Enterprise risk management strategy

Risk management objective and principles Key risk management

The enterprise risk management system (ERM System), implemented at TAURON Capital Group’s level, constitutes a set of rules, standards and tools allowing for implementing the primary goal of risk management which is, broadly understood, ensuring safety (security) of TAURON Capital Group’s operations. This system is governed by the document entitled TAURON Group’s Enterprise Risk Management Strategy (ERM Strategy) that defines TAURON Capital Group’s enterprise risk management framework and rules.

The ERM Strategy’s objective is to ensure the consistency of managing the individual risk categories that are detailed in separate regulations, aligned to the specifics of the individual threat groups.

As part of the ERM System, the following specific risks are identified within TAURON Group, for which separate policies tailored to the nature and specifics of the given group of threats are defined:

  • Trading (commercial) risk,
  • Credit risk,
  • Financial risk,
  • Operational risk,
  • Regulatory risk,
  • Project risk.

Basic classification of the enterprise risk at TAURON Capital Group


The core (central) element of the ERM System is a risk management process that includes continuous activities, i.e. risk identification, risk measurement as well as developing and implementing a response to risk. The architecture of the ERM System also includes elements that are to ensure the effective functioning of the process, including:

  1. organization of the ERM System,
  2. risk control and monitoring rules,
  3. risk model,
  4. risk management tools and
  5. the assessment of the adequacy and functioning of the ERM System.

Architecture of the ERM System in place at TAURON Capital Group


The process of enterprise risk management ensures the comprehensive and consistent risk management rules linked with one another in terms of methodology and information. The process of enterprise risk management means taking continuous measures comprising risk identification, risk assessment, planning of risk response, implementation of the adopted risk response and communication among the risk management process participants.

Risk management process at TAURON Capital Group

Risk identification consists in determining the potential events that may affect the implementation of business goals of TAURON Capital Group. The main purpose of this step is to create or update a list of risks that may affect the achievement of the business goals. The identified risks are described in accordance with the adopted methodology and have a specific context providing information on the impact of their materialization on the business goals.

Risk assessment consists in determining the potential financial and non-financial effects of the materialization of the risk affecting the implementation of specific goals and assigning the risk class thereto, defining the materiality of the risk from the point of view of its impact on the achievement of the goals.

Planning consists in the preparation of the dedicated responses to the risks identified in order to achieve the desirable results. The planned actions constituting the prepared risk response are dependent and adapted to the current level of the Key Risk Indicators (KRI), and in particular those among them that act as Early Warning Indicators (EWI).

Implementation of risk response consists in practical implementation of the response to the identified risk, prepared in the planning process. The defined set of actions as part of the risk response, specified in the planning process, is dependent on the current level of the EWI indicators. The implementation of the subsequent activities as part of the response to risk requires ongoing monitoring of risk indicators, which is to provide information on what set of activities should be implemented and, at the same time, inform whether the activities carried out thus far are effective and if risk management is bringing the assumed effect of maintaining the value of the EWI indicators within the acceptance range.

Communication consists in a continuous flow of information among the participants of the process, which is to ensure full knowledge on the current risk status and the effectiveness of the activities conducted as part of the response to risk. The periodical risk reporting is also an element of this process.


The key assumption of the risk management system is a clear and precise split of tasks and responsibilities, ensuring no conflict of interest. In particular, the system guarantees independence of the risk-taking function from risk control and monitoring. This is achieved through the centralization of the control function at the parent Company level, while maintaining the organizational and functional separation of the risk-taking function. The rules in place at TAURON Capital Group introduce the function of the risk owner, i.e. the person responsible for managing the given risk as well as developing and implementing an effective response to a threat. While the control function, process coordination, as well as the responsibility for the correct functioning of the risk management system was placed at the parent Company, in the Area of the Executive Director for Risk.

A special role, as part of the risk management process, is performed by the Risk Committee as an expert team that persistently and continuously initiates, analyzes, monitors, controls, supports and oversees the functioning of TAURON Capital Group’s risk management system. The members of the Risk Committee include persons with appropriate knowledge of the Company and its environment as well as the required qualifications and empowerments. The task of the Risk Committee is to set norms and standards for risk management at TAURON Capital Group and oversight of the risk management process effectiveness. Within the Risk Committee two separate teams are set up, one for the trading (commercial) risk area and the other for the financial and credit risk area. Oversight of the enterprise risk management system is performed directly by the Risk Committee.

Within the ERM System the roles and responsibilities of all the participants of TAURON Capital Group’s risk management system are defined in detail.

Links between the individual roles in the context of the ERM Strategy and the documents regulating the ERM System

Description of the ERM System participants’ roles and responsibilities at TAURON Capital Group

Export to Excel
TAURON Supervisory Board
  1. Assessment of the ERM System, especially of its adequacy and effectiveness.
  2. Empowerment to audit the Company’s operations with respect to enterprise risk management, in terms of compliance with the expectations of the shareholders, supervisory and regulatory authorities.
Audit Committee of TAURON Supervisory Board Monitoring the ERM System’s effectiveness.
TAURON Management Board
  1. Assessment of the ERM System’s adequacy, effectiveness and efficiency.
  2. Taking formal decisions related to the key elements TAURON Capital Group’s enterprise risk management, including approving the list of risks with respect to which the Company’s Management Board will be performing the Risk Owner’s function.
  3. Approving TAURON Capital Group’s risk appetite and risk tolerance, including the global limits for the specific risks.
  4. Managing the risks of special importance for TAURON Capital Group’s operations.
  5. Providing adequate resources for the needs of the ERM System.
Risk Committee
  1. Overseeing the correct flow of TAURON Capital Group’s risk management process.
  2. Auditing (controlling) TAURON Capital Group’s risk exposure.
  3. Providing opinions and recommending to the Company’s Management Board the shape of the individual elements of the risk management infrastructure.
  4. Defining TAURON Capital Group’s risk appetite and risk tolerance, including the global limits for the specific risks, and also applying to the Company’s Management Board for the approval or change thereof.
  5. Approving the operational limits constituting the allocation of the adopted risk tolerance.
  6. Overseeing the preparation of the information for the Company’s Management Board on all material issues related to TAURON Capital Group’s risk.
Executive Director for Risk
  1. Coordinating the risk management process on all levels and in all areas (lines of business) of the organization’s operations.
  2. Responsibility for the development of the ERM System (risk identification, evaluation, monitoring and control methods, processes and procedures).
  3. Support and oversight over the system’s participants in the risk management implementation and evaluation of its efficiency.
  4. Risk monitoring and control at TAURON Group level, including control of the consumption of the Operating Limits, Global Limits and Risk Tolerance.
  5. Preparing and providing the risk reports to the authorized risk management process participants.
  6. Activities aimed at developing organizational culture and raising awareness with respect to TAURON Capital Group’s risk management.
Executive Director for Audit and Control Periodic review of the correctness of designing and implementing as well as the effects of actions taken within the ERM System.
Management Board of a subsidiary
  1. Responsibility for risk management efficiency within a subsidiary.
  2. Promoting risk management culture in a subsidiary.
  3. Responsibility for the adequate responses to risk and the effectiveness thereof.
  4. Appointing Risk Owners at the given subsidiary.
  5. Approving plans of response to risks and taking ongoing decisions related to dealing with risk in case the established risk values (escalation threshold) are exceeded.
Risk Owner
  1. Responsibility for actions related to the implementation of the risk management process as part of the entrusted area of responsibility, in the context of an impact on the ongoing operations as well as on the implementation of the strategic, operational and financial goals of the unit.
  2. Responsibility for preparing a plan and for implementing a response to risk, and also for the communications and reporting within the risk management performed.
  3. Responsibility for meeting (compliance with) the imposed operational limits.


The purpose of the adopted risk control and monitoring rules is to limit TAURON Capital Group’s exposure to factors that may have an adverse impact on its functioning. The basic risk control tool is the Risk Appetite, approved by the Company’s Management Board, that defines the basic framework used by TAURON Capital Group for risk management. In accordance with the adopted approach, TAURON Capital Group’s priority is to maintain the maximum security at the level allowing for the implementation of TAURON Capital Group’s strategic goals.

