operators.
What is the risk trend?
The risk is decreasing due to the implementation of effective controls.
Future-proof IT landscape (new in 2019)
Probability
High.
Impact
Medium/high.
What is the risk?
Alliander needs an integrated IT architecture to be able to accommodate current and future primary processes and enable the energy transition. What's more, the current IT landscape is complex, which complicates the digital transformation to a data-driven network operator.
How is the risk managed?
We are focusing on creating clarity, refining our vision, and improving transparency. We are working on clarity by designing and implementing the kind of IT governance that is aligned with Alliander’s business model. And we are putting together IT Guidelines & Principles that describe boundaries and freedoms for IT development to create a clear scope of action for the various teams. Aside from that, we are defining a long-term vision on our IT landscape and increasing IT transparency, both in terms of the entire IT landscape and individual IT building blocks. This will ultimately mean that business processes will have to be standardised to migrate to standard IT building blocks. And the redesign of our enterprise architecture will furthermore allow us to rationalise the application landscape.
What is the risk trend?
Not applicable: new risk.
Cybersecurity →
Probability
Medium.
Impact
High.
What is the risk?
Our energy networks and above-ground installations are increasingly being digitised. Cyberattacks with a political or terrorist motive are increasingly targeting vital infrastructure. Alliander is expected to respond in a proactive and timely manner to the rise and changes in cybercrime. This is how we can prevent a successful attack on our digitised networks from jeopardising the continuity of our services. For this reason, we are continuing to take above-average measures to protect and safeguard vital infrastructure.
How is the risk managed?
We protect our energy and data networks and computers against attacks at various levels. We make our employees aware of cybersecurity risks, with a strong focus on prevention, detection and response. Alliander’s security function was expanded further with the creation of a fully fledged security domain within IT. We are also intensively addressing this issue together with other network operators within Netbeheer Nederland and maintain close contacts with the Dutch National Cybersecurity Centre and other parties. Together, we can keep up with rapidly evolving developments and identify external signals of attacks at an early stage.
What is the risk trend?
Neutral. The combination of evermore complex attacks and digitisation of our networks challenges Alliander’s cyberresilience. Despite control measures that have already been implemented, the trend continues to be neutral.
Financeability (new in 2019)
Probability
High.
Impact
Medium.
What is the risk?
As the Climate Agreement was further fleshed out, greater clarity was created last year on the level of investment needed for the energy transition. Network operators will see their investments increase sharply. Current regulatory methods provide for compensation during the term of the asset in which an investment has been made, but not at the moment of investing. As investments rise, we are largely financing investments that we will only be able to recoup in 40 years’ time, leading to a significant increase in our financing needs that may, in the long run, put pressure on our financing ratios and our credit rating.
How is the risk managed?
To manage this risk, Alliander has identified a number of solution approaches, namely to attract hybrid financing, within the available scope, and to achieve the targeted cost savings. Aside from that, changes to the dividend policy and seeking financing from existing and, if necessary, new shareholders are further possible solution approaches.
What is the risk trend?
Not applicable: new risk.
Risk awareness
The management of risks forms part of our governance and decision-making. The Management Board and Supervisory Board of Alliander regularly discuss the principal risks. They assess what effects the risks can have on the strategic objectives, the operations and our reputation. In 2019, Alliander’s strategic risks were recalibrated in a session with the Alliander management team. Risk management is also a permanent item on the agenda for the other executive and management layers within Alliander.
Alliander is committed to complying with the guidelines from the revised Corporate Governance Code. The Corporate governance, Statement by the Management Board and Other information chapters provide more information on how risk management has explicitly been embedded in the company’s governance and decision-making procedures. For more general information about risk management, go to www.alliander.com.
Connecting risks to strategic pillars
1 customer choice first | 2 open networks | 3 digitalisation | 4 excellent network management | |
A: Completion of work in work package | • | • | ||
B: Company's adaptability (new) | • | • | • | • |
C: Safety | • | |||
D: Long-term regulatory focus | • | • | • | • |
E: Privacy of energy data | • | • | ||
F: Future-proof IT landscape (new) | • | |||
G: Cyber security | • | • | ||
H: Financeability (new) | • |
Risk appetite
To achieve the corporate objectives, we sometimes need to accept risks to a certain extent. The extent to which we are prepared to run risk in attaining our goals (i.e. our ‘risk appetite’) ranges from risk to risk.
When it comes to the safety of our employees, our customers and our networks, we take no risk whatsoever. All risks are excluded, where possible and realistic.
Our risk appetite is low when it comes to compliance. We are expected to comply with laws and regulations and are committed to acting in accordance with internal procedures and the Alliander Code of Conduct.
Where strategic risks are concerned, we seek the right balance between the risks and our longer-term ambitions.
We have a low appetite for financial risks. This ensures that we have a healthy financial basis and meet our key financial ratios.
Explanation of risks
The following provides details of each risk and how Alliander manages each of the risks listed, while also showing the development in each area over the past year in light of measures taken.
decreasing: ↓
neutral: →
increasing: ↑
Financial risks, including our credit risk, are explained in note 34 to the financial statements.