Internal control and risk management system
The Internal Control and Risk Management System (SCIGR) Guidelines promote the proper management of the Group consistent with the corporate objectives through a process of identification, measurement, management and monitoring of the main risks and the activation of information flows to ensure sharing and coordination between the various SCIGR actors. The Guidelines take into account the recommendations of the Corporate Governance Code of Borsa Italiana and are inspired by existing best practices, in particular CoSO – Internal Control – Integrated Framework (Committee of Sponsoring Organisations of the Treadway Commission) and are intended to:
- Provide guidance for the actors of the SCIGR, so that the main risks pertaining to the Acea Group, including those regarding sustainability in the medium-long term, are correctly identified and adequately measured, managed and monitored;
- Identify principles and responsibilities with regards to governing, managing and monitoring risks linked to company activities;
- Provide for control activities at all operational levels and identify tasks and responsibilities to ensure coordination between the main subjects involved in the SCIGR.
Risk management is a cross-cutting process with widespread responsibilities among all the parties of the company: the Board of Directors and the Board Committees, the Director in charge of the SCIGR (who is also the Chief Executive Officer), the Board of Statutory Auditors, all the managers and employees, the Manager in charge, the second level Supervisors, the Supervisory Body, Data Protection Officer, the Internal Audit Function and the Risk & Compliance Function.
Dedicated corporate structures in the Holding Company oversee specific models for monitoring risks, including risks relating to the potential commission of crimes.
The internal control structures carry out constant monitoring and adjustment activities of their operating models and undertake implementing activities (e.g. training) in order to oversee the relevant risks in the best manner possible
Chart no. 15 – The architecture of the SCIGR
Chart no. 16 – The key players of the SCIGR
Table no. 9 – Models and controls
Models and controls | Oversight areas |
---|---|
Guidelines of the Management and Control Model pursuant to Law 262/05 | Risks connected with the Group’s Financial Reporting |
Privacy Governance Model | compliance with EU Regulation 2016/679 (GDPR) and other national and European provisions on the protection of personal data |
Antitrust Compliance Programme | compliance with antitrust and consumer regulations and development of a corporate culture to ensure the protection of competition and consumers |
Oversight of Cyber Security | Cyber risk management, also in compliance with EU Directive 1148/2016 on European Information Systems and Networks (NIS) |
Oversight of ISO45001 and ISO14001 | monitoring workplace health and safety risks and environmental risks in accordance with international standards |
Organisation, Management and Control Model as per Legislative Decree 231/01 | Risk of committing crimes and administrative offences in the performance of the Company’s activities |
THE ACEA PRIVACY GOVERNANCE MODEL
Acea has a consolidated Group Privacy Governance Model, compliant with the indications of Regulation (EU) 2016/679 on data protection (GDPR), which constitutes the organisational and control framework in which the roles and responsibilities and the implementing methods of the basic principles of the Privacy regulation are identified, with a preventive risk-based approach supported by continuous monitoring and periodic reviews.
This Model – having concluded the implementation phase in the subsidiaries – was revised during the year on the basis of the application results seen in the previous two-year period and enriched with adequate methodological tools to reinforce its application efficacy (Control Framework).
Still characterised by a great commitment to the management of the Covid-19 pandemic, 2021 saw Acea involved in initiatives with a high impact on privacy, including the activation of the company vaccination hub, which led to the introduction of specific procedures to ensure secure and compliant data management (vaccination status, management of absences/replacements, etc.).
A risk analysis programme was also launched for all processing included in the Parent Company’s records, to allow for the constant and prompt update of the associated risk. On processing considered potentially high risk, according to the specific situation, specific analyses such as the DPIA (Data Protection Impact Assessment), LIA (Legitimate Interest Assessment) and TIA (Transfer Impact Assessment) were carried out. For outsourced activities, specific contractual tools were adopted to govern personal data processing and continuous monitoring of procurement activities is ensured.
In 2021, the activities required to implement the “Guidelines on cookies and other tracking tools” of the Italian Data Protection Authority were carried out, through the adoption of a tool dedicated to cookie management on the Group’s various websites. Lastly, communication initiatives and training sessions on the privacy impacts of individual process and an online Workshop dedicated to Digital Marketing and Telemarketing were carried out, with participation from sector experts, members of the Data Protection Authority and Business Associations.
