Roles and responsibilities
Our risk management and internal control system is at the heart of our ‘three lines of defence’ model, which details the relationship between, and the responsibilities of the business, Risk Management & Internal Control and Internal Audit.
First line of defence: Business
TenneT's management bears primary responsibility for identifying, controlling and monitoring risks associated with processes and for maintaining an appropriate internal control framework. The objective of this framework is to safeguard the realisation of our process objectives and establish the reliability of our internal and external reporting.
Second line of defence: Risk management & internal control
Risk Management & Internal Control is responsible for coordinating, developing and monitoring TenneT’s risk management and internal control system, and supports and challenges the business on risk management and internal control matters. Risk Management & Internal Control is also responsible for independent risk reports to the Executive Board, the Supervisory Board and the Audit, Risk and Compliance Committee.
Third line of defence: Internal audit
Internal audits are fundamental to TenneT’s risk management and internal control system. These audits provide management with (additional) assurance on the effectiveness regarding governance, risk management and internal control.
The Internal Audit department schedules its audits according to an annual risk-based audit plan that reflects the latest operational and strategic risk assessments, as well as additional insights into external developments and earlier audits, and opinion from business experts.
Internal Audit reports its findings and the status of follow-up actions to the Executive Board and the Audit, Risk and Compliance Committee on a quarterly basis.