Skip to main content
Publications Global Presence EN
Please, fill this field

Or , our new artificial intelligence tool.

Please, fill this field

Or , our new artificial intelligence tool.

Company Governance Sustainability
Vision Actions
Actions Go to
Energy Diversification Technologies for the transition Partnership for innovation Activities around the world
Products
Investors Media Careers
Investors Media Careers
Company Governance Sustainability
Publications Global Presence Login Yellow login
EN IT

Integrated Risk Management

We identify, analyse, quantify and monitor risks, as well as developing strategies to manage them.

Man and woman in office discussing with ipad in hand

A model that aims to strengthen company awareness

Eni has developed and adopted an Integrated Risk Management Model (IRM Model) supporting Eni’s management awareness in taking risk-informed decisions through risk assessment and analysis with an integrated, comprehensive and prospective vision.
The IRM Model is based on a system of methodologies and skills that leverages on criteria ensuring consistency of the evaluations to improve the effectiveness of the analyses, adequacy of support for the main decision-making processes (definition of the Strategic Plan) and to guarantee the disclosure to the administration and control bodies.

The IRM Model is characterized by a structured approach, based on international best practices and considering the guidelines of the Internal Control and Risk Management System, that is structured on three control levels.

Governance attributes a central role to the Board of Directors (BoD) which defines, on the basis of the analyses proposed by the Chief Executive Officer (CEO) and with the support of the Control and Risk Committee (CCR), with reference to the short-medium term Strategic Plan, the nature and level of risk compatible with the company’s strategic objectives, including in its assessments all the elements that may be relevant with a view to the sustainable success of the company.

Eni’s CEO implements the BoD’s guidelines; the analysis is based on the scope of the work and risks specific of each business area and processes aiming at defining an Integrated Risk Management policy. The CEO also ensures the evolution of the IRM process consistently with business dynamics and the regulatory environment. At least quarterly, the IRM function presents the relevant results to the CEO, to the Control and Risk Committee, as well as, where required, to the other control and supervisory bodies. The CEO submits the results of the analysis on Eni’s main risks to the Board of Directors at least quarterly.

IRM PROCESS

The IRM process ensures the detection, consolidation and analysis of all Eni’s risks and supports the BoD to verify the compatibility of the risk profile with the strategic targets, also in a medium/long-term approach. The IRM supports management in the decision-making process by strengthening awareness of the risk profile and the associated mitigations.

The process, regulated by the Global Procedure “Integrated Risk Management” is continuous, dynamic and includes the following sub-processes:

i)    Risk strategy;

ii)   Integrated Risk Assessment;

iii)  Integrated Country Risk;

iv)  Integrated Project & M&A Risk Management.

The IRM process starts from the specialist contribution to the elaboration of the Strategic Plan provided on the basis of the overall risk management activity, with particular reference to the definition of the de-risking areas, the analysis of the risk profile underlying the Plan proposal and the identification of the main actions with effective de-risking of the strategic company’s top risks. The results of the activities are presented to the Administrative and Control bodies in times consistent with the Strategic Planning process.

The “Integrated Risk Assessment” sub-process includes: periodic risk assessment and monitoring cycles in order to understand the risks taken on the basis of the strategic targets of the short-medium term Strategic Plan also looking at the long-term, through the definition, evaluation and monitoring of the main company’s risks and the related treatment measures; assessment activities on industrial assets; other analyses on specific risks. Furthermore, activities regarding the integrated analysis of existing risks in the main Countries of presence or potential interest and activities to support the sub-process “Integrated Country Risk” ICR the decision-making process for the authorization of investment projects and main transactions are performed (sub-process “Integrated Project Risk Management and M&A Risk Management”).

The infographic represents the governance model of the internal control and risk management system, structured across three levels, involving governance bodies, management, the internal audit function and external assurance providers.  At the top of the system are the governance bodies and entities, including the Board of Directors, the Control and Risk Committee, the Board of Statutory Auditors, the Supervisory Body, the Chair of the Board of Directors and the Chief Executive Officer.  These bodies perform functions of direction, delegation, supervision and resource allocation, as well as accountability, reporting and assurance.  Management is responsible for the implementation of the internal control and risk management system, which is structured across three levels.  The first level is dedicated to the identification and management of relevant risks and related controls.  This level is overseen by line management and risk owners within business and support processes.  The second level is dedicated to monitoring the main risk categories and the adequacy of the control system.  It is carried out by specialist functions, including:  Integrated compliance  Integrated risk management  Manager in charge  Corporate affairs and governance  HSE  Process owner  Planning and control  Dedicated or specialist risk functions and compliance models, such as security, asset integrity, cyber, health, data protection officer and organisation  Second-level functions provide support to the first level.  The third level is entrusted to the Internal Audit function, which performs independent assurance and advisory activities on the first and second levels of control and on the internal control system as a whole.  The Internal Audit function also provides advisory activities in support of the first and second levels.  Alongside the internal system, external assurance providers operate, contributing to the overall effectiveness of the control system.  The model provides for structured flows of direction, supervision, accountability, reporting, assurance, communication, coordination and collaboration among the different levels and stakeholders involved. 

The risks are assessed with quantitative and qualitative tools considering both the likelihood of occurrence and the impacts that may results from the occurrence of the risk in a defined time horizon.

The assessment usually is expressed as both an inherent and a residual level (taking into account the effectiveness of the mitigation actions) and allows to measure the impact with respect to the achievement of the objectives of the Strategic Plan and for the whole life as regards the business. The risks are represented on the basis of the likelihood of occurrence and the impact on matrices that allow their comparison and classification by relevance. Risks with economic/financial impact can be also analyzed in an integrated perspective on the basis of quantitative models that allow to define on a statistical basis the distribution of cash flows at risk or to simulate the aggregate impact of risks in the face of hypothetical future scenarios (what if analysis or stress test).

Finally, Risk Knowledge, training and risk communication activities are carried out, aimed at increasing the dissemination of the risk culture, identifying, developing and strengthening the resources operating in the risk management field across Eni’s various businesses and developing the risk knowledge management system.

In 2025, two assessment sessions were performed: the Annual Risk Assessment performed in the first half of the year and in the second half of the year the Strategic Plan Risk Assessment, to support the elaboration process of the Strategic Plan. The assessment involved all business lines in Italy and abroad. The two assessment results were submitted to Eni’s management and control bodies in July 2025 and January 2026. In addition, three monitoring processes were performed on Eni’s top risks. The monitoring of such risks and the relevant treatment plans allows to analyze the risks evolution (through the update of appropriate indicators) and the progress in the implementation of specific treatment measures planned by management. The top risks monitoring results were submitted to the management and control bodies in March, July and October 2025.

Eni’s top risks portfolio is classified in: (i) external risks, (ii) strategic risks and, finally, (iii) operational risks. 

Publications
Annual Report 2025
Annual Report 2025
PDF (11.07 MB)

On the same topic

Download document Download document