Risk management

Definition of risk

EVN defines risk as a danger of negative deviations from corporate goals. The evaluation and management of risk also covers the related opportunities.

Risk management process

The primary goal of risk management is to protect current and future earnings and cash flows. As part of the risk management process, a centrally organised corporate risk management department provides the decentralised risk managers with suitable methods and tools for identifying and assessing risks. The business units communicate their risk exposures to this department, which helps to identify suitable actions to minimise these risks. The actions are then implemented by the decentralized business units. The corporate risk management department is responsible for analysing and measuring EVN’s overall risk exposure. Risks related to sustainability and compliance issues are identified and managed by specialised organisational units and/ or processes in agreement with central risk management.

The risk management process includes the following steps:

• Identification: A survey and/or revision of risks based on the latest risk inventory (review of risk inventory) and the identification of new risk positions
• Assessment and analysis: A qualitative and quantitative evaluation of the identified risks; the aggregation of risks from different points of view; and the modelling of earnings and cash flow distributions
• Reporting: The distribution of risk reports to EVN’s risk managers and the Executive Board; discussion and evaluation of the risk exposure by the Risk Management Working Committee and the Group Risk Committee; the implementation of risk management activities where necessary
• Process review: Methodical identification of the organitional units that must carry out an explicit risk assessment as well as regular reviews to determine whether the methods of identifying and assessing risks should be modified to reflect changed conditions

Responsibilities of the Risk Management Working Committee

The Risk Management Working Committee is responsible for monitoring the correct implementation of the risk management process. It approves changes in risk measurement methods and defines the type and the scope of official risk reporting. This committee includes the heads of internal audit, the general secretariat and corporate affairs and controlling as well as central risk management. Internal audit also reviews the risk management processes and the implementation of measures to minimise risk.

Group Risk Committee and Controlling

The results of the risk inventory and the reports are presented to and discussed by the Group Risk Committee, which consists of the Executive Board, the heads of the strategic business units and the Risk Management Working Committee. It decides on any need for action and may also organise working groups and assign specified tasks. The Group Risk Committee is authorised to define risk management measures aimed at changing EVN’s risk exposure and, in this way, influences the company’s strategic orientation.

• GRI indicator: The highest governance body’s role in reviewing the effectiveness of the organisation’s risk management processes for economic, environmental and social topics (G4-46)

Risk profile

In addition to the normal industry risks and uncertainties, EVN’s risk profile is influenced primarily by political, legal and regulatory challenges and changes in the competitive environment. EVN carries out an annual risk inventory that is updated as needed to reflect ad-hoc risk reports. This inventory includes the following categories, which are described in detail below: market and competitive risks, financial risks, operating risks, external risks, strategic and planning risks and other risks.

Market and competitive risks

Energy trading and sales

EVN’s revenues can be negatively affected by a decline in demand due to weather conditions or climate change, economic, political and technological factors or the loss of customers and sales volumes for image-related or competitive reasons. In addition, rising or more volatile market prices and declining margins can lead to lower profit margins in the energy business. There is also a risk that revenue declines may not be temporary, especially if they are the result of weather effects, energy efficiency measures or changes in customer behaviour and the churn rate.

• GRI indicator: Financial implications and other risks and opportunities for the organisation’s activities due to climate change (EC2)

Generation / supply

Production that is increasingly decentralised and cannot be precisely planned as well as fluctuations in wind levels, water flows, sunshine hours and weather conditions can have a negative influence on earnings from the generation business (price and volume effects). The economic viability and intrinsic value of generation equipment is dependent to a significant degree on electricity and primary energy prices as well as the respective efficiencies, and adverse developments can therefore lead to the recognition of an impairment loss. In addition, the creation of or addition to provisions for long-term (procurement) contracts may also be necessary. In spite of the impairment losses recognised during 2013/14, these types of risks still exist due to the on-going difficult market environment for energy generation plants.

Environment

EVN is exposed to risks in the environmental services business from possible fluctuations in the demand, volume and/or costs of drinking water supplies, wastewater treatment systems and thermal waste utilisation facilities. Moreover, market saturation or non-inclusion in tenders can lead to a decline in the volume of projects in the environmental services business.

EVN is also exposed to various risks in connection with suppliers and the realisation of projects, which include the defective fulfilment or non-fulfilment of contractually agreed performance.

