view more annual reports
visit the website of Gasunie

Annual report 2013

  • Nederlands
  • Engels

We face a variety of risks – some general, and others more specific, stemming from the nature of our operations. To be able to manage these various risks and, where possible and desirable, to reduce them, we have drawn up a risk management policy.

Within Gasunie, the Executive Board is responsible for risk management. With the assistance of the Corporate Risk Management department, the Executive Board has set up and arranged an internal risk management and audit system. The aim of this system is to provide a reasonable degree of certainty that:

  • care is taken that the company’s objectives are being achieved and
  • the principal risks facing the company are being properly managed.

Our risk management efforts are focused on:

  1. Managing the risks that threaten our strategic objectives
  2. Managing the risks that threaten our operational and financial objectives
  3. Guaranteeing our compliance with the law and regulations
  4. Ensuring the reliability of our financial and management reports

A proper system of risk management and internal control will reduce the number of mistakes, wrong decisions and unpleasant surprises due to unforeseen circumstances.


Our internal risk management procedures are laid down in our Risk Management Policy and in the Minimum Requirements for Management Control. The measures we take to manage risks are combined in our Risk Management Framework. This framework is designed so that risks can be managed both top-down and bottom-up.

Each year, a strategic risk analysis is drawn up, which the Executive Board submits to the Supervisory Board. This risk analysis contains an overview of the risks that form a threat to the company achieving its strategy and objectives, together with the management measures adopted. A similar process takes place at business unit level, using strategic risks analyses; while at operational level and in the case of projects, operational risk analyses and project risk analyses are used. In these risk analyses, the business unit objectives and project objectives respectively form the basis for identifying these threats and formulating the management measures.
All key processes are covered by the process descriptions laid down in the Gasunie ‘Process House’ digital manual. All staff are subject to our Code of Conduct. In the context of the annual accounts, external auditors periodically evaluate the main elements of the organisation and operation of the administrative system and internal audit measures included in it. They report their findings to the Executive Board and the Supervisory Board. Once a year, the Executive Board discusses the organisation and operation of the entire risk management and audit system with the Audit Committee.

Adjustments in 2013
In 2013, we formalised certain elements of the Risk Management Framework, such as the interrelation between risk management, the business plan cycle and the strategic cycle. In doing so, we make sure we take an integrated approach, one which looks at opportunities and threats from various angles and also forms part of the existing reporting cycle. In addition, we have included more explicitly how our operational excellence objectives relate to corporate process management and our objectives. Managing processes and operations means managing risks.

Risk acceptance

We are responsible for the continuity of a reliable and safe infrastructure for the transport of gas in the Netherlands and northern Germany. Taking risks is, of course, an integral part of doing business. When working out our strategic and operational objectives, we identified risks and appropriate measures for managing them. The extent to which we accept the remaining risks varies per objective and risk category. Acceptance or rejection of these risks is determined on the basis of risk limits, laid down in various policy documents, processes, instructions and other company documents.

The table below shows risk acceptance according to the COSO ERM categories. Risk management within our company is based on the Enterprise Risk Management (ERM) framework of the Committee of Sponsoring Organizations (COSO) of the Treadway Commission. COSO ERM takes the company’s objectives as its point of departure, classifying the risks into four categories: Strategic, Operations, Reporting and Compliance. Within these risk categories, we distinguish the following levels: strategic (corporate), tactical (unit) and operational (departmental). Depending on the area of expertise or the part of the company, derived models have been drawn up to meet the right level of abstraction and area of expertise (such as HSE, Asset Management, M&A Projects and Project Risk Management).

Risk category (COSO ERM) Risk acceptance Explanation
Strategic Low In pursuing our strategic objectives, we try to strike a balance between the social TSO function (very low risk acceptance) and the commercial non-TSO activities (higher risk acceptance).
Operations Very low Risks to the safety of our surroundings or to Gasunie employees or contractors are avoided as much as possible; risk acceptance is very low. Risks to the continuity of a reliable infrastructure are also reduced.
Reporting / Finance Low Gasunie is not prepared to take risks that limit its access to the financial markets or endanger its credit ratings.
Compliance / Legal Zero Gasunie strives to comply with all applicable laws and regulations.

