We pay great attention to the correct management of risks related to the conduct of our business. We have therefore adopted specific monitoring and mitigation processes and procedures aimed at guaranteeing airport safety and service quality, protecting tangible and intangible assets of interest to stakeholders and creating value over the long term. In 2016, in order to support existing measures, management decision-making processes and stakeholder assurance, we initiated an Enterprise Risk Management (ERM) project designed to build a model for the identification, classification, measurement, monitoring and homogeneous and transversal assessment of operational risks.
The related policy16 was approved by the Board of Directors in 2017.
The Risk Model used by Management to carry out periodic assessments is based on 4 Risk Areas:
- external risks
- operating and business risks
- financial risks
- legal and compliance risks.
Within these areas there are some risk incidents which could impact on employee health and safety with varying degrees of severity, and which, more broadly, might impact on people transiting through the airport, on the environment, in terms of pollution, and the degradation of resources, or which might have a social impact i.e. community relations as well as elements relating to employee management. Each risk incident identified is assessed on the basis of a 5- year occurrence probability (the same period as the group's Strategic plan), and its impact is based on four elements which include HSE (health safety and the environment), reputational impacts, as well as the level of maturity in managing the risk itself. There are 5 levels of risk assessment.
To integrate the mapping and evaluation of the ERM risks (Enterprise Risk Management), the SEA Group consolidated ad hoc functions responsible for specific management systems in compliance with the industry regulations. The risks monitored by these functions cover the environment, energy and Occupational Health & Safety. In fact, within the scope of each certification process (ISO 14001, ISO 50001, OHSAS 18001 and ISO 37001 currently being finalized), the Group is engaged in specific activities to identify, assess and manage risks, which in conjunction with the activities of continuous improvement and the policies implemented, allow the Company to effectively manage non-financial risks also.
16 On September 21, 2017, the Board of Directors approved the Enterprise Risk Management Policy, which defined an ERM division, under the responsibility of the Chief Financial and Risk Officer, as a second level of risk management control to support corporate structures in the identification and management of business risks, through the development of tools, frameworks and methodologies, and to guarantee periodic reporting to middle and top management on the evolution of the risk profile.