ANTITRUST COMPLIANCE PROGRAMME
Compliance with antitrust law and the legislation on consumer protection is a priority for the Acea Group. To this end, Acea launched a project to revise and update the current Compliance Programme, aimed at the further reinforcement of the internal control system in terms of Antitrust & Consumer Protection and the improvement of the compliance strategies according to standards applied at European level and in line with the “Guidelines on Antitrust Compliance” issued by the AGCM, by national and European best practices and by the law. The subsidiaries have approved, according to the guidelines set out by the Parent Company, a specific Antitrust Programme, based on specific characteristics, the market context and the applicable legislative and regulatory provisions, and ensure the presence of an oversight unit with an Antitrust Representative responsible for implementing the Programme.
THE MANAGEMENT OF CYBER RISK AND PROTECTION OF INFORMATION ASSETS AND ICT SYSTEMS
Cyber threats that are potentially capable of causing a malfunction or interrupting the provision of essential services such as energy and water is one of Acea’s national security issues.
The Cyber Security Unit, part of the Technology & Solutions Department, adopted a model in line with the requirements of public institutions, activating the CSIRT (Computer Security Incident Response Team) operating structure with subsequent accreditation with the National CSIRT of the Presidency of the Council of Ministers. In response to the changing national legislative context, accreditation with the National Agency for Cyber Security, the Ministry of the Interior and Defence was obtained.
In line with the indications of the competent authorities, Acea invested in upgrading the measures for the protection of networks and IT, IoT and OT systems and launched a project to assess the status of central and field systems, especially those of a strategic nature, to be able to then implement increased security in the systems.
In 2021, the Cyber Risk Analysis Programme was launched on all Acea services for the identification, measurement and management of risk due to cyber threats. At the same time, with the creation of the Security Engineering structure, the Vulnerability Management Programme was launched, aimed at the research and mitigation of vulnerabilities, to identify and combat illicit actions, with machine learning, advanced analytics and big data instruments; a Security by Design process was also activated, for the implementation of security requirements during developments of all technological projects. Through the CSIRT structure, the Real Time Security Monitoring and Incident Management capacities were upgraded by over 50% compared to 2020 and the integration was launched between IT, IoT and OT protection processes, procedures and technologies, as per sector best practice, to ensure a holistic overview and united governance of security.
To adapt the company’s legislative context to the operating requirements, guidelines and procedures that define the conduct required of personnel, how to use IT resources and checks are being constantly updated.
Per adattare il contesto normativo aziendale alle esigenze operative, sono in continuo aggiornamento linee guida e procedure che definiscono i comportamenti richiesti al personale, le modalità di utilizzo delle risorse informatiche e i controlli.
A new service provision model was also made operational, based on the flexibility of the requirements of the operating companies, to increase the efficiency of the Group’s cyber security management at economic and operating level. The awareness & training campaign aimed at the entire company population also continued, to increase awareness and individual knowledge of cyber security topics. Lastly, Acea continued its commitment to the ECHO programme (European network of Cybersecurity centres and competence Hub for innovation and Operations) for the establishment of a European network of expert centres on cyber security and to the H2020 ATHENS project dealing with security and resilience of digital infrastructure.
PROTECTION OF PHYSICAL AND DIGITAL ASSETS AND MANAGEMENT OF INTERNAL RISKS
The Security Unit, within the Human Resources Function, oversees activities to protect the company’s physical assets, used for the prevention of fraud and compliance with current security regulations. It also defines the Guidelines and policies in terms of the safeguarding and protection of property; it oversees the design, installation and maintenance of the Security Systems for the company sites of the Group subsidiaries and it coordinates the implementation of plans for the continuity of operations and the management of emergencies.
The Security Unit manages the security and reception facilities and personnel and controls the Security Operating Room (SOS), the video surveillance, anti-intrusion and alarm systems; lastly, in collaboration with the relevant structures and companies of the Group it coordinates the proper performance of the activities required by judicial authorities, security institutions and the police.
The focus on the pandemic risk in the workplace also continued during the year, through the preparation of “access filters” to limit Covid-19 infection, carried out with the activation of 39 thermal imaging cameras at the main company offices, as well as App solutions on mobile devices for the electric signature and for checking the Green Pass upon entry, which allowed for full application of the regulations on managing the flow of employees and visitors in the workplaces.
In 2021, the replacement of IT equipment in the Security Operating Room was launched in order to improve performance and achieve compliance with the best standards of security, and new technologies (digital cylinders) were adopted for access to sensitive locations.
