Risk and Crisis Management

Risk and Crisis Management

Abengoa groups together more than 600 companies, all operating in over 70 countries and employing more than 26,000 workers. With this in mind, it is essential to define a common business management system enabling the group to work effectively, coherently and in a coordinated fashion.

The current scene is characterized by dizzying growth in technology, rapid social, economic and political changes and the overriding need to generate value.

To tackle the threats stemming from this situation, while also harnessing business opportunities as they arise, Abengoa believes that risk management is an essential function for adopting strategic decisions, and that the company must have criteria and approaches in place to pave the way for secure business growth.

Abengoa’s Risk Management Model comprises two core elements:


  • Common Management Systems (NOC)
    These comprise the internal rules governing Abengoa and the approach to assessing and controlling risks. They represent a common and shared culture when managing Abengoa business, in that they share accumulated knowledge and define criteria and guidelines for the entire organization.
    The systems envisage a host of specific procedures covering any action that could be seen as a risk for the company, regardless of whether it has economic or financial implications. They are available electronically to all employees, irrespective of geographic location or job category.
  • Obligatory Compliance Procedures- SOX
    Obligatory Compliance Procedures (OCP) are employed to mitigate risks relating to the reliability of financial information. The company adopts a system combining control procedures activities in key areas for the company, the ultimate aim being to ensure the reliability of financial information and prevent fraud.
    As a product of our firm commitment to transparency, and so as to continue guaranteeing the reliability of the financial information prepared by the company, we have continued to strengthen our internal control structure and to tailor it to the requirements prescribed by Section 404 of the North American Sarbanes-Oxley Act (SOX). Following on from previous years, the company has once again this year voluntarily submitted the internal control system for the entire group to an independent audit entrusted to an external auditing firm in accordance with PCAOB (Public Company Accounting Oversight Board) auditing rules.

Abengoa is full aware of the importance of managing its risks in achieving a suitable degree of strategic planning and accomplishing the objectives it has set itself.

The approach to risk management, which comprises a raft of common beliefs and attitudes, is contained within and applied through Abengoa’s Risk Management System, which is based on the Universal Risk Model. Schematically, this can be represented as follows:


The responses designed and included within the compulsory compliance norms (Normas de Cumplimiento Obligado, or NOC) and the OCP aim towards one of the following risk management scenarios:

  • Elimination. Complete elimination of the risk. Reduction and control.
  • Reduction of the risk to the fullest extent possible by adopting strategic or security-related measures (diversification of supply, quality systems, maintenance, prevention, etc.).
  • Transfers to third parties. Transfer the risk to an insurance firm or third party (supplier, subcontractor, etc.), without Abengoa assuming any liability in relation thereto.
  • Financial withholding. Assumption of the risk, if it has not been controlled in any other way.

Abengoa defines risk as any potential event that could prevent or hinder the company from accomplishing its business objectives.

The company believes that risks can arise as a loss of opportunities or strengths, or otherwise materialize as a threat or a deteriorating weakness.

Abengoa’s approach to risk is firmly based on awareness, involvement and anticipation, and with this in mind:

  • In order to attain pre-determined business objectives, risks must be managed throughout all levels of the company, without exception.
  • The Board of Directors is tasked with overseeing the efficiency of the company’s internal control and risk management systems.
  • Decisions must always be taken with shared and mutually agreed responsibility.
  • Abengoa’s Risk Management System has been fully integrated into:
    • The strategic planning process.
    • The process of defining business objectives.
    • The daily operations required to reach these objectives 
  • Risk management embraces risk identification, assessment, response, oversight or follow-up and reporting, in accordance with the procedures in place for such purposes.
  • Responses must be consistent and fully tailored to existing business conditions and the prevailing economic climate.
  • The management must periodically assess the valuation of its risks and the responses designed.
  • The company shall also periodically monitor and, where appropriate, report that the risk identification, assessment, response, oversight and reporting processes included within Abengoa’s Risk Management System are working as intended.

Over the course of 2010, the company continued to develop its Universal Risk Model, a methodology capable of quantifying the risks present in the Risk Management System.


Working Processes within Risk Management

The risk management process at Abengoa is a continuous cycle featuring five key phases.


Reliable and periodic communication is essential during each phase to ensure a healthy outcome.

As we are dealing with a continuous cycle, permanent feedback is needed in order to make continuous improvements to the Risk Management System. These processes are applied universally throughout the entire company.