Energy that transforms

Integrated Report 2021

Strategic Framework

Risk Management

We ensure adequate risk management, which is reflected in our employees and in what we innovatively and responsibly transmit to our Stakeholders.

GRI (103-1) Value generation and the sustainability of the businesses in which we participate are a commitment for our organization.  At Celsia, we identify the opportunities to promote them and manage them correctly; for this reason, comprehensive risk management is a priority principle for our employees, since it allows us to plan those events that can significantly affect us, prepare to mitigate their impacts in order to reduce the perception of uncertainty related to decision making and make sure we achieve our goals safely.

GRI (103-2) At Celsia, we manage risks under the Manual of the Comprehensive Risk-Management System (SGIR, in Spanish); our methodology includes the permanent identification, measurement, treatment and monitoring of the risks to which we are exposed, and aim to agilely and proactively evaluate the favorable and unfavorable impacts that may affect the achievement of the Strategic Objectives and the performance of the business.  

The Comprehensive Risk-Management System (SGIR) has – as its focus – the identification of the most-relevant risks in the strategy, to address the incidence and criticality of the impacts on our objectives in:

New businesses or products
Evaluation of the Magnitude and Potential Scope of the Risks

TCFD (Risk Management – a) Our risk-management process is defined in a Comprehensive Risk-Management System (SGIR) and aligned with good international practices, such as the ISO 31000 Standard and the COSO ERM Standard, which define similar components, based on the understanding of the business, objectives, environment and trends. Subsequently, the relevant risks are identified and analyzed, the mitigation controls are associated, the risk is evaluated, its treatment is defined, and they are recorded and reported.

TCFD (Risk Management – b) At Celsia, we have the following governance structure, responsibilities and functions to guarantee and ensure the implementation of the SGIR and other actions that are defined in the Risk Policy:

Board of Directors

  • Oversee the implementation of the SGIR.
  • Approve the policy.
  • Approve the risk appetite.


  • Respond to the Board of Directors and Shareholders for the implementation of the SGIR.
  • Report on the risk profile.
  • Report on the status of the Risk-Mitigation Plans.

Steering Committee

  • Report on the functioning of the SGIR in the processes.
  • Alert about new identified risks.

Audit, Finance and Risk Committee

  • Assist the Board of Directors in all the responsibilities related to the supervision of the SGIR.
  • Monitor strategic Risks.

Risk Area

  • Design and lead the implementation of the Risk Policy, processes and methodology.
  • Monitor effective risk management.
  • Support the different areas in carrying out risk assessments.

Internal Auditing

  • Evaluate the efficiency and effectiveness of the SGIR.
  • Issue recommendations to improve the functioning of the SGIR.
  • Evaluate the effectiveness of the Risk-Mitigation Plans.
  • Validate the effectiveness of controls.

Risk Managers

  • Build and update the risk maps and controls of their processes.
  • Provide support in training and dissemination of the Risk Culture.
  • Support the Risk Area in the implementation of the SGIR in their process.


  • Apply comprehensive risk management in accordance with the Policy and methodology.
  • Alert about possible risks in their processes.
  • Report the materialization of risk events.

Structural Independence in the Risk-Management Function

Risk management cuts across the Organization and is external to the business lines:  Asset Management, Households and Companies (managed from the Generation, Transmission and Distribution, and Marketing Areas.

The Financial Leader maintains constant interaction with Senior Management and the Board of Directors’ Audit, Finance and Risk Committees, bodies that have the greatest responsibility for risk management in the Company.

In addition, our SGIR is supported by the Risk-Management Policy, which establishes the elements and the general framework of action all kinds of risks that the Organization faces, as well as the Governance Structure, which indicates the instances, roles and responsibilities to manage and ensure the proper functioning of the SGIR.

Risk-Management Training for Non-Executive Directors in 2021

Risk Culture

In order to strengthen the risk-management culture at all levels, at Celsia, we have online training called:

Adopting risk management:

To generate awareness and ownership of risks.

Information Guardian:

As a preventive measure against cyber risk, which helps make employees aware of the importance of protecting information and using the best security practices.

