Identification, measurement and continuous monitoring are the three key elements that guide the management of the risk of our activities
Risk is an implicit aspect of the CDP Group's business, which is managed by making a culture of risk, compliance and sustainability a fundamental pillar of our daily operations.
The CDP Group has set up a system of internal controls (a set of controls, rules, procedures and organisational structures) designed to identify, assess, monitor and mitigate risks, as well as to ensure full regulatory compliance and compliance with corporate strategies for achieving set objectives.
The risks associated with CDP Group activities are subject to control on three levels: starting with the first level checks carried out by the operating units, in the second level controls, the Chief Risk Officer ensures the monitoring of the Group’s overall risk profile, defining the methodologies and monitoring exposure to the various types of risk and presenting them clearly to the Senior Management and the Board of Directors, while Internal Auditing assesses the suitability of the internal monitoring system to ensure its effectiveness and efficiency. The entire risk monitoring process, in line with best practice, is divided into the following phases:
The different types of risk are defined within the Group Risk Policy, which is approved by the Board of Directors and updated every six months, as outlined in the Risk Regulation and associated documents, which each relate to a specific risk category.
The Risk Policy represents the Group's Risk Appetite Framework, which is the main tool that the Board of Directors uses to define CDP’s appetite for risk, tolerance thresholds, risk limits, risk governance policies and organisational processes.
Within the overall internal regulatory framework on risk management, aspects related to the management of risks of a social, environmental and financial nature are also considered. The CDP Group is strongly committed to making responsible investment decisions, in compliance with the changes in the reference legislation, and operates in such a way as to constantly improve its procedures and transparency.
Sustainability in risk assessment
The CDP Group adopts a prudent approach in monitoring its risks and attributes particular importance to the potential risks associated with ethical, social, environmental and governance aspects associated with investment and shareholding decisions. It does this by carrying out due diligence for reputational purposes, to ensure that its risk management is in line with the standards adopted by similar international organisations.
In this regard, as part of the due diligence process for transactions governed by specific internal policies, the CDP Group acquires formal documentation, where necessary, to prove that there are no negative environmental and social impacts or the existence of impact mitigation initiatives, which is one of the elements of the overall evaluation of the initiatives themselves.
For further information on Governance and risk management, please refer to the 2021 Integrated Report