Within the framework of the Internal Control and Risk Management System, Group companies adopt their own Organisation, management and control models pursuant to Legislative Decree no. 231/2001 to prevent the risk of certain crimes or administrative offences committed in their interest or benefit by top management or subject to the management or supervision of the latter. The development of the Models is preceded by a mapping of the business areas concerned (so-called “risk areas”) and the identification of sensitive activities and potential offences. The Models are promptly updated in response to changes in the organisation or activities carried out, or following the introduction of new cases in the catalogue of predicate offences of the aforementioned legislative decree.
The Supervisory Body (SB) has full and autonomous powers of initiative, action and control regarding the operation, effectiveness and observance of the specific Models. An oversight organisation was set up in the Internal Audit Department, which ensures auditing and the flow of information to the Supervisory Body. For Acea, the adoption of principles and compliance with the rules set out in the Company Code of Ethics – an integral part of the 231 Model and the internal control system – are also relevant to prevent crimes pursuant to Legislative Decree no. 231/2001, as well as being a ready reference for all those who are addressed by the Code.
The Internal Audit function carries out the controls envisaged in the Audit Plan, approved by the Board of Directors and subject to the opinion of the Control and Risk Committee. The Plan is drawn up on the basis of the analysis and prioritisation of the main risks for Acea and its subsidiaries, carried out during the Risk Assessment, also thanks to the monitoring carried out by the corporate Functions responsible for second-level controls.
In 2021, around 86% of the Plan activities concerned corporate processes deemed as exposed to the risks as per Legislative Decree no. 231/01, amongst which the crimes regarding corruption, the environment, and in violation of injury prevention laws and the laws safeguarding occupational health.
With regard to audits of processes related to risks of corruption, there are in particular periodic audits of “Sponsorships”, “Consulting”, “Personnel selection” and “Purchasing and payments” for all companies that adopted the Model pursuant to Legislative Decree no. 231/01.
As required by the professional standards of the Institute of Internal Auditors (IIA), the audits also assess the specific fraud risks of the process analysed and test the operation of the related controls. With reference to detection audit activities, 23 Key Risk Indicators have been adopted for the purchasing area, which are analysed periodically.
REPORTS RECEIVED RELATED TO THE CODE OF ETHICS
In 2021, projects were launched to update the Code of Ethics in view of the organisational and regulatory changes that had developed since it was last approved. The principles and core values of the Acea Group, which already represent a key asset for the company, will be revised to ensure their alignment with the current context of reference.
Acea has a procedure which can be activated by both employees and external parties, for the receipt, analysis and processing of reports – so-called “whistleblowing” reports – relating to potential violation of the law, the internal rules and the Code of Ethics, as well as issues pertaining to the Internal Control System, corporate information, the Company’s administrative responsibility (Legislative Decree no. 231/01), fraud and conflicts of interest, while ensuring the maximum level of confidentiality and privacy when processing the reports received in order to protect the whistleblower and the reported party. The “Comunica Whistleblowing” company IT platform uses an advanced encryption system for communications and its database to guarantee compliance with required regulatory standards (Law no. 179/2017), confidentiality for whistleblowers, secure filing of documents sent and uploaded to the system and confidential management of analysis and other processes.
The reports related to alleged violations of the Code of Ethics and the SCIGR of the Group companies are sent to the Ethics Officer, the collegial body within the Group that manages the system for reporting alleged violations due to non-compliance with the law, the internal regulations and the Code of Ethics and monitors observance of the values of transparency, legality, fairness and ethical integrity in relations with employees, suppliers, customers and all stakeholders. The Ethics Officer also prepares periodic reports on the main findings to company top management and the supervisory bodies.
In 2021 the Ethics Officer received 14 reports, of which 12 related to alleged violations of the Code of Ethics and 2 for alleged violations of the SCIGR; 8 of these reports were sent to the Ethics Officer’s email address, 1 via ordinary mail and 5 via the whistleblowing platform. Classifying the reports by topic, 7 pertain to procurement/ supplier relations; 4 to human resources; 2 to health, safety and environment and 1 to the protection of company assets.
Following preliminary verification or checks, during closure, the reports were classed with the following outcomes: 1 report was considered founded and, therefore, the company involved implemented initiatives for the implementation and reinforcement of the existing checks; 6 reports were considered “unfounded”, 7 were “filed” since they were “not substantiated” and “not verifiable”.
