Risks
Alliander works hard to keep energy reliable, affordable and accessible for everyone. This work involves risks, including safety and financial risks. These risks cannot be entirely eliminated. However, risk management does provide insight into these risks, so that we can take informed decisions about these risks and risk management measures. In addition, risk management helps us refine Alliander’s strategy. Alliander uses a single risk management method. This ensures that the risk management process takes place in accordance with the same steps everywhere in the organisation.
Risk levels
Risks can be subdivided into five categories, ranging from very low to very high. The risk category depends on two factors: the probability of occurrence and the impact on the achievement of our strategic objectives. The potential impact on our objectives is assessed based on various aspects. Based on their probability and impact, each risk is assigned a place in the risk matrix.
Our most important current risks (click an item in the online report for an explanation)
- ACompletion of work package →
- BCapacity for change ↓
- CSafety →
- DLong-term regulatory focus →
- EPrivacy of energy data →
- FFuture-proof IT landscape ↓
- GCybersecurity →
- HFinancing →
Completion of work package →
Probability
Very high.
Impact
Very high.
What is the risk?
Due to the current rapid economic growth and the energy transition, the work volume is developing explosively and more quickly than anticipated, especially in the electricity domain. At the same time, the tight labour market for technical staff (combined with the long training time) makes it difficult to scale up capacity at the same pace. As a consequence, we cannot do all the work that comes our way, or not within the desired time frame. As a result, some customers are connected later than hoped or we may be forced to impose transmission restrictions, with possible claims as a result.
How is the risk managed?
Alliander is addressing the challenge surrounding the completion of its work package by preventing more work, capacitating more work, and managing the risks of incapacity. To prevent more work, we gain a better picture of the customer’s needs at an earlier stage and influence the customer’s choices. Where possible, we form coalitions in the sector and the supply chain. We capacitate more work by making our organisation smarter, improving our recruitment, training and retention of technical employees, outsourcing work, and using smarter working processes. Finally, we are managing the risks of incapacity by meeting our customers’ requirements as much as possible and communicating proactively and transparently.
What is the risk trend?
Neutral. The risk is and remains very high. The work package is also expected to increase further in the years to come and so remain at a challenging high level.
Capacity for change ↓
Probability
High/very high.
Impact
High.
What is the risk?
The world around us is changing rapidly and the energy transition is in full swing. The exact route and speed of the transition are uncertain. Alliander is committed to being up to the expectations of our customers and society as a whole, and so we have to be alert, resolute, and innovative. We also need to improve our forecasting accuracy to take measures. Change is needed to be able to do a lot more at greater pace and come up with and implement innovative solutions faster. If we fail to do so, we will not be able to achieve our strategic goals.
How is the risk managed?
Our stakeholders expect us to pursue a strategy that sees us substantially contribute to making energy supply more sustainable. By working as a united company – as one Alliander – we can handle this major challenge we have been tasked with. This means working on our strategy, our organisation and our culture and leadership. We are increasing our focus in how we take on challenges as an organisation, how teams contribute to the pursuit of our strategy, and which priorities they must set.
In addition, in 2020 we made efforts to realign aspects of our organisational structure with the aim of becoming an agile, highly effective and cost-conscious organisation. And finally, we direct our attention to and invest in culture and leadership.
What is the risk trend?
Decreasing. In the past year, we made every effort to create an agile, highly effective and cost-conscious organisation.
Safety →
Probability
Medium/high.
Impact
High.
What is the risk?
As a network company, we are responsible for the regional distribution of energy, such as electricity, natural gas, biogas and heating. These activities involve health and safety risks for our employees, contractors, customers and local communities. Insufficient safety awareness and lack of knowledge of safe working instructions, quality and safety requirements and safety measures heighten the risk of accidents. Unsafe practices of third parties working on Alliander’s behalf can also lead to safety risks. In addition, materials used in the past may pose more serious health and safety risks than initially assumed.
How is the risk managed?
Our safety efforts are based on three themes: network safety, safe working practices and safety awareness. We assure the safety of our networks by making the mitigation of safety risks an integral part of our network maintenance and replacement planning. We ensure safe working practices by preparing our employees for their work on operational assets with instructions and training and by requiring strict adherence to work instructions. We also ensure safe working practices are maintained at our contractors by performing audits of their quality system. Finally, safety awareness is promoted by making safety an inherent part of our mindset and actions at work.