Based on the Risk Appetite, the Risk Tolerance is approved, that specifies TAURON Capital Group’s maximum permitted risk exposure value, in particular taking into account the specifics and scope of the operations thereof. The Risk Tolerance level is expressed in the form of a set of metrics and boundary conditions limiting the risk exposure. The Risk Tolerance is a practical translation of the Risk Appetite, in particular taking into account the division into key categories of the Specific Risks and the Global Limits related thereto.

A supplementary tool used for risk monitoring and control comprises the Early Warning System based on the catalogue of Key Risk Indicators (KRI) and Early Warning Indicators (EWI). The system functioning based on the said KRI and EWI indicators enables an adequately early identification of threats by measuring the causes of the individual threats. At the same time, that system allows for an adequately early taking of remedy actions, before the individual threats actually materialize.


Risk management tools used by TAURON Capital Group allow for effective implementation of the individual stages of the process. TAURON Capital Group uses, in particular, the following tools:

  • Risk identification/review questionnaire – a document in the form of a table, specifying the detailed information that should be collected in the risk identification or periodic review process,
  • Risk card – a document containing the detailed information on the identified risk,
  • Risk register – a document in the form of a table with a summary of the risks associated with the operations of TAURON Capital Group, containing, in particular, their descriptions, categories and valuations,
  • Risk response plans – a document containing a prepared action plan, the early enough launching of which will allow for reducing exposure to a given risk to an acceptable level before it occurs, as well as for limiting the effects of the risk at the time of its materialization,
  • Risk assessment form – a tabular summary of detailed information on risk measurement, including, among others, the determination of the impact and the probability associated therewith of risk materialization and the information on the current level of risk measurement parameters (KRI/EWI).


Risk model defines a consistent risk classification, enabling a consistent and comprehensive capturing of risk across TAURON Capital Group. Each risk identified is assigned to specific categories and sub-categories. The main risk categories and sub-categories, in accordance with the Risk Model in place at TAURON Capital Group, include:

  1. Operational risk, within which the following risks are identified:, w ramach którego wyodrębniono:
    • Environment (stakeholders) – risks determining the impact of the external environment (stakeholders) on the implementation of TAURON Capital Group’s goals,
    • Technology, infrastructure and security – all events having an adverse effect on the security of employees, information as well as the generation, transmission, mining or IT infrastructure,
    • Employees and organizational culture – risks related to employee issues and organizational culture, including also the pandemic risk,
    • Compliance – risks related to non-compliance, internal and external abuse as well as unethical behavior),
    • Customers and contractors (counterparties) – risks related to the volatility of the supplies/services market, a failure of the customer/contractor (counterparty) to meet contractual obligations and the adverse changes or terminations of commercial contracts by customers, affecting both volume as well as margin.
  2. Financial and credit risk, within which the following risks are identified:, w ramach którego wyodrębniono:
    • Finance and credit – risks related to changes in exchange rates and interest rates, as well as the risk of the TAURON Group’s contractors (counterparties) defaulting on contractual obligations.
  3. Trading (commercial) risk, within which the following risks are identified:, w ramach którego wyodrębniono:
    • Trading – risks determining the market volatility of electricity and related products market prices to which the enterprise is exposed.
  4. Regulatory risk, within which the following risks are identified:, w ramach którego wyodrębniono:
    • Regulations – risks determining the adverse impact of changes in the legislation at the national and the European level having a direct impact on the operations of the TAURON Group


TAURON Group’s risk management is a systematic process subject to continuous improvement which allows for aligning it, on an ongoing basis, to TAURON Capital Group’s specifics and organizational structure, as well as to the fast-changing environment. That process is also subject to an internal and independent assessment of adequacy and reviews, in particular based on:

  • ongoing assessment by the Executive Director for Risk and the Risk Committee with respect to its adequacy and alignment with the changes to the structure and specifics of TAURON Capital Group’s operations, as well as with the changing environment,
  • periodic evaluation conducted by the Executive Director for Risk who, not less seldom than once a year, prepares a report on the assessment of adequacy of the ERM System’s architecture for the members of the Risk Committee,
  • periodic evaluation conducted by the Executive Director for Audit and Control, as part of performing the institutional (third line of defense), conducts an independent audit of TAURON Capital Group’s risk management with respect to the appropriate implementation of the rules by the process participants, as well as its adequacy and effectiveness.


Management Board

Changes to the principles of TAURON Polska Energia S.A. and TAURON Capital Group’s management