ACEA ETHICS OFFICER AND THE CODE OF ETHICS: THE “PROTEGGO L’AZIENDA CHE MI PROTEGGE” [I PROTECT THE COMPANY THAT PROTECTS ME] CAMPAIGN CONTINUES
The Ethics Officer is also tasked with supporting the company departments appointed to Code of Ethics training, by promoting communication programmes and activities intended for their maximum dissemination, in addition to the Ethics and Sustainability Committee in monitoring the adequacy and implementation of the Code of Ethics (for the matters within its remit). To this end, he/she can suggest that the Ethics and Sustainability Committee issue or amend any guidelines and operating procedures in order to reduce the risk of violation of the Code of Ethics and indicate opportunities to update it
In 2021, the Ethics Officer continued to support the internal communications campaign “Proteggo l’azienda che mi protegge” [I Protect the Company that Protects Me] intended to disseminate the knowledge of the whistleblowing tool and to encourage greater awareness of the values and principles contained in the Acea Group Code of Ethics and the importance of protecting them, through publication on the company intranet of Campaign “news” and video clips, produced with contributions from colleagues and top management.
INTEGRATED ANALYSIS AND RISK MANAGEMENT METHOD
Acea continues to develop the ERM Programme, based on the CoSO framework “Enterprise Risk Management (ERM) - Integrating with Strategy and Performance” 2017, to improve an integrated vision of risks and their proactive management. The aim of the ERM Programme is to:
- Represent the type and significance (probability and economic-financial and/or reputational impact) of the main risks, including sustainability risks, that may jeopardize the achievement of the Group’s strategic and business objectives;
- Address strategies and subsequent additional mitigation actions.
The methodology and tools uses to identify risks and assess their severity in a consistent manner at a Group level – definition of the Risk Model – further focused the analysis on ESG aspects and the risk scenarios associated with the issues that emerged from the Materiality Analysis. During the Risk Assessment, performed annually at Group level, the Risk Owners identify the risk scenarios related to the Acea material topics, highlighting the possible impact and typical control activities implemented in order to manage and mitigate them. The results of the ERM Programme are also taken into account when planning actions to mitigate risks and seize opportunities by Group companies with certified Management Systems.
The ERM processes allow for constant interaction between the ERM Unit of the Parent Company’s Risk & Compliance Function and the focal points in the Risk & Compliance Units of the Operating Companies (see Chart no. 17).
Chart no. 17 – The ERM Unit and the corporate focal points
Table no. 10 – Acea material topics, risks and management methods
Highly significant material topic and related risk | Potential impact on Acea |
Potential impact on stakeholders and capital | Risk management method |
---|---|---|---|
SUSTAINABLE WATER CYCLE MANAGEMENT unfavourable natural events and/or climate change; authorisation delays impacting on optimal management conditions; monitoring and analysis |
economic/ financial reputational |
environment and community natural and social-relational capital |
|
SUSTAINABILITY IN INFRASTRUCTURE DESIGN, CONSTRUCTION AND MANAGEMENT environmental and social impacts from inadequate and failed design, construction and/or management of plants/ networks |
economic/ financial reputational |
environment, community, institutions, suppliers natural, production and social-relational capital |
|
OCCUPATIONAL HEALTH AND SAFETY accidents at work, risk of spreading disease |
economic/ financial reputational |
employees |
|
INNOVATION OF SMART UTILITY PROCESSES, INFRASTRUCTURE AND SERVICES operational inefficiency due to technological and innovative inadequacy; cyber risk |
economic/ financial reputational |
community and business partners production, intellectual and social-relational capital |
|
SUSTAINABILITY AND CIRCULARITY ALONG THE SUPPLY CHAIN failure to control the purchasing process – failure of suppliers to comply with the requirements (health and safety, environmental, anti-corruption) |
economic/ financial reputational |
environment and suppliers natural, human and social-relational capital |
|
EFFICIENT USE OF WASTE FOR A CIRCULAR ECONOMY failure to comply with regulations; |
economic/ financial |
environment natural capital |
|
STRATEGIC APPROACH TO STAKEHOLDER AND COMMUNITY RELATIONS tensions with stakeholder representatives in the region with negative effects on the development of activities |
economic/ financial reputational |
community social-relational capital |
|
BUSINESS ETHICS AND INTEGRITY conduct contrary to binding regulations, internal rules and standards of reference |
economic/ financial reputational |
community, institutions and business partners production, intellectual and social-relational capital |
|
CUSTOMER FOCUS failure to achieve service quality levels until they are discontinued |
economic/ financial reputational |
customers social-relational capital |
|
AIR QUALITY: REDUCING EMISSIONS INTO THE ATMOSPHERE AND POLLUTION exceeding the emission limits envisaged by laws and authorisation decrees; failure to achieve the dissemination objectives of consumption from renewable sources |
