Risk

MANAGEMENT

CTEEP has an Internal Audit department, which is responsible for monitoring the quality of the company’s system of internal controls.

CTEEP has adopted risk management practices to ensure the effective control of its operations. This process, shared by all the companies of the ISA group, is based on a methodology of Integral Risk Management (IRM). At CTEEP, implementation of the IRM began in January 2008 and followed the implementation guidelines described in the Integral Risk Management Policy, created in December 2007.

The model, based on the utilization of the Enterprise Risk Management (ERM) tool, brings together all of the company’s information, with the aim of identifying the risks inherent to the business and proposing the adoption of a set of actions that will manage risks in all processes, as part of an ongoing cycle.

During 2008, the implementation process was divided into stages:

definition of the main risks faced by a company in the electricity transmission sector, and the macro-processes affected;
evaluation of the risks, with scales of probability and severity of effect on the company’s resources;
definition of measures to administer and mitigate risks, in order to define the level of impact of each risk.

Taking this set of variables into account, 21 risk factors and around 180 subcomponents were identified and will be evaluated annually and updated in line with the development of the business. In order to ensure the application of the IRM, an Integral Risk Management Team was set up to coordinate the procedures and methodologies related to risk management.

CTEEP also has an Internal Audit department, which is responsible for monitoring the quality of the company’s system of internal controls, verifying compliance of its business and activities in relation to relevant laws and regulations (external rules) and the organization’s internal policies and norms. GRI 1.2