Enterprises interact with their surroundings and with the different factors which converge therein. Indeed, financial, political and competition factors, among others, represent the elements relative to a company’s risks in a higher or lower degree. International standards establish the need to have plans to address risks to facilitate their identification, impact and mitigation - all represented at EPM by an integral risk management.
Risk management as a discipline of a business’ activity is based on a series of strategies which enable the prevention of events that may affect meeting its goals or reducing its consequence if the events take place.
In public administration, Risk Management is demanded by Decree 1537 of 2001, issued by the Administrative Department of Public Duties (Departamento Administrativo de la Función Pública), as an integral part to enhance the internal control systems of public entities.
Later, through Decree 1599 of 2005, the Standard Model of Internal Control (SMIC) was adopted for all state-owned entities. This model defines Risk Management as a component of the Strategic Control Subsystem.
EPM, with the purpose of facilitating and achieving its strategic goals and acting within the legal framework in effect, has been conducting an integral or comprehensive risk management. Defining a policy for an integral risk management, assigning roles and responsibilities, applying the methodology Guide for risk management, among other elements, enable this purpose and help meet the requirements of the Technical Quality Standards in Public Management NTC GP 1000:2004 and to implement the Standard Model of Internal Control (SMIC) 1000:2005.