Identification, measurement and continuous monitoring: three key elements that guide the risk management of our activities.
In order to guarantee the long-term stability and continuity of the organisation, the CDP Group has implemented specific processes designed to manage and monitor the risks associated with its activities. This control system is reflected in the internal regulations of the Group – such as our Code of Ethics – and those of the subsidiaries that are subject to its management and coordination.
The risks associated with CDP Group activities are subject to control on three levels: starting with the first level checks carried out by the operating units, in the second level controls, the Chief Risk Officer ensures the monitoring of the Group’s overall risk profile, defining the methodologies and monitoring exposure to the various types of risk and presenting them clearly to the Senior Management and the Board of Directors, while Internal Auditing assesses the suitability of the internal monitoring system to ensure its effectiveness and efficiency. The entire risk monitoring process, in line with best practice, is divided into the following phases
The different types of risk are defined within the Group Risk Policy, which is approved by the Board of Directors and updated every six months, it is outlined in the Risk Regulation and associated documents, which each relate to a specific risk category.
The Risk Policy represents the Group's Risk Appetite Framework, which is the main tool that the Board of Directors uses to define CDP’s appetite for risk, tolerance thresholds, risk limits, risk governance policies and organisational processes.
Within the overall internal regulatory framework on risk management, aspects related to the management of risks of a social, environmental and financial nature are also considered. The CDP Group is strongly committed to making responsible investment decisions, in compliance with the changes in the reference legislation, and operates in such a way as to constantly improve its procedures and transparency.
Sustainability in risk assessment
The CDP Group adopts a prudent approach in monitoring its risks and attributes particular importance to the potential risks associated with ethical, social, environmental and governance aspects associated with investment and shareholding decisions. It does this by carrying out due diligence for reputational purposes, to ensure that its risk management is in line with the standards adopted by similar international organisations.
In this regard, as part of the due diligence process for transactions governed by specific internal policies, CDP Group acquires formal documentation, where necessary, to prove that there are no negative environmental and social impacts or the existence of impact mitigation initiatives, which is one of the elements of the overall evaluation of the initiatives themselves.
For further information on Governance and risk management, please refer to the 2018 Consolidated Non-Financial Statement