What is the risk trend?
Neutral. Safety is prominently on the agenda within Alliander: various controls are in place. Nevertheless, due to the nature of our work, the trend for this risk is neutral.
Long-term regulatory focus →
Probability
High.
Impact
Very high.
What is the risk?
Policy and regulations within the energy domain have an impact on our activities and profitability. We are seeing a mismatch between laws and regulations and Alliander’s ambitions, at least to some extent. As a result, we run the risk of having insufficient financial resources, and there may also be insufficient leeway for us to both perform our statutory duties and fulfil the role we would like to play in the energy transition. This may affect our ability to facilitate the energy transition and achieve the objectives of Alliander.
How is the risk managed?
This risk is basically managed by building long-term constructive relationships with the legislator and the regulator. This includes ensuring a reasonable return for regulated activities and sufficient financial scope to perform our statutory duties. Additionally, together with the legislator, we discuss developments that are important for Alliander and potential bottlenecks that Alliander may encounter in practice. We paint a picture of what is necessary for the adequate fulfilment of the network operator’s responsibilities in the energy transition and seek official backing for a fitting role for our company in such developments as the transmission, distribution and metering of renewable gases and in heating. In addition, we actively make proposals for required adjustments to national and European laws and regulations. Where relevant, we address issues collectively with other network operators within the Association of Energy Network Operators (Netbeheer Nederland).
What is the risk trend?
Neutral. Alliander is consulting with the relevant stakeholders to work out in more detail how the arrangements provided for in the Dutch Climate Agreement should be integrated in the Energy Act, the Collective Heating Supply Act and the Environment & Planning Act with the National Strategy on Spatial Planning and the Environment.
Privacy of energy data →
Probability
Low.
Impact
Low.
What is the risk?
As part of our energy network management activities, we have access to privacy-sensitive data. This includes, for example, data on connections, energy contracts, usage, and costs. Violation of the privacy of energy data leads to penalties and reputation loss.
How is the risk managed?
We work closely with the other parties in the energy sector to ensure the effective protection of privacy-sensitive data. Information is exchanged with the regulators, the Netherlands Authority for Consumers & Markets (ACM), the Dutch Data Protection Authority [DPA], industry organisations (Netbeheer Nederland and Energie-Nederland [E-NL]), and other relevant parties.
Within its own organisation, Alliander has taken various initiatives to shield confidential data more effectively. The Alliander Code of Conduct, for instance, describes how we deal with confidential information, and an email address has been set up for the disclosure of data breaches. In compliance with the provisions of the GDPR, we have appointed a Data Protection Officer (DPO). By means of a Privacy Assurance Statement, among other measures, we ensure that the outsourced privacy-sensitive processes at EDSN are adequately managed. We collaborate with other network operators in the industry and participate in the Privacy and Security Policy and Expertise Group (Beleid en Expertise groep Privacy en Security [BEPS]).
What is the risk trend?
Neutral.
Future-proof IT landscape ↓
Probability
Medium/high.
Impact
Medium/high.
What is the risk?
Alliander needs an integrated IT architecture to be able to accommodate current and future primary processes and enable the energy transition. What's more, the current IT landscape is complex, which complicates the digital transformation to a data-driven network operator.
How is the risk managed?
We are focusing on creating clarity, refining our vision, and improving transparency. We are working on clarity by designing and implementing the kind of IT governance that is aligned with Alliander’s business model. And we put together IT Guidelines & Principles that describe boundaries and freedoms for IT development to create a clear scope of action for the various teams. Aside from that, we are defining a long-term vision on our IT landscape and increasing IT transparency, both in terms of the entire IT landscape and individual IT building blocks. Furthermore, with the redesign of our enterprise architecture, we can be certain that our application landscape is even more future-proof.
What is the risk trend?
Decreasing. In 2020, control and management mechanisms were set up to future-proof the IT landscape even further, with the Enterprise Architecture governance processes set up for this purpose. Initiatives to make the IT landscape future-proof have also been started.
