Skip to main content
Publications Global Presence EN
Please, fill this field

Or , our new artificial intelligence tool.

Please, fill this field

Or , our new artificial intelligence tool.

Company Governance Sustainability
Vision Actions
Actions Go to
Energy Diversification Technologies for the transition Partnership for innovation Activities around the world
Products
Investors Media Careers
Investors Media Careers
Company Governance Sustainability
Publications Global Presence Login Yellow login
EN IT

Integrated Risk Management

We identify, analyse, quantify and monitor risks, as well as developing strategies to manage them.

Man and woman in office discussing with ipad in hand

A model that aims to strengthen company awareness

Eni has developed and adopted an Integrated Risk Management Model (IRM Model) supporting Eni’s management awareness in taking risk-informed decisions through risk assessment and analysis with an integrated, comprehensive and prospective vision.
The IRM Model is based on a system of methodologies and skills that leverages on criteria ensuring consistency of the evaluations to improve the effectiveness of the analyses, adequacy of support for the main decision-making processes (definition of the Strategic Plan) and to guarantee the disclosure to the administration and control bodies.

Risk Governance and guidelines for Risk management

Risk Governance attributes a central role to the Board of Directors (BoD) which defines, on the basis of the analyses proposed by the Chief Executive Officer (CEO) and with the support of the Control and Risk Committee, with reference to the four-year Strategic Plan, the nature and level of risk compatible with the company’s strategic objectives, including in its assessments all the elements that may be relevant with a view to the sustainable success of the company.

Risk Management. The infographic describes the Integrated Risk Management model, structured around four main and interconnected areas.  Integrated Risk Management is developed through:  Risk governance, methodologies and tools, which define the risk governance framework, reference processes and supporting tools.  Risk strategy, which sets the strategic direction for risk management in line with corporate objectives.  Integrated risk management, which ensures that risks are embedded into decision-making and operational processes.  Risk knowledge, training and communication, which promotes the dissemination of risk culture through training activities and internal communication initiatives.  The four areas contribute in a coordinated manner to the structured and integrated management of risks. 

The Integrated Risk Management model (IRM)

Eni’s Chief Executive Officer (CEO) implements the BoD’s guidelines; the analysis is based on the scope of the work and risks specific of each business area and processes aiming at defining an Integrated Risk Management policy. The CEO also ensures the evolution of the IRM process consistently with business dynamics and the regulatory environment. At least quarterly, the IRM function presents the relevant results to the CEO, to the Control and Risk Committee, as well as, where required, to the other control and supervisory bodies. The CEO submits the results of the analysis on Eni’s main risks to the Board of Directors at least quarterly.

The infographic represents the governance model of the internal control and risk management system, structured across three levels, involving governance bodies, management, the internal audit function and external assurance providers.  At the top of the system are the governance bodies and entities, including the Board of Directors, the Control and Risk Committee, the Board of Statutory Auditors, the Supervisory Body, the Chair of the Board of Directors and the Chief Executive Officer.  These bodies perform functions of direction, delegation, supervision and resource allocation, as well as accountability, reporting and assurance.  Management is responsible for the implementation of the internal control and risk management system, which is structured across three levels.  The first level is dedicated to the identification and management of relevant risks and related controls.  This level is overseen by line management and risk owners within business and support processes.  The second level is dedicated to monitoring the main risk categories and the adequacy of the control system.  It is carried out by specialist functions, including:  Integrated compliance  Integrated risk management  Manager in charge  Corporate affairs and governance  HSE  Process owner  Planning and control  Dedicated or specialist risk functions and compliance models, such as security, asset integrity, cyber, health, data protection officer and organisation  Second-level functions provide support to the first level.  The third level is entrusted to the Internal Audit function, which performs independent assurance and advisory activities on the first and second levels of control and on the internal control system as a whole.  The Internal Audit function also provides advisory activities in support of the first and second levels.  Alongside the internal system, external assurance providers operate, contributing to the overall effectiveness of the control system.  The model provides for structured flows of direction, supervision, accountability, reporting, assurance, communication, coordination and collaboration among the different levels and stakeholders involved. 

The Integrated Risk Management process (IRM)

The IRM process ensures the detection, consolidation and analysis of all Eni’s risks and supports the BoD to verify the compatibility of the risk profile with the strategic targets, also in a medium/long-term approach. The IRM supports management in the decision-making process by strengthening awareness of the risk profile and the associated mitigations.

The process, regulated by the Global Procedure “Integrated Risk Management” is continuous, dynamic and includes the following sub-processes: (i) Risk strategy; (ii) Integrated Risk Assessment; (iii) Integrated Country Risk; (iv) Integrated Project & M&A Risk Management.

The “Integrated Risk Assessment” sub-process

The “Integrated Risk Assessment” sub-process includes: periodic risk assessment and monitoring cycles in order to understand the risks taken on the basis of the strategic targets of the four year strategic plan also looking at the medium/long-term, through the definition, evaluation and monitoring of the main company’s risks and the related treatment measures; assessment activities on industrial assets; other analyses on specific risks. Furthermore, activities regarding the integrated analysis of existing risks in the main Countries of presence or potential interest and activities to support the sub-process “Integrated Country Risk” ICR the decision- making process for the authorization of investment projects and main transactions are performed (sub-process “Integrated Project Risk Management and M&A Risk Management”).

The risks are assessed with quantitative and qualitative tools considering both the likelihood of occurrence and the impacts that may results from the occurrence of the risk in a defined time horizon.

Risk Knowledge, training and risk communication activities are carried out, aimed at increasing the dissemination of the risk culture, identifying, developing and strengthening the resources operating

Eni’s top risks portfolio consists of 20 risks classified in: (i) external risks, (ii) strategic risks and, finally, (iii) operational risks.

Publications
Annual Report 2025
Annual Report 2025
PDF (10.98 MB)

On the same topic

Download document Download document