economic/ financial reputational |
environment and community natural capital |
|
INVOLVEMENT OF PERSONNEL, INVESTMENT IN HUMAN CAPITAL lack of adequacy both in terms of skills and organic plants |
economic/ financial reputational |
employees human capital |
|
PROTECTION OF THE TERRITORY impacts on environmental balance conditions caused by plants that unexpectedly do not comply with legal limits |
economic/ financial reputational |
environment natural capital |
|
DECARBONISATION AND ADAPTATION TO CLIMATE CHANGE failure to build sustainable plants and to adapt operating practices to the evolution of climate change and to achieve the dissemination objectives of consumption from renewable sources (production of energy from renewable sources, resilience of the electricity grid, availability of water) |
economic/ financial reputational |
environment and community natural and production capital |
|
CONSOLIDATION OF SUSTAINABILITY ELEMENTS IN CORPORATE GOVERNANCE violation of Legislative Decree no. 254/16; |
reputational | shareholders economic-financial and intellectual capital |
|
BUSINESS EVOLUTION THROUGH OPEN INNOVATION AND DEVELOPMENT OF SYNERGIES WITH SCIENTIFIC AND ENTREPRENEURIAL PARTNERS inability to seize opportunities deriving from technological innovations and their integration into business processes |
economic/ financial |
community, institutions and business partners production, intellectual and social-relational capital |
|
COMPANY WELL-BEING, DIVERSITY AND INCLUSION increased absenteeism rate; negative company climate; possible lawsuits from employees | reputational | employees intellectual and social-relational capital |
|
The ongoing Covid-19 phenomenon also continues to impact on the risk analysis and the identification of risk management methods; for example, in relation to occupational health and safety and corporate well-being, the aspects related to detecting and managing the health risk and vaccination campaigns, widespread remote working (smart working) or, in relation to the guarantee of customer focus, the aspects associated with upgrading the digital channels and their innovation.
The topic of climate change is monitored by Acea, which responds to the CDP questionnaire (formerly Carbon Disclosure Project), including the assessment of risks and opportunities related to activities in the short, medium and long term. Table 11 provides a representation of the main evidence: short, medium and long-term scenario and more significant implications for the company in terms of financial, reputational, environmental and customer impact. In 2021, Acea also concluded an initial important project for alignment with the International Recommendations of the Task Force on Climate-related Financial Disclosures (TCFD) (see the dedicated box in Relations with the environment).
Table no. 11 – Risks and opportunities related to climate change: CDP evidence
Type of risk | Type details and risk description |
Most impacted industrial areas | Time frame |
|
---|---|---|---|---|
TRANSITION Risks arising from the ongoing transition to a decarbonised economic system (e.g. regulatory, technological, market) |
Legislative/Regulatory These risks can manifest in the following ways: |
Energy production (thermoelectric and waste-to-energy) Electricity grid management Water management |
short/medium term | |
Technology Technological evolution may impose the reconversion of the design of processes in order to make them less polluting (for example replacing existing plants or parts thereof with other low-emission technologies) |
Energy production (thermoelectric and waste-to-energy) Electricity grid management Water management |
medium | ||
Legal These include risks related to the worsening of legal and economic sanctions for failure to comply with technical quality and performance standards in the electricity and water services (fines and incremental compliance costs) |
Electricity grid management Water management |
medium-long | ||
Market Commercial risks are attributable to the failure to adapt the products/services of the Group companies to the new requirements of customers, who are increasingly more aware of the topics of sustainability, or to the increase in poverty, also caused by climate change, which changes the habits of consumers/customers |
All businesses and Commercial in particular | medium-long | ||
Reputational Reputation risk derives from a negative perception of the company’s image by its stakeholders as a result of negative events/conditions associated with climate change (e.g. interruption in services caused by the scarcity of water or by extreme weather events) |
The Acea Group | short/medium term | ||
PHYSICAL Risks arising from the physical effects of climatic events (acute if related to episodic phenomena, or chronic if related to long-term changes) |
Acute Extreme weather events such as heavy rainfall and cloudbursts place stress on the resilience of the electricity grid (interruption to power supply) but also create difficulties in the normal management of over-abundance of water in the water service: cloudbursts can also cause a temporary service disruption in wastewater treatment plants or the entire sewerage network service. |
Electricity grid management Water management Energy production |
short-medium-long | |
Chronic The reduction in rainfall can have a negative impact on the electricity distribution service, the production of electricity by the hydroelectric plants and the availability of water for human consumption, thus causing an increase in energy consumption for the withdrawal of water. |
Electricity grid management Water management Energy production |
short-medium-long | ||
OPPORTUNITIES | ||||
driver | Type details and opportunity description | Industrial areas affected | Time frame | |
Circular economy | Promotion of circular economy models and waste recovery projects, for example with waste-to-energy processes combined with material recovery (for example: sodium and ash recovery) | Environment Segment | medium | |
Development of photovoltaic plants | Diversification of production facilities with the acquisition and/or construction of photovoltaic plants that, in addition to receiving incentives for the feeding of electricity produced into the grid, allow balancing any reductions in hydroelectric production | Production of electricity; technological innovation |
medium | |
Increase in network resilience | Investments to improve the resilience of the electricity grid promoted by ARERA | Distribution of electricity |
medium | |
Market and services | Opportunities arising from the change in energy demand related to changes in peak ambient temperatures and the increase of the average temperature, with an impact on price growth and volumes sold | Energy sales | short/medium term |
By 2022, Acea will publish a document on climate reporting, in alignment with the Recommendations of the Task Force on Climate- related Financial Disclosures (TCFD), in order to develop better awareness and financial reporting practices related to most significant aspects of climate change (see section Relations with the environment).
Lastly, in relation to the management of operational risks in case of emergency and the preventive and operational initiatives defined by the Group companies, refer to the chapter Institutions and the Company (paragraph Plans for emergency management).
ANALYSIS OF POTENTIAL ENVIRONMENTAL RISKS
The companies operating in the industrial segments of Water, Energy Infrastructure, Generation and the Environment with ISO 14001:2015 certified environmental management systems have identified the potential negative environmental impacts generated by the activities in relation to specific events or operations.
For the Water sector, the main risks concern: acute or chronic climatic phenomena or seismic events, which could cause structural failure or malfunctions in the plants and network systems managed, causing water shortages for users or accidental spillage of pollutants; inefficient operational management of water, which could cause high levels of losses with consequent excessive consumption; water stress; possible breach of water control parameters with environmental consequences; inadequate interventions on the sewage treatment system with possible contamination of the soil and water bodies; risks of fires and explosions in treatment plants related to the production of biogas, with possible impacts in terms of emissions into the atmosphere.
In the context of Energy Infrastructure, the main risks are attributable to: existence of overhead and underground systems with impacts in terms of land use and subsoil; generation of waste and impacts on ecosystems; generation of electromagnetic fields with impacts in terms of exposure; maintenance of transformation plants with potential soil and subsoil contamination with hazardous materials; maintenance and construction of plants with impacts in terms of production of special waste.
For the electricity Generation activities, carried out with renewable and conventional power plants, the potential environmental risks attributable to the ordinary management of the plants or in the event of critical events like fires or explosions may lead to the accidental spillage of pollutants or the exceeding of threshold values in emissions (into the atmosphere, surface water and sewerage). An example of environmental risk derives from the potential dangerousness of structural failure of hydraulic works attributable to critical natural phenomena (such as earthquakes of particular intensity and/or millennial floods), which could affect the territory downstream of the plants (e.g. floods).
The Environment sector involves the treatment, recovery and disposal of waste, the recovery of materials and energy (waste-to-energy and composting) and the collection, transport, recovery and disposal of non-hazardous waste produced by waste treatment plants. In this context, potential risks for the environment could take the form of spills of hazardous substances and consequent contamination of the soil and aquifers or surface waters, or of emissions into the atmosphere or water above specific prescribed limits, the treatment of waste not compliant with the reference legislation with repercussions on plant operations, unintentional fires that may cause interruptions to plant operations and pollution of the surrounding areas, as well as the failure to make investments or carry out works on the plants, with impact on the company’s management due to delays in the issue of authorisations; finally, environmental exposure can be caused by noise, odour and dust produced during extraordinary maintenance of the plants.