Cybersecurity →
Probability
Medium.
Impact
High.
What is the risk?
Our energy networks and above-ground installations are increasingly being digitised. Cyberattacks with a political or terrorist motive are increasingly targeting vital infrastructure. Alliander is expected to respond in a proactive and timely manner to the rise and changes in cybercrime. This is how we can prevent a successful attack on our digitised networks from jeopardising the continuity of our services. For this reason, we are continuing to take above-average measures to protect and safeguard vital infrastructure.
How is the risk managed?
We protect our energy and data networks and computers against attacks at various levels. We make our employees aware of cybersecurity risks, with a strong focus on prevention, detection and response. Alliander’s security function has been further expanded with the establishment of a CISO office that is responsible for the entire information security process and thus has a key role in managing cyberrisks. We have also had our security processes certified by an independent external party. We are also intensively addressing this issue together with other network operators within Netbeheer Nederland and maintain close contacts with the Dutch National Cybersecurity Centre and other parties. Together, we can keep up with rapidly evolving developments and identify external signals of attacks at an early stage.
What is the risk trend?
Neutral. The combination of evermore complex attacks and digitisation of our networks challenges Alliander’s cyberresilience. Despite control measures that have already been implemented, the trend continues to be neutral.
Financing →
Probability
High.
Impact
Medium.
What is the risk?
As the Dutch Climate Agreement was given more substance, greater clarity was created last year on the level of investment needed for the energy transition: network operators can expect a sharp increase in the required investments. Current regulatory methods provide for compensation during the term of the asset in which an investment has been made, but not at the moment of investing. As investments rise, we are largely financing investments that we will only be able to recoup in 40 years’ time, leading to a significant increase in our financing needs that may, in the long run, put pressure on our financing ratios and our credit rating.
How is the risk managed?
To manage this risk, Alliander has identified a number of solution approaches, namely to attract hybrid financing, within the available scope, and to achieve the targeted cost savings. Aside from that, changes to the dividend policy and seeking financing from existing and, if necessary, new shareholders are further possible solution approaches.
What is the risk trend?
Neutral. To manage this risk, Alliander has identified a number of solution approaches, namely to achieve targeted cost savings, seek financing through shareholders, and attract hybrid financing within the available scope. Lastly, adjusting the dividend policy is also one of the possible solutions.
Risk awareness
The management of risks forms part of our governance and decision-making. The Management Board and Supervisory Board of Alliander regularly discuss the principal risks. They assess what effects the risks can have on the strategic objectives, the operations and our reputation.
Alliander is committed to complying with the guidelines from the revised Corporate Governance Code. The Corporate governance, Statement by the Management Board and Other information chapters provide more information on how risk management has explicitly been embedded in the company’s governance and decision-making procedures. For more general information about risk management, go to www.alliander.com.
Connecting risks to strategic pillars
1 customer choice first | 2 open networks | 3 digitalisation | 4 excellent network management | |
A: Completion of work in work package | • | • | ||
B: Capacity for change | • | • | • | • |
C: Safety | • | |||
D: Long-term regulatory focus | • | • | • | • |
E: Privacy of energy data | • | • | ||
F: Future-proof IT landscape | • | |||
G: Cyber security | • | • | ||
H: Financing | • |
Risk appetite
To achieve the corporate objectives, we sometimes need to accept risks to a certain extent. The extent to which we are prepared to run risk in attaining our goals (i.e. our ‘risk appetite’) ranges from risk to risk.
When it comes to the safety of our employees, our customers and our networks, we take no risk whatsoever. All risks are excluded, where possible and realistic.
Our risk appetite is low when it comes to compliance. We are expected to comply with laws and regulations and are committed to acting in accordance with internal procedures and the Alliander Code of Conduct.
Where strategic risks are concerned, we seek the right balance between the risks and our longer-term ambitions.
We have a low appetite for financial risks. This ensures that we have a healthy financial basis and meet our key financial ratios.
Explanation of risks
The following provides details of each risk and how Alliander manages each of the risks listed, while also showing the development in each area over the past year in light of measures taken.
decreasing: ↓
neutral: →
increasing: ↑
Financial risks, including our credit risk, are explained in note 34 to the financial statements.