Financial risks

In managing credit and default risk, EVN distinguishes between receivables due from end customers on the one hand, and receivables from financial and energy trading transactions and major projects/ plants, on the other hand.

The default risk associated with end customer receivables is limited primarily by efficient receivables management, the evaluation of credit standings based on ratings and experience and the regular monitoring of payment behaviour. However, a lack of purchasing power or deteriorating payment behaviour can have a negative effect on revenue in the energy segment.

Credits risks, above all in the treasury and energy trading areas and in project and procurement management, are countered with credit monitoring and credit limit systems, hedging instruments (e.g. bank guarantees) and a targeted strategy to diversify business partners.

Write-downs on receivables can have a significant negative effect on EVN’s earnings. This also applies to the (extraordinary) depreciation as well as the recognition of impairments of assets such as investments and goodwill.

EVN holds investments in areas related to the core business, among others in Verbund AG, Rohöl-Aufsuchungs AG, Energie Burgenland AG and EconGas GmbH. The energy policy environment creates an increased risk that the unfavourable development of earnings and equity in these companies can also have a substantial impact on EVN. Furthermore, contingent liabilities could be called and result in actual payment obligations.

The measures taken to counter liquidity and (re-)financing risk include regular liquidity analyses, long-term and centrally managed financial planning, the diversification of financing sources and the protection of required financial resources. EVN is also exposed to financing risks through a possible change in its rating and to contract risks through its financing contracts.

Interest rate, foreign exchange and market price risks are managed with a comprehensive treasury strategy which, among others, includes daily risk analyses and the use of derivative hedging instruments.

Operating risks

The energy business is particularly vulnerable to operating risks like operating disruptions and stoppages as well as IT and safety-related problems that can cause supply interruptions. The environmental services business is also exposed to the risk of operating disruptions or interruptions in drinking water supplies, wastewater systems and thermal waste utilisation facilities.

Key processes in the energy and environmental services businesses are associated with specific dangers that expose EVN to a liability and reputation risk.

External risks

Changes in the regulatory environment, political pressure on major projects and changing requirements under energy and environmental protection laws are the primary drivers for political and legal risks. For example, changes in subsidy systems or the failure to receive committed or expected subsidies can have a negative effect on the company’s future asset, financial and earnings position.

The current political and economic instability in a number of the markets in which EVN operates, potentially illegal or faulty legislation and regulatory measures as well as a changing legal framework represent risks that are addressed in cooperation with local, regional, national and international government agencies and interest groups. These institutions include the World Bank in Washington, where investment protection proceedings are currently in process against the Republic of Bulgaria.

EVN is exposed to the risk that necessary permits and licenses are not granted, may be withdrawn or not extended. Specific mention should be made of the license withdrawal proceedings initiated by the Bulgarian regulatory authority against EVN’s electricity distribution company in Bulgaria (EVN Bulgaria Electrosnabdjavane EAD).

Legal and litigation risks can arise, above all, in connection with pending or potential regulatory, court, arbitration and investment protection proceedings as well as audits by supervisory authorities (in particular related to power plant projects like Duisburg-Walsum and to foreign investments and business operations).

Contractual risks can arise, among others, from the failure to identify legal, economic or technical problems.

Overall risk profile

In addition to the uncertainties connected with business areas and operations outside Austria, EVN is still confronted with a challenging environment in its home market of Lower Austria. The previously implemented consolidation measures will therefore be continued.

The annual risk inventory did not identify any future risks that could endanger EVN’s continued existence.

• GRI indicator: Description of key impacts, risks and opportunities (G4-2)

EVN’s major risks and related countermeasures

Market and competitive risks

Price risk

Procurement and selling prices (especially for energy carriers) that are volatile and/or deviate from forecasts

• Fixed price agreements, procurement strategy tailored to the market environment, hedging transactions

Profit margin risk

Energy sales and production: failure to meet profit margin targets

• Hedging strategies: diversification of customer segments and business areas, long-term sale of power plant capacity, development of a product portfolio that reflects customer demands (incl. various floating and guarantee tariffs)

Network operations: non-inclusion of actual operating costs in the network tariffs established by the regulatory authority

• Interest groups, appropriate documentation and service charges

Volume risk

Declining demand for EVN’s products or services, decrease in own production volumes

Supplier risk

Cost overruns on projects; delays in the completion of contracted services

• Partnerships, contractual controls wherever possible, third party expert opinions