Tasks, powers and responsibilities

The risk management within our company is based on the Three Lines of Defence model, which defines the relationships between and responsibilities of business/management control, risk management and internal audit.

The three lines of defense model

1st Line of Defence: Line management

Line management is responsible for controlling its own processes, management controls and AO/IC (Administrative Organisation and Internal Audit). Once a year, they report to the Executive Board on this and formal account is given by means of a Document of Representation. An important aspect of managing risks is to have good knowledge of the processes, particularly processes that involve several departments. In 2013, many of the processes detailed in manuals were incorporated into the Gasunie digital ‘Process House’. This process of incorporation will be continued in 2014.

2nd Line of Defence: Risk management and compliance functions

The second Line of Defence consists of risk management, financial control and compliance functions (such as Safety and Legal) for the purpose of ‘management assurance’. Corporate risk management, commissioned by the Executive Board, defines the policy frameworks for risk management and advises on risk management within Gasunie. In addition to providing support and advice to line management, corporate risk management carries out corporate and strategic risk assessments at unit level. Each year, an independent report of these activities is presented to the Executive Board, the Audit Committee and the Supervisory Board.

3rd Line of Defence: Operational Audit

The Operational Audit department helps us to achieve our objectives by assessing independently and objectively whether the organisation and operation of our management control measures are effective and efficient. Operational Audit reports to the CEO.

Our employees act on the basis of our core values and risk awareness, thus creating a ‘Base Line of Defence’.


The main risks are described below:

Strategic/general risks Management measures (selection)

  • Position of gas and Gasunie neglected in European (particularly north-west European) energy policy

  • Geopolitical risks
  • Promote ‘Gas advocacy’; position gas as an integral part of the energy mix to enable a transition towards more sustainable energy use.
  • Set up a new company department focusing on facilitating and stimulating new energy projects with an important role for gas, either independently or through partnerships.
  • Safeguard security of supply through stable economic and political relationships.
Market and profitability objectives
  • Limited growth due to market developments

  • Investments to meet sustainability aims cannot be earned back in the short term
  • Changing contracts (type/duration)
  • Enter into joint ventures; distinguish ourselves from the competition by providing good services and products (e.g., PRISMA and TTF), with sustainable energy forming part of the offering.
  • Develop new business models; hold ongoing dialogue with relevant stakeholders.
  • Develop a vision of future capacity demand and adjust the business model/revenue model in good time.

General regulatory uncertainty:
  • Adverse developments in the regulatory framework can only be absorbed to a limited extent, as the carrying amount and recoverable amount of the gas transport network are comparable, both in the Netherlands and in Germany
  • Insufficient grip on the development of regulation in Europe

  • Hold dialogue with regulatory authorities.
  • Implement possible consequences into our business operations.

  • Intensify the relationship between Gasunie as a TSO and ENTSOG (single European gas market).
Capacity at risk
  • Lower availability of L gas
  • Contribute to the transition of L gas to H gas (e.g., by assessing capacity for quality conversion).


Operational risks Management measures (selection)
  • Disasters

  • Dangerous situations
  • Periodically review policy on operational continuity/crisis management and hold emergency drills.
  • Implement Safety Management System (e.g., NTA 8000).
  • Continuously emphasise (internally and externally) the importance of safety and the four pillars of our safety policy: occupational safety, external safety, process safety and technical safety.
Project management
  • Delays in the planning and completion of infrastructure projects; public opinion and regulators less willing to accept risks
  • Adopt active stakeholder management (e.g., regarding licensing process).
  • Prepare organisation to cope with tighter constraints and related need to justify actions.

In-Control Statement

The Executive Board is aware that the risk management and audit systems, no matter how professional, cannot offer absolute certainty that the company objectives will be achieved or that such systems can fully prevent material inaccuracies, loss, fraud or violations of the laws and regulations.

With respect to the financial reporting risks, the Executive Board states that the internal risk management and audit systems provide a reasonable degree of certainty that the financial reporting does not contain any material inaccuracies and that the risk management and audit systems in the year under review functioned properly.