EN   /   DE

Risk management

Definition of risk

The EVN Group defines risk as the potential deviation from planned corporate targets and objectives.

Risk management process

TThe primary goal of risk management is to protect current and future earnings and cash flows through the active identification and control of risk. As part of the risk management process, a centrally organised corporate risk management provides the decentralised risk managers with effective methods and tools for identifying and assessing risks. The business units communicate their risk exposures to the corporate risk management, which helps to identify suitable actions to minimise these risks. The actions are then implemented by the decentralised business units. The corporate risk management department is responsible for analysing EVN’s risk exposure. Risks related to sustainability and compliance issues are identified and managed by specialised organisational units and/or processes in agreement with central risk management. The risk management process includes the following steps:

  • Identification: The survey and/or revision of risks based on the latest risk inventory (review of risk inventory) and the identification of new risk positions and appropriate risk management countermeasures
  • Assessment and analysis: The qualitative and quantitative evaluation of the identified risks; the aggregation of risks from different points of view; and the modelling of earnings and cash flow distributions
  • Reporting: Discussion and evaluation of the risk profile by the Risk Working Committee and the Group Risk Committee; the implementation of risk management measures where necessary; reporting on risk issues to the Audit Committee
  • Process review: Definition of the organisational units that must submit to an explicit risk assessment as well as regular reviews; review whether the methods of identifying and assessing risks should be modified to reflect changed conditions; regular reviews by the internal audit department

Responsibilities of the Risk Management Working Committee

The Risk Working Committee supports the corporate risk management department in the correct implementation of the risk management process. It evaluates and approves changes in risk assessment methods and defines the type and scope of the risk reporting. The voting members of the committee at the Group level include the heads of the following corporate functions: controlling, the general secretariat and corporate affairs, finance, accounting and internal audit and the chief compliance officer (CCO) as well as an (internal) energy industry expert.

Group Risk Committee and controlling

The results of the risk inventory and reports are presented to and discussed by the Group Risk Committee, which consists of the Executive Board of EVN AG, the heads of the strategic business units and part of the members of the Risk Working Committee. The Group Risk Committee decides on any need for action, can organise working groups and assign specified tasks, and is authorised to approve the results of the risk inventory (risk reports).

  • GRI indicator: The highest governance body’s role in reviewing the effectiveness of the organisation’s risk management processes for economic, environmental and social topics (G4-46)

Risk profile

In addition to the normal industry risks and uncertainties, EVN’s risk profile is influenced primarily by political, legal and regulatory challenges and changes in the competitive environment. EVN carries out an annual risk inventory that is updated as needed to reflect ad-hoc risk reports. This inventory includes the following categorisation of risks, which are described in detail below: market and competition risks, financial risks, operating risks, external risks, strategic and planning risks and other risks.

Market and competition risks

Energy trading and sales

EVN’s revenues can be negatively affected by a decline in demand due to weather conditions or climate change, demographic, political or technological factors and/or the loss of customers and sales volumes for image-related or competitive reasons. In addition, the development of market prices and market volatility, a suboptimal procurement strategy and declining margins can lead to lower profit margins in the energy business.

  • GRI indicator: Financial implications and other risks and opportunities for the organisation’s activities due to climate change (EC2)


Production that is increasingly decentralised and cannot be precisely planned as well as fluctuations in wind levels, water flows, sunshine hours and weather conditions can have a negative influence on earnings from the generation business (price and volume effects). The economic viability and intrinsic value of generation equipment is dependent to a significant degree on electricity and primary energy prices, the respective efficiencies, energy sector framework conditions and locations. Adverse developments can therefore lead to the recognition of an impairment loss. The creation of or addition to provisions for long-term (procurement) contracts may also be necessary. In spite of the measures implemented to date, these types of risks still exist for thermal generation plants, hydropower plants and generation plants that use renewable energies.


EVN is exposed to risks in the environmental services business from possible fluctuations in the demand, volume and/or costs of drinking water supplies, wastewater treatment systems and thermal waste utilisation facilities. The project volume in this business can also be negatively affected by market saturation or limited resources for infrastructure projects as well as non-inclusion in or the failure to win tenders. EVN is also exposed to various risks in connection with suppliers and the realisation of projects, which include the defective fulfilment or non-fulfilment of contractually agreed performance.

Financial risks

In managing credit and default risk, EVN distinguishes between receivables due from end customers, on the one hand, and receivables from financial and energy trading transactions and major projects/plants, on the other hand. The default risk associated with end customer receivables is limited primarily by efficient receivables management, the evaluation of credit standings based on ratings and experience and the regular monitoring of payment behaviour. However, a lack of purchasing power or deteriorating payment behaviour can have a negative effect on revenue in the energy segment.

Credits risks, above all in the treasury and energy trading areas and in project and procurement management, are countered with credit monitoring and credit limit systems, hedging instruments (e. g. bank guarantees) and a targeted strategy to diversify business partners.

EVN holds investments in areas related to the core business (above all Verbund AG, Rohöl-Aufsuchungs Aktiengesellschaft, Burgenland Holding AG and ENERGIEALLIANZ Austria GmbH). The difficult energy policy environment creates a risk that the unfavourable development of earnings and equity in these companies can also have a substantial impact on EVN.

In connection with active management of the risks related to liquidity, interest rates, foreign currencies and market prices, the current low interest rate environment represents an increasing challenge for the short- to medium-term investment of liquid funds. This can lead to opportunity losses and have a negative effect on the valuation of employee-related provisions and on future tariffs.

Operating risks

The energy and network businesses are particularly vulnerable to operating risks such as operational disruptions and stoppages as well as IT and safety-related problems that can cause supply interruptions and lead to liability and reputation risks. The envi- ronmental services business is also exposed to the risk of operating disruptions or interruptions in drinking water supplies, wastewater systems and thermal waste utilisation facilities. Risks can also arise from the suboptimal design and use of technical equipment and the assessment and implementation of technological innovations. Further operational risks are related to organisation, planning, personnel and compliance.

External risks (legal, political and macroeconomic risks)

The regulatory environment, energy and environmental protection laws and the changing political and public positions on energy and infrastructure projects are major risk drivers. A change in the subsidy system, the failure to receive anticipated subsidies or a change in the legally defined tariffs can have a negative effect on the company’s future asset, financial and earnings position.

Political and economic instability, arbitrary legal and regulatory measures as well as changes in the legal framework represent further challenges. EVN is exposed to the risk that necessary permits and licenses are not granted, may be withdrawn or not extended. Specific mention should be made of the license withdrawal proceedings initiated by the Bulgarian regulatory authority (EWRC) against EVN’s electricity distribution company in Bulgaria (EVN Bulgaria Electrosnabdiavane EAD).

Contractual and legal risks can arise in connection with pending or potential court, arbitration and investment protection proceedings as well as audits by supervisory or regulatory authorities.

Overall risk profile

In addition to the uncertainties connected with business areas and operations outside Austria, EVN is still confronted with a challenging environment in its home market of Lower Austria. The annual risk inventory did not identify any future risks that could endanger EVN’s continued existence.

>Enlarge table
EVN’s major risks and related countermeasures
Risk categoryDescriptionMeasure
Market and competitive risks
Profit margin risk
(price- and volume effects)
Energy sales and production: failure to meet profit margin targets
  •  Procurement and selling prices (especially for energy carriers) that are volatile and/or deviate from forecasts
  •  Declining demand for EVN’s products or services, decrease in own production volumes
Procurement strategy tailored to the market environment; hedging strategies; diversification of customer segments and business areas; development of a product portfolio that reflects customer demands; long-term sale of power plant capacity
Supplier riskCost overruns on projects; delays in the completion of contracted servicesPartnerships, contractual controls wherever possible, third party expert opinions
Financial risks1)
Foreign currency risksTransaction risks (foreign currency exchange loss) and translation risks in connection with the conversion of foreign currency amounts in the consolidated financial statements; financing for Group companies that does not reflect the respective foreign exchange situationMonitoring, limits and hedging instruments
Liquidity, cash flow and financing riskFailure to repay liabilities on schedule or to obtain the required liquidity/funds when needed at the expected conditionsLong-term, centrally managed financial planning, safeguarding of financing requirements (e.g. through credit lines)
Market price risksDecline in the value of investments (e.g. funds) and listed strategic holdings (e.g. Verbund AG, Burgenland Holding AG)Monitoring of loss potential via daily value-at-risk calculations; investment policies
Counterparty-/credit risksComplete or partial failure by a business partner to provide the agreed performanceContracts, credit monitoring and credit limit systems, insurances and diversification of business partners
Investment risksFailure of a subsidiary or holding to meet profit targetsRepresentation on the supervisory board and/or shareholder/risk committees of the respective company
Rating changesHigher refinancing costs due to rating downgradesEnsuring compliance with key financial indicators
Interest rate risksChanges in market rates, increase in interest expenseUse of hedging instruments
Impairment risksRecognition of impairment losses to receivables, goodwill, investments and/or other assetsMonitoring via sensitivity analysis
Risk that contingent liabilities
(guarantees) will be called
Financial loss due to claim of contingent liabilitiesLimit volume of contingent liabilities to the extent possible; constant monitoring
Strategy and planning risks
Technology riskLate identification of and reaction to new technologies (delayed investments) or to changes in customer needs; investments in “wrong” technologiesActive participation in external research projects, own demonstration facilities and pilot projects, on-going adjustments to keep technologies at the latest level
Planning riskModel risks, incorrect or incomplete assumptions, lost opportunitiesFeasibility studies by experienced, highly qualified employees, monitoring of parameters and regular updates, four-eyes principle
Organisational risksInefficient or ineffective processes, interfaces, duplicationProcess management, documentation, internal control system (ICS)
Operating risks
Infrastructure risksIncorrect design and use of technical facilitiesElimination of technical weaknesses, regular inspections and reviews of current and planned infrastructure
Service disruptions/network breakdowns (own and third party), accidentsSupply interruptions, physical danger to persons or infrastructure through explosions/accidentsTechnical upgrading at network interfaces, expansion and maintenance of network capacity
IT-/security risks (incl. cybersecurity)System losses, (unintended) data loss transfer, hacker attacksStrict system and risk monitoring (internal control system), backup systems, technical maintenance, external audits, occupational safety and health measures, crisis training
Workforce risksLoss of highly qualified employees, absence due to work accidents, surplus or shortfall of personnel, communication problems, cultural barriers, fraud, intentional or unintentional misrepresentations of transactions or items in the annual financial statementsAttractive work environment, occupational health care and safety measures, flexible working time models, training, group events, internal control system (ICS)
External risks
Legislative, regulatory and political risksChanges in political and legal parameters and/or the regulatory environment (e.g. environmental laws, changing legal framework, regulations and market liberalisation in South Eastern Europe); network operations: non-inclusion of actual operating costs in the network tariffs established by the regulatory authorityCooperation with interest groups, associations and government agencies on a regional, national and international level; appropriate documentation and service charges
Legal and litigation risksNon-compliance with contracts, litigation risk from various lawsuitsRepresentation in local, regional, national and EU-wide interest groups, legal consulting
Social and general economic environmentEconomic developments, debt/financial crisis, stagnating or declining purchasing power, rising unemploymentBest possible utilisation of (anti-)cyclical optimisation potential
Contract risksFailure to identify legal, economic or technical problems; contract risks under financing agreementsExtensive legal due diligence, involvement of external experts/legal advisors, contract database and on-going monitoring
Other risks
Granting of undue advantages, non-complianceDistribution of confidential internal information to third parties and the granting of undue advantages/ corruptionInternal control systems, uniform guidelines and standards, Code of Conduct, compliance organisation
Project riske.g. cost overruns on the construction of new capacityContractual agreement on economic parameters
Co-investment riskRisks related to the implementation of major projects jointly with a partnerContractual safeguards, efficient project management
SabotageSabotage, e.g. to natural gas lines, wastewater treatment plants or waste incineration plantsSuitable security measures, regular measurement of water quality and emissions
Image riskReputational damageTransparent and proactive communications, sustainable management
1) For information on the use of financial instruments, also see note
  • GRI indicator: Description of key impacts, risks and opportunities (G4-2)

Key features of the internal control and risk management system related to accounting processes

In accordance with § 267 (3b) and in connection with § 243a (2) of the Austrian Commercial Code (“Unternehmensgesetzbuch”, UGB), companies whose shares are admitted for trading on a regulated market are required to disclose the key features of their internal control and risk management system for corporate accounting processes. The Executive Board is responsible for establishing a suitable internal control and risk management system (ICS) for accounting processes as defined in § 82 of the Austrian Stock Corporation Act (“Aktiengesetz”, AktG).

EVN’s ICS is monitored at regular intervals by auditing the processes that are considered to be exposed to risk. The results of these monitoring activities are reported to the Executive Board and the Supervisory Board. The ICS ensures clear lines of responsibility and eliminates unnecessary process steps, and thereby further improves the security of processes for the preparation of financial data. The description of the major features of the ICS covers five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring.

Control environment

The Code of Conduct issued by EVN and the underlying values apply to all Group employees.

The consolidated financial statements are prepared by Group accounting. The related processes are based on an accounting guideline that defines the accounting policies to be applied as well as key processes and schedules for the entire Group. Binding instructions apply to the reconciliation of intragroup accounts and other work required for the preparation of the consolidated financial statements. All employees involved in the accounting process have the necessary qualifications and undergo regular training. Complex actuarial opinions and valuations are prepared by external experts or specially qualified employees. The managers responsible for the specific processes – in general, the heads of the strategic business units and corporate services – are responsible for compliance with these processes and the related control measures.

Risk assessment and control activities

Multi-stage control measures have been implemented to prevent material misstatements in the presentation of transactions in order to ensure that the individual IFRS financial statements of all subsidiaries are recorded correctly. These measures include automated controls that are executed by the consolidation software as well as manual controls by the involved corporate services. The corporate service departments carry out extensive plausibility checks of the individual subsidiaries’ financial statements to ensure their correct transfer to the consolidated financial statements. The review of the financial statement data includes analyses at the position, segment and Group levels, both before and after consolidation. The consolidated financial statements are not released until these quality controls are complete at all levels.

EVN AG and the major domestic and foreign subsidiaries use SAP software (FI module, finance and accounting) for their accounting. The IFRS consolidated financial statements are prepared with the Hyperion Financial Management software, whereby the data from the individual financial statements are transferred by means of an interface. The accounting systems and all upstream systems are protected by restricted access as well as automated and mandatory manual control steps.

The ICS and all accounting-related processes are reviewed by the auditor at least once each year to verify compliance with the required controls, to evaluate any risk incidents that occurred during the financial year and to determine whether the controls are still suitable to deal with the existing risks. In 2015/16, a number of process adjustments and improvements were made as part of the continuous efforts to further develop the ICS.

Information, communication and monitoring

The Executive Board provides the Supervisory Board with quarterly reports on EVN’s asset, financial and earnings position, together with a statement of financial position and a statement of operations. The Executive Board and the Supervisory Board also receive an ICS report twice each year, which contains basic information to evaluate the efficiency and effectiveness of the ICS and is designed to support the management of the ICS by the responsible corporate bodies. The report is prepared by ICS management in cooperation with the ICS Committee based on information supplied by the managers responsible for ICS, the persons who carried out the controls and the auditors.

  • GRI indicator: Frequency of the highest governance body’s review of economic, environmental and social impacts, risks and opportunities (G4-47)

This information is also distributed to management and key personnel in the involved companies to facilitate monitoring and control activities and thereby ensure the accuracy of accounting and reporting procedures. EVN’s internal audit department carries out regular reviews of the ICS, and their findings form the basis for the continuous improvement of this system.



My Annual Report