We have Enterprise Risk Management (ERM) processes and systems to detect, evaluate and monitor the main Company risks (Risk Universe), in compliance with the requirements for listed companies as per the Corporate Governance Code.
The Group Risk Universe consists of 52 risks, of which 29 are Environmental, Social and Governance (ESG) risks, among which 10 were assessed as most material in terms of probability and impact (Top Risk at the inherent level).
Production capacity and industrial productivity (TOP RISK)
Risk that insufficient production capacity (either its own or that of its suppliers), excess capacity or incorrect distribution of workloads on the basis of available production capacity (plant, space and workforce) prevents the Company from meeting market demand, achieving optimum levels of efficiency (industrial productivity) and margins. The risk may arise due to inadequate analysis of the production cycle (in terms of frequency and medium-term vision), inadequate maintenance or innovation of the equipment supporting the production process that does not take into account energy efficiency and the possible impacts on the environment.
Cyber security (TOP RISK)
Risk that the Company suffers a cyber attack aimed at identity, data and information theft (e.g. confidential/ insider information, sensitive data, bank credentials, etc.), temporary suspension of Company services or sabotage of computer systems, exploitation of the computing power of Company computers for criminal purposes, resulting in reputational damage, loss of turnover, loss of customers and suppliers, penalties and claims, and business interruption.
Sustainable supply chain (TOP RISK)
Risk of not conducting adequate due diligence on potential suppliers, not monitoring their performance over time and/ or not developing solid and long-lasting relationships for medium/long-term business development in line with current and emerging regulations and the Company's sustainability principles with consequent economic, legal and reputational impacts. This risk includes aspects of economic and financial soundness, compliance with business integrity (ethics and legality), compliance with environmental, social and human rights regulations, compliance with regulatory requirements relating to the awarding of contracts for the supply of ICT goods, systems and services falling within the scope of national cyber security, production capacity and quality. This risk also includes the inability to meet the Company's ESG requirements (e.g. efficiency, technological innovation, ability to provide the required information).
Reputational risk & brand position (TOP RISK)
Risk that damage to the image (brand) may expose the company to the loss of customers, profits and competitive advantage. This risk may, for example, arise due to unethical activity/conduct that does not meet the standard for regulatory compliance or respect the need for protection of the environment, biodiversity, the protection and enhancement of people, the region and the community by both internal members of the organisation and external parties with whom the company has business relationships, or from a lack of customer satisfaction.
Credit scoring & counterparty failure (TOP RISK)
Risk that the Company establishes commercial relations with a counterparty without having carefully assessed the latter's financial solvency and the adoption of adequate Environmental, Social, Governance (ESG) criteria and/or risk that one or more counterparties with which the Company has ongoing contracts are unable to meet their commitments (one or more customers do not fulfil their contractual obligations and/or one or more suppliers do not perform the required services) due to financial causes, with impacts on cash flows, operations and related costs, and legal disputes.
Governance and Stakeholder expectation
Risk that the Governance Model is not adequately disseminated at all Company levels or that there is a lack of integration between corporate strategy, values, culture and sustainable development, resulting in activities being carried out that are not in line with sustainable governance in the medium/long term with reference to the social, ethical, environmental and economic impact. This category also includes the risk of failure to monitor planned improvement initiatives, both in terms of progress and performance.
Corruption and fraud
Risk that employees or third parties with whom the Company has dealings carry out unlawful/illegal activities (i.e. corruption, fraud, lack of transparency, leaking of confidential information, non-compliance with Company procedures and regulations) exposing the Company to fines, administrative and criminal sanctions, litigation, loss of profits, loss of customers.
Innovation, research and development
Risk that the Company does not monitor and/or invest in technological developments for products, services or processes, as well as in digitalization and artificial intelligence, with a consequent adverse impact on competitiveness, on leadership in complex high-potential markets and on the development of more efficient and sustainable solutions that include systems with low emissions of greenhouse gases or other pollutants and that are energy efficient. This also includes the risk associated with technological transition, which, if poorly designed and executed, can lead to long lead times, high costs, operational inefficiencies and low product/process quality.
Investor and public relations
Risk that the Company does not adopt an appropriate public relations strategy, including corporate sustainability communications to meet ESG agencies' rating targets or investor needs, aimed at building and consolidating long-term relationships with stakeholders. Inefficient relationships with local, national and international counterparties (local cities and authorities/associations, legal and government authorities, industrial associations, SMEs, etc.) can damage the Company's image and reputation, diminish its credibility and creditworthiness, and compromise its competitiveness and operations.
