Integrated Risk Management

Man and woman in office discussing with ipad in hand

A model that aims to strengthen company awareness

Eni has developed and adopted a Model for Integrated Risk Management (IRM) to ensure that the company takes risk-informed decisions. The model also seeks to increase awareness at all company levels that appropriate risk assessment and management can affect the company's value and ability to deliver on targets.

Risks are potential events that can affect Eni's activities and whose occurrence could affect the achievement of the company's core objectives. We identify, monitor and manage business risks, including market, operational and strategic risks. In addition, the issue of climate change could lead to changes in scenario and climate conditions, which could generate physical risks and risks related to the energy transition (regulatory, market, technological and reputational risks) affecting Eni's businesses in the short, medium and long term.

Risk Governance and guidelines for Risk management

Our Risk Governance system gives a central role to the Board of Directors, which defines the nature and level of risk compatible with strategic targets, including in the evaluation process all those risks that could be significant for business sustainability in the medium-long term. The Board of Directors, with the support of the Control and Risk Committee, determines the guidelines for risk management, so as to ensure that Eni's main risks are properly identified, assessed, managed and monitored.

IRM Model

The IRM Model

The IRM Model is characterized by a structured approach, based on international best practices and considering the guidelines of the Internal Control and Risk Management System, that is structured on three control levels.

Risk Governance attributes a central role to the Board of Directors (BoD) which defines the nature and level of risk in line with strategic targets, including in evaluation process all those risks that could be consistent for the sustainability of the business in the medium-long term.

The BoD, with the support of the Control and Risk Committee, outlines the guidelines for risk management, so as to ensure that the main corporate risks are properly identified and adequately assessed, managed and monitored, determining the degree of compatibility with company management consistent with the strategic targets.

For this purpose, Eni’s CEO, through the IRM process, presents every three months a review of the Eni’s main risks to the Board of Directors. The analysis is based on the scope of the work and risks specific of each business area and processes aiming at defining an integrated risk management policy; the CEO also ensures the evolution of the IRM process consistently with business dynamics and the regulatory environment.

Furthermore, the Risk Committee, chaired by the CEO, holds the role of consulting body for the latter with regards to major risks. For this purpose, the Risk Committee evaluates and expresses opinions, at the instance of CEO, related to the main results of the IRM process.  

IRM process

IRM process

The Integrated Risk Management process takes a top-down and risk-based approach, starting from the definition of Eni's Strategic Plan. It ensures that major risks are identified, assessed, managed and monitored while taking into account the individual operations, risk profiles and risk management systems of each business unit, to create a wholly integrated risk management process.

The IRM process ensures the detection, consolidation and analysis of all Eni’s risks and supports the BoD to verify the compatibility of the risk profile with the strategic targets, also in a medium-long term approach. The IRM supports management in the decision-making process by strengthening awareness of the risk profile and the associated mitigations. The process, regulated by the “Management System Guideline (MSG) Integrated Risk Management” is continuous, dynamic and includes the following sub-processes: (i) risk governance, methodologies and tools (ii) risk strategy, (iii) integrated risk management, (iv) risk knowledge, training and communication.

The IRM process starts from the contribution to the definition of medium and long-term plans and Eni’s Strategic Plan (risk strategy) through the analysis of the risk profile and business opportunities underlying the plan and the long-term development, as well as the identification of proposals for de-risking objectives and strategic treatment actions.

IRM sub-process

The “Integrated Risk Management” sub-process includes:

  • periodic risk assessment and monitoring cycles (Integrated Risk Assessment) in order to understand the risks taken on the basis of the strategic and medium-long term targets and the initiatives defined to achieve them;
  • contract risk management and analysis aimed at the best allocation of the contractual responsibilities with the supplier and their adequate management in the operational phase;
  • integrated analysis of existing risks in the Countries of presence or potential interest (ICR) which represents a reference for risk strategy, risk assessment and project risk analysis activities;
  • support to the decision-making process for the authorization of investment projects and main transactions (Integrated Project Risk Management and M&A).

The risks are assessed with quantitative and qualitative tools considering both the likelihood of occurrence and the impacts that would occur in a defined time horizon when the risk occurs.

The assessment is expressed following an inherent and a residual level (taking into account the effectiveness of the mitigation actions) and allows to measure the impact with respect to the achievement of the objectives of the Strategic Plan and for the whole life as regards the business. The risks are represented on the basis of the likelihood of occurrence and the impact on matrices that allow their comparison and classification by relevance.

The risk knowledge, training and communication sub-process is aimed at increasing the diffusion of the culture of risk, at strengthening a common language among the resources that operate in the risk management area across the different Eni businesses as well as sharing information and experiences, also through the development of a community of practice. Eni’s top risks portfolio consists of 19 risks classified in: (i) external risks, (ii) strategic risks and, finally, (iii) operational risks.

Back to top
Back to top