Risk Management at Astaldi (Part One)

At Astaldi, we view risk as an integral part of the business. Successful risk management is aimed at exploiting business opportunities for future growth while, at the same time, safeguarding the company’s current assets and value. Therefore, it is important to align risk management with key targets that shareholders hold as critical for the company’s success.

We have long recognized that taking measured risks and ensuring the company’s risk profile is consistent with strategic objectives, is a core management responsibility. To better support management with critical decision making and assessing associating risks, we established the Corporate Risk Management Department in 2011.

Today, risk management within Astaldi is a proactive process integrated with existing decision-making and planning processes. The mission of our department is to enhance management’s decision-making capabilities to anticipate and manage risks affecting the company’s objectives and expected results while also responding to governance pressures, such as stronger expectations from investors and analysts, periodic reporting to the board as requested by the Codice di Autodisciplina of Borsa Italiana, and keeping current with risk management best practices.


Risk Management at Astaldi


The head of the Corporate Risk Management department serves as the primary connection between Astaldi’s top management and other operational managers and communicates strategic guidelines and objectives to ensure all risk-related activities are aligned. A senior risk manager oversees the work and reporting conducted by risk managers assigned to each Astaldi geographic area, as well as those attached to large projects.

In order to ensure the consistency and coordination of risk management activities at corporate and area/project levels, Astaldi has defined a risk governance system that includes the following department responsibilities:

  • Defining and developing an informed risk culture within the company and providing appropriate training for supporting tools and systems, as well as all guidelines, processes, and responsibilities associated with risk management.
  • Incorporating risk assessment into the strategic planning and business processes of all areas and units.
  • Continual monitoring of all risk-related activities and processes, as well as tools and methods used to identify, assess and measure key risks.
  • Providing constant, relevant, and accurate information for senior managers, stakeholders, and the company’s control and risk committee.


Risk management at Astaldi revolves around two processes. The project risk management process is focused on risk analysis, quantification, and management activities related to a specific project for its entire life span. The enterprise risk management process is carried out across the entire organization to assess, quantify, and mitigate what Astaldi calls “top risks” faced by the company.


Project Risk Management

The project risk management process is comprised of the following phases:

  • Risk classification, performed at an early stage of every new business opportunity. Each is assigned a risk class: low, medium, or high.
  • Risk identification comes during the bid or acquisition stage. Risk managers assess and document in detail feasibility and impact at multiple levels.
  • In the risk evaluation phase, each risk is evaluated using a structured qualitative or quantitative methodology.
  • In risk management, action plans are defined for each main risk of a project. Planning documents include strategies to be adopted, as well as milestones, ownerships, and expected benefits.
  • In risk monitoring, risk registers, which incorporate salient information from all previous stages, are updated every three to six months (or more frequently, depending on the characteristics of the project), as well as for every business planning and forecasting initiative.

Enterprise Risk Management

At its inception, the risk management department established a risk universe, which currently comprises 135 risks, touching all aