Risk management

Risk management

Like any other company, we have to deal with a large variety of internal and external factors that affect our operations in a positive or negative sense. Sometimes these factors affect the feasibility of our strategy and objectives. We consider risk management a fundamental part of our operations, and we use it to identify and manage our main risks. It allows us to make well-informed choices that lead to a greater chance of success of our mission, vision and strategy, within a risk profile and risk appetite that is acceptable to us. Risk management also plays an important role in justifying internal and external requirements. In this role, risk management is compliance-driven.


Risk management is a continuous process that is performed at strategic, tactical and operational level. It provides management information, as well as clarifying accountability in decision-making. The Executive Board is responsible for risk management within our company, and is supported in this by the Corporate Risk Management department.
The risk management frameworks are laid down in our risk management policy have also been embedded in the Minimum Requirements for Management Control. The Risk Framework is designed so that risks can be managed both top-down and bottom-up.

We use the Three Lines of Defense (LoD) model, in which our business/line management is primarily responsible for applying risk management, forming the first line. The second line consists of corporate departments, including Risk Management and Control, whose task it is to prepare a risk management policy for the Executive Board, and to challenge and advise the business. The third line is formed by the Operational Audit department, which assesses the setup and functioning of the Risk Framework and reports on this to the Chairman of the Executive Board.

As part of the Management Control system, the Supervisory Board and the Audit Committee regularly discuss developments regarding the objectives, strategy and policy, as well as the most important risks of the company and the outcomes of operational audits with the (members of) the Executive Board.

Our employees act on the basis of our core values and risk awareness, thus creating a ʻBase Line of Defenseʼ.

Developments in 2014 and 2015

In 2014, we evaluated both the setup and functioning of our risk management to determine to which extent our risk management is in line with our current and business activities. We carried out the evaluation in collaboration with an external party, and we discussed the preliminary findings with the Executive Board and the Audit Committee. We concluded that the basis of our current framework suffices, and that we will use risk management even more to support strategic decision-making and to keep insight into the effects of our increasingly dynamic environment. We will work this out further in 2015.

Risk acceptance

The table below shows risk acceptance according to the COSO Enterprise Risk Management Framework, which classifies the risks into four categories: Strategic, Operational, Reporting/Finance and Compliance/Legal. At corporate and business unit level, we specifically identify and manage strategic risks and opportunities, while at department level we mainly focus on operational risks.

Risk category (COSO ERM) Risk acceptance Explanation
Strategic Low In pursuing our strategic objectives, we try to strike a balance between the regulated TSO function (very low risk acceptance) and the non-regulated TSO activities (higher risk acceptance) to prevent that risks which threaten the achievement of the strategic objectives enhance each other, which generally leads to a lower risk acceptance.
Operational Very low Risks to the safety of our surroundings or to Gasunie employees or contractors are avoided as much as possible; risk acceptance is very low. Risks to the continuity of a reliable infrastructure are also reduced.
Reporting/Finance Low Gasunie is not prepared to take risks regarding material errors in financial systems, models and business reports. Gasunie is not prepared to take risks that limit its access to the financial markets.
Compliance/Legal Zero Gasunie strives to comply with all applicable laws and regulations.

Corporate risk analysis

The corporate risk analysis is carried out at strategic level. This is the risk analysis that the Executive Board performs together with the business unit and unit managers, and which is integrated into the strategy cycle and into the business planning and control cycle. For the corporate risk analysis, we use a time horizon of 5 to 10 years.

The main risks that follow from our corporate risk analysis are as follows:

Strategic/general risks Management measures (selection)


  • Position of gas and Gasunie neglected in European (particularly north-west European) energy policy
  • Further promote ‘Gas advocacy’; position gas as an integral part of the energy mix to enable a transition towards a more sustainable energy use by means of good storage and transport facilities.
  • A dedicated department (New Energy) has been set up that focuses on facilitating and stimulating new sustainable energy projects with an important role for gas, either independently or through partnerships.
  • Geopolitical risks
  • Safeguard security of supply through stable economic and political relationships.

Market and profitability objectives

  • Limited growth due to market developments
  • Enter into joint ventures; distinguish ourselves from the competition by providing good services and products (e.g., PRISMA and TTF), with sustainable energy forming part of the offering.
  • Investments to meet sustainability aims cannot be earned back in the short term
  • Develop new business models; hold ongoing dialogue with relevant stakeholders.
  • Changing revenue model
  • Develop a vision of future capacity demand and adjust the business model/revenue model in good time.



  General regulatory uncertainty:

  • Adverse developments in the regulatory framework can only be absorbed to a limited extent, as the carrying amount and recoverable amount of the gas transport network are comparable, both in the Netherlands and in Germany
  • Insufficient influence on the development of regulation in Europe

Laws and regulations restrict growth/development

  • Hold dialogue with regulatory authorities.
  • Implement possible consequences into our business operations.
  • Intensify the relationship between Gasunie as a TSO and ENTSOG (single European gas market).