Risk that the financial and non-financial reporting (external reporting) prepared for the Company's stakeholders is not prepared with a view to transparency, contains significant errors or is incomplete, so that it is misleading and consequently prejudicial for the interests of third parties, exposing the Company to fines, administrative and criminal sanctions, and reputational damage. This also includes the risk of inadequate or untimely internal reporting, which could compromise management's ability to make adequate, timely and sustainable long-term decisions.
Risk that the unavailability of strategic assets interferes with the ability of the Company to continue to carry out its activities (blocks of production, also of the suppliers), with consequent increase of costs, loss of profits and prejudice to the very survival of the Company. This risk may arise due to exogenous factors linked to climate change (e.g. floods, hurricanes), fires, cyber attacks, loss of strategic suppliers or disruption of the supply chain, criminal acts or vandalism, non-renewal of the state property concessions for the areas in which they reside the yards of the Company or for the early termination of contracts, or derive from endogenous factors (e.g. plant failure).
Access to the credit market
Risk that the Company will not be able to access the capital market and the banking system to an adequate extent to support its operations (e.g. in case of particularly unsatisfactory performance) or that it will access it at expensive conditions. This category includes the risk that the Company does not comply with the financial and legal clauses related to existing financing contracts, resulting in the termination of contracts and immediate playability, thus affecting the very operation of the Company, or non-compliance with the new ESG (Environmental, Social, Governance) criteria imposed by some credit institutions.
JVs & strategic alliances
Risk that joint ventures or strategic alliances are inefficient, affecting the ability of the Company to compete and causing a brand damage to the Company. Risk may arise as a result of an incorrect assessment of the counterparty (economic-capital soundness, business integrity, expected ESG benefits), a wrong analysis of synergies and capitalization of opportunities arising from the relationship or a wrong and unbalanced management of the relationship (e.g. imbalance in the benefits obtained).
Evolution of laws and regulations
Risk that the evolution and tightening of the national and international legislative and regulatory environment (e.g. amendments to laws, regulations and statutes, primary or secondary regulations of emerging countries, sector-specific regulations, including those relating to climate change adaptation and mitigation, as well as national and international legislation on cyber security) can generate impacts in terms of profitability, affect the achievement of strategic objectives, jeopardize the operation of corporate bodies and/or business continuity. This risk may materialise due to a lack of/ inadequate monitoring of developments in the matter, a misinterpretation, an incorrect or not timely transposition into business processes and/or an inadequate application.
Strategic positioning & competition
Risk that the competitive dynamics of the sector (e.g. price competition), the competitive advantage established by competitors (price, product or technological and/or sustainable innovation) and/or the entry of new competitors, lead to a decrease of the acquired competitive advantage, the loss of market shares or the decrease of the contractual power with consequent reduction of the profitability of the Company. This risk is influenced, for example, by fixed costs, production capacity, quality, safety and added value of the goods offered, product differentiation, technological innovation (product, service and process), customer satisfaction, etc.
Prices of raw materials and commodities (TOP RISK)
Risk that changes in the price of raw materials and commodities (steel, copper, fuel) will affect the Company's production costs. This risk may arise for example as a result of catastrophic events affecting the supply chain or as a result of changes in customs policies or international agreements regarding import/export.
Environmental protection (TOP RISK)
Risk that the Company does not invest adequately in environmental protection, with consequent harm to the community in both the short and medium/long term. This risk may arise due to a lack of timely or adequate transposition of existing and emerging regulations into internal processes, a flawed system of management, control and mitigation of potential environmental impacts arising from its activities (e.g. pollution, energy consumption, environmental disaster, damage to biodiversity) or poor training, information and awareness raising given to individuals.
Climate change (TOP RISK)
Risk that a catastrophic event resulting from acute weather phenomena (storms, floods, earthquakes, fires or heat waves) and/or chronic weather phenomena, i.e. long-term climate changes (temperature changes, rising sea levels, reduced water availability, loss of biodiversity, etc.), may damage assets (plants, buildings, etc.) or cause a production stoppage for the Company and/or its suppliers, and prevent the Company from carrying out its operations by interrupting the value chain or lead to a slowdown in the supply chain.