Crisis-Management Plan:

This prepares us to control and mitigate adverse events.

Additionally, we have the permanent accompaniment of risk specialists to share trends and best practices.  Our main businesses held workshops on operational risks and began the implementation of a more-intuitive app to manage risks and opportunities.

Strategic risks
GRI (102-15)

These are those potential events that may threaten compliance with our MEGA, our Strategy and the guidelines of our Board of Directors. Among them are:

Emerging Risks
DJSI (1.3.3) GRI (102-15)

These are risks and opportunities generated by changes in society and in the environment, which are characterized by being new, increasing and about which there is little information, which makes it difficult to measure the impact:

Inability to continue with the forms of generation we have today

Possible commercial impact:
The possibility of a decrease in income.

Description of the risk
Hydraulic and Thermal:Increasingly stricter regulations that prevents or discourages the continuation of the development of current technology.
Renewables: The technology to produce them requires certain materials that – on many occasions – are scarce on the plant. They are limited resources and ther demand continues to grow.

Mitigation actions

  • Permanently review the new Regulations with different authorities and associations.
  • Identify signals and trends for decision making.
  • Carry out socio-environmental management in the areas of influence of the assets.
  • Carry out the analysis of different projects with alternative technologies.
  • Continue with the diversification of the Company’s Energy Matrix.

Low availability and quality of Biofuels

Possible commercial impact:
The possibility of a decrease in income.

Description of the risk
BiofuelsBiofuels are presented as the alternative to accelerate the transition towards a low-carbon economy.

Mitigation actions

Analysis of alternative projects to explore the feasibility of implementation in the business.

GRI (103-3) During 2021, we identified global trends influencing our businesses and created value from them:

We finished the implementation of the Business Continuity Plan in Colombia and conducted a test exercise with the Company’s critical processes.

We continued with the implementation of Disaster Risk-Management Plans in our facilities, in accordance with Decree 2157 of 2017.

We implemented an Organizational Protocol for cyber risk.

We updated the quantification of the Climate-Variability Risk.

We carried out a Trend-and-Risk-Management (TRM) exercise in order to update the Company’s strategic risks.

We made progress in the risk-correlation exercises.

We advanced the analysis of climatic-parametric solutions.

Together with the Sustainability Team, the Human-Rights Risk Matrices were updated, and the Personal Data and Compliance Risk Matrices were updated with the Compliance Team.


We held 50 risk-management workshops on processes, projects and new businesses, and we began the implementation of a new, more-intuitive app to manage risks and opportunities.

New Challenges

GRI (103-2)

These are our challenges in the short, medium and long term:

(0 to 2 years)
  • Manage trends, as a Mechanism to mitigate risks and develop opportunities.
  • Continue analyzing alternative risk transfer.
  • Structure the Business Continuity Plan in Central America.
  • Continue implementing the recommendations of the Task Force on Climate Financial Disclosures (TCFD) in relation to climate change.
  • Include data analytics to facilitate the reporting of information and contribute to decision making.
  • Advance in the quantitative analysis of the assessment of relevant strategic and operational risks.
  • Continue to establish correlations between strategic risks and operational risks.
  • Advance in the analysis of the impact of climate change in our operations and seek alternatives for its mitigation.
(3 to 5 years)
  • Strengthen strategic risk assessment and correlation exercises by implementing mathematical risk-measurement and quantification models to adopt appropriate mitigation strategies.
  • Optimize the risk-management model with the appropriate transfer and retention mechanisms.
(6 or more years)
  • Lead the Organization towards a trend- and risk-management approach, strengthened in assessment methodologies, with an implemented model of correlations between strategic and operational risks.


Comprehensive Risk-Management System (CRMS) (SGIR, in Spanish):  A systematic application of policies, procedures and practices for the identification, analysis, evaluation, treatment, follow-up and review of risk;  communication and monitoring. 

Governance Portal – ProtivitiA tool that allows the registration of strategic and operational risks, as well as their administration and their controls, and the registration and monitoring of action plans to mitigate risks.

MEGAA Strategic, Large and Ambitious Goal (Meta Estratégica, Grande y Ambiciosa) that provides strategic guidelines to the Organization.