  Security of Supply

  • Lower availability of L gas
  • Contribute to the transition of L gas to H gas (e.g., by safeguarding the capacity for quality conversion and liquidity of the Dutch market).
Operational risks
Management measures (selection)


  • Disasters, such as large accidents, as well as terrorist and cyber attacks
  • Dangerous situations
  • Periodically review policy on operational continuity/crisis management and hold emergency drills.
  • Safety Management System (e.g., NTA 8000).
  • Continuously emphasise (internally and externally) the importance of safety and the four pillars of our safety policy: occupational safety, external safety, process safety and technical safety.
  • Continuous focus on cyber risks by taking appropriate measures.

  Project management


  • Delays in the planning and completion of infrastructure projects; public opinion and regulators less willing to accept risks
  • Adopt active stakeholder management (e.g., regarding licensing process).
  • Prepare organisation to cope with tighter constraints and related need to justify actions.

The following figure depicts the aforementioned risks, relating them to the probability that they will actually occur and the impact of risk management measures. The numbers in the matrix refer to the numbers of the risks mentioned above:

Practical case studies

In the past year, risk analyses were carried out for various projects. To provide insight into the risks we face and the way we handle them, a few examples are given below.

LNG Break Bulk Terminal Rotterdam

In the future, LNG can play an important role as a cleaner fuel for ships and vehicles, and also as an alternative energy source for industrial customers who do not have access to the gas network. We have therefore made the Gate terminal suitable for the distribution of LNG to end users. Before we did so, however, we made a scenario analysis, which gave us insight into the potential returns under various market circumstances. In some scenarios, the expected return was lower than the normal return. By mapping the opportunities and threats for this new activity, and subsequently determining risk appetite, risk management contributed to the decision-making.

With regard to new sustainable applications of gas, we accept a higher risk profile for the non-TSO activities, in order to be able to promote sustainable developments as part of our social responsibility.

Risk management for large projects

In 2014, the construction of the Beverwijk-Wijngaarden pipeline route was completed. In such a large and complex project, there are many stakeholders, who may have different interests. During our risk management process, we made a careful inventory of these interests. This, combined with solid engineering and an early start to the project, enabled us to get through the licensing process efficiently, while keeping our stakeholders in mind. Besides examining the risks at the preparation stage, we also examined the technical implementation risks. In the densely populated Randstad region in the Netherlands, space is at a premium. We carried out hundreds of different types of drillings under roads, canals and even under one of the runways at Schiphol Airport in order to cross the existing infrastructure. In some parts of the pipeline route, we experienced great difficulty with the huge pressure of the groundwater. Because we had mapped this out properly in advance, however, we were able to take various measures, in close consultation with the water boards. In this way, we prevented saline groundwater from ending up on fertile land, amongst other things.

In the context of asset management, we know of a few situations where we do not or cannot yet fully comply with the licensing conditions and/or laws and regulations. An example of this is the exceedingly high noise level at some individual gas receiving stations. The execution of our multi-year replacement programme will gradually solve this issue.

Document of Representation

The accountability reports from the units to the Executive Board run via the Document of Representation (DoR). Units use the DoR to provide formal feedback on the fact that the business controls have been carried out in accordance with the guidelines of the Minimum Requirements of Management Control and the Code of Conduct.
On the basis of the focal points in the DoR, an action plan is set up for each specific topic, which can be illustrated by the following two examples.
On a number of occasions over the past few years, we experienced problems with pressurised components of steel, as a result of which they were rejected. On the one hand, the material did not meet our requirements; while on the other hand, the quality control documents provided for the material did not match the materials. As we do not want to take any risks in our operations, extra checks were then carried out to determine the manufacturer’s level of technical expertise, organisational structure and quality control system. The amount of effort that we put into such extra checks depends on the type of product and our experiences with the manufacturer in question. We want to build long-term relationships with our producers, so producers are willing to actively cooperate.
Fraud is another point of attention, partly as a result of developments in society and media reports on these developments. We also paid extra attention to this issue. The Executive Board ordered self-assessments to be carried out at departments with a relatively high risk factor, to be done in collaboration with the Audit Committee and Corporate Risk Management. The Corporate Management team took a very active part in this self-assessment by involving their own departments across the board. This has increased risk awareness and brought it to a higher level.

In-Control Statement

The Executive Board is aware that the risk management systems, no matter how professional, cannot offer absolute certainty that the company objectives will be achieved or that such systems can fully prevent material inaccuracies, loss, fraud or violations of the laws and regulations.
With respect to the financial reporting risks, the Executive Board states that the internal risk management and audit systems provide a reasonable degree of certainty that the financial reporting does not contain any material inaccuracies and that the risk management and audit systems in the year under review functioned properly.