Environmental impact of products and services
Risk that the Company is unable to develop products or services capable of minimizing their environmental impact throughout their entire life cycle, not taking into account the good practices of the circular economy with consequent air, soil, water and noise pollution. This risk may arise due to a failure to implement (or inadequate implementation of) new green technologies or inadequate structuring of the production process.
Health and safety (TOP RISK)
Risk that the Company does not invest adequately in the protection of health and safety in the workplace, with consequent harm to its own employees and third parties involved in Company activities. This risk may arise due to a lack of timely or adequate implementation of existing and emerging regulations within internal processes, a flawed system of management and control of health and safety risks related to business activities and related mitigation actions, incorrect or inadequate performance of ordinary and/or extraordinary maintenance, and/or the absence of adequate systems for identifying contamination (for example leaks of fumes and/ or spills of paint), and/or catastrophic risks (for example climatic events and/or natural disasters and epidemics), or poor training, information and awareness raising given to individuals.
Staff attraction and retention (TOP RISK)
Risk that the Company is unable to attract and retain highly qualified and competent management personnel with a high level of diversity in terms of age, nationality and gender, or to integrate figures capable of managing the Group's growth and ensuring business transformation into the organizational structure. Disruption of professional relations between the Company and key figures could compromise the achievement of the Company's strategic and operational objectives. This includes the risk that the Company may not be able to offer appropriate remuneration compared to the market or adequate benefits or welfare tools in accordance with the expectations of employees to ensure their loyalty (for example improving the balance between work and personal needs).
Crime, common and organized, and terrorism
Risk of common or organized crime occurring on or outside of the Company's premises to the detriment of people and Company assets, productivity and business continuity. This includes risks related to industrial security and the protection and safeguarding of state secrets and classified information and information for exclusive disclosure, as well as risks related to the physical security of assets (tangible and intangible) and human resources.
Risk that the Company does not manage its relations with its staff and trade union representatives adequately and transparently, resulting in hostility and/or fractured relations. The occurrence of such a risk may lead to strikes and production slowdowns/interruptions.
Risk that the Company is unable to meet the needs of its customers or that it establishes contractual relationships with counterparties of dubious integrity or that the excessive concentration of such relationships limits the Company's bargaining power, with a consequent impact on profitability, on business sustainability in the medium/long term and on reputation. This risk may be influenced by inadequate or no technological innovation of the product/process, by technical functional characteristics of the product that are not in line with market requirements, by inadequate levels of quality and safety of the product/process, by a production model or product that is not socially or environmentally sustainable, by no evaluations of counterparties' business integrity, etc.
Risk that the Company's organizational model is unable to support the Group's business transformation and growth. This risk may arise if there is an inadequate or no reorganization of functions, roles and responsibilities, business processes and procedures, or if the necessary skills to manage change are lacking.
Labour law and human rights
Risk that the Company does not transpose or verify the correct application of regulations relating to labour law and does not protect human rights with regard to both its own employees and the employees of subcontractors, exposing the Company to fines, administrative and criminal sanctions, litigation, loss of profits, loss of customers and reputational damage.
Staff management/training and equal opportunities protection
Risk that the Company is unable to adapt/develop internal the specialist skills needed to ensure business transformation or does not implement personnel development policies aimed at enhancing human capital, protecting diversity and promoting equal opportunities. This risk may arise from the failure to invest or discontinuity of investment in staff training or from inadequate training, hiring of staff who are unsuitable for the tasks they need to perform or an incorrect coverage of Company roles.
Risk that the Company does not evaluate and monitor employee performance against assigned targets to the detriment of employee development and the Company's sustainable growth. This risk may derive from individual performance targets that are not aligned with the strategic objectives or specific enough to guide behaviour in support of the Company strategy, and/ or from the absence of adequate indicators to measure staff performance not only in economic terms but also in terms of sustainable development.
Risk that the Company produces products that are not compliant with legislative and regulatory requirements (general and sector specific), contractual requirements and/or unsatisfactory quality levels (e.g. non-compliance with the technical specifications or requirements required by ship classification companies, defect, etc.) with consequent impact on costs, time, the environment, customer satisfaction and in general the reputation of the Company. This also includes the risk of using materials/ components incompatible with the protection of the environment, the health and safety of people.