Financial risks¹⁾

Foreign currency risks

Transaction risk (foreign currency exchange loss) and translation risk in connection with the conversion of foreign currency amounts in the consolidated financial statements; financing for Group companies that does not reflect the respective foreign exchange situation

• Monitoring, limits and hedging instruments

Liquidity and financing risks

Failure to repay liabilities on schedule or to obtain the required liquidity/funds at the expected conditions

• Long-term, centrally managed financial planning, safeguarding of financing requirements (e.g. through credit lines)

Market price risks

Decline in the listed value of investments (e.g. funds) and listed strategic investments (e.g. Verbund AG, Burgenland Holding)

• Monitoring of loss potential via daily value-at-risk calculations

Counterparty/credit risks

Complete or partial failure by a business partner to provide the agreed performance

• Contracts, credit monitoring and credit limit systems, insurances and diversification of business partners

Investment risks

Failure of a subsidiary or holding to meet profit targets

• Representation on the supervisory board and/or shareholder/risk committees of the respective company

Rating changes

Higher refinancing costs due to rating downgrades

• Ensuring compliance with key financial indicators

Interest rate risks

Changes in market rates, increase in interest expense

• Use of hedging instruments

Impairment risks

Recognition of impairment losses to receivables, goodwill, investments and/or assets

Inflation/deflation risk

Risk that contingent liabilities (guarantees) will be called

Operating risks

Infrastructure risks

Incorrect design and use of technical facilities

• Elimination of technical weaknesses, regular inspections and reviews of current and planned infrastructure

Service disruptions/network breakdowns (own and third party), accidents

Supply interruptions, physical danger to persons or infrastructure through explosions/accidents

• Technical upgrading at network interfaces, expansion and maintenance of network capacity

IT/security risks (incl. cybersecurity)

• Strict system and risk monitoring (internal control system), e.g. through backup systems, technical maintenance, external audits, occupational safety and health measures, crisis exercises

Workforce risks

Loss of highly qualified employees, absence due to work accidents, surplus or shortfall of personnel, communication problems, cultural barriers, fraud, intentional or unintentional misrepresentations of transactions or items in the annual financial statements

• Attractive work environment, occupational health care and safety measures, flexible working time models, training, group events, internal control system (ICS)

External risks

Legislative, regulatory and political risks

Changes in political and legal parameters and/or the regulatory environment (e.g. environmental laws, changing legal framework, regulations and market liberalisation in South Eastern Europe)

• Cooperation with interest groups, associations and government agencies on a regional, national and international level

Legal and litigation risks

Non-compliance with contractual obligations by several parties, or litigation risk from various lawsuits

• Representation in local, regional, national and EU-wide interest groups, legal consulting

Social and general economic environment

Economic developments, debt/financial crisis, stagnating or declining purchasing power, rising unemployment

Contract risks

Failure to identify legal, economic or technical problems; contract risks under financing contracts

• Extensive legal due diligence, involvement of external experts/ legal advisors, contract database and on-going monitoring

Strategic and planning risks

Technology risk

Late identification and implementation of new technologies; investments in “wrong” technologies

• Active participation in external research projects, own demonstration facilities and pilot projects, on-going adjustments to keep technologies at the latest level

Planning risk

Model risks, incorrect or incomplete assumption, lost opportunities

• Feasibility studies by experienced, highly qualified employees, monitoring of parameters and regular updates, four-eyes principle

Organisational risks

Inefficient or ineffective processes, interfaces; duplication

• Process management, documentation, internal control system (ICS)

Different owner strategies in non-controlled companies

Other risks

Granting of undue advantages, non-compliance

Distribution of confidential internal information to third parties and the granting of undue advantages/corruption

• Internal control systems, uniform guidelines and standards; reorganisation of the subsidiaries in South Eastern Europe; Code of Conduct, compliance organisation

Project risk

e.g. cost overruns on the construction of new capacity

• Contractual agreement on economic parameters

Co-investment risk

Risks related to the implementation of major projects jointly with a partner

• Contractual safeguards, efficient project management

Sabotage

Sabotage, e.g. to natural gas lines, waste water treatment plants or waste incinceration plants

• Suitable security measures, regular measurement of water quality and emissions

Image risk

• Transparent and proactive communications, high ethical standards in all areas of the business

Key features of the internal control and risk management system related to accounting processes

Introduction

In accordance with § 267 (3b) in connection with § 243a (2) of the Austrian Commercial Code (“Unternehmensgesetzbuch”, UGB) as amended by the 2008 Corporate Law Amendment Act (“Unternehmensrechts- Änderungsgesetz”, URÄG), companies whose shares are admitted for trading on a regulated market are required to disclose the key features of their internal control and risk management system for corporate accounting processes.

As defined in § 82 of the Austrian Stock Corporation Act (“Aktiengesetz”, AktG), the Executive Board is responsible for establishing a suitable internal control and risk management system for accounting processes.

EVN developed and implemented an internal control system (ICS) that meets the requirements of the 2008 Corporate Law Amendment Act. The ICS is monitored at regular intervals by auditing the processes that are considered to be exposed to risk. The results of these monitoring activities are reported to the Executive Board and the Supervisory Board. The ICS ensures clear lines of responsibility and eliminates unnecessary process steps, and thereby further improves the security of processes for the preparation of financial data.

The description of the major features of the ICS covers five interrelated components: control environment, risk assessment, control activities, information and communication, and monitoring.

Control environment

The Code of Conduct issued by EVN and the underlying values apply to all Group employees. EVN’s Code of Conduct is available in German under www.evn.at/verhaltenskodex and in English under www.evn.at/code-of-conduct.

The consolidated financial statements are prepared by Group accounting. The related processes are based on an accounting guideline that defines the accounting policies to be applied as well as key processes and schedules for the entire Group. Binding instructions apply to the reconciliation of intragroup accounts and other work required for the preparation of the consolidated financial statements.

All employees involved in the accounting process have the necessary qualifications and undergo regular training. Complex actuarial opinions and valuations are prepared by external experts or specially qualified employees.

The implementation of the ICS also included the designation of processes that are considered to be relevant for the accounting area. These processes include the documentation of all steps involving risk and the creation of special control measures for their monitoring.

The managers responsible for the specific processes – in general, the heads of the strategic business units and corporate services – are responsible for compliance with these processes and the related control measures.

Risk assessment and control activities

Multi-stage control measures have been established to prevent material misstatements in the presentation of transactions in order to ensure that the individual IFRS financial statements of all subsidiaries are recorded correctly. These steps include automated controls that are executed by the consolidation software as well as manual controls by the involved corporate services.

The corporate service departments carry out extensive plausibility checks of the individual subsidiaries’ financial statements to ensure correct transfer to the consolidated financial statements.

The review of the financial statement data includes analyses at the position, segment and Group levels, both before and after consolidation. The consolidated financial statements are not released until these quality controls are complete at all levels.

EVN AG and the major domestic and foreign subsidiaries use SAP software (FI module, finance and accounting) for their accounting. The IFRS consolidated financial statements are prepared with the Hyperion Financial Management software, whereby the data from the individual financial statements are transferred by means of an interface. The accounting systems and all upstream systems are protected by restricted access as well as automated and mandatory manual control steps.

Control measures range from the review of results by the responsible employees to the reconciliation of accounts and the analysis of accounting processes.

The ICS and all accounting-related processes are reviewed by the auditor at least once each year to verify compliance with the required controls, to evaluate any risk incidents that occurred during the financial year and to determine whether the controls are still suitable to deal with the existing risks. In 2013/14, a number of process adjustments and improvements were made as part of the continuous efforts to further develop the ICS.

Information, communication and monitoring

The Executive Board provides the Supervisory Board with quarterly reports on EVN’s asset, financial and earnings position, together with a balance sheet and income statement. The Executive Board and the Supervisory Board also receive an ICS report once each year, which contains basic information to evaluate the efficiency and effectiveness of the ICS system and is designed to support the management of the ICS by the responsible corporate bodies. This report is prepared by the ICS manager in cooperation with the ICS Committee based on information supplied by the managers responsible for ICS, the persons who carried out the controls and the auditors.

• GRI indicator: Frequency of the highest governance body’s review of economic, environmental and social impacts, risks and opportunities (G4-47)

This information is also distributed to Management and key personnel in the involved companies to facilitate monitoring and control activities and thereby ensure the accuracy of accounting and reporting procedures.

EVN’s internal audit department carries out regular reviews of the ICS, and their findings form the basis for the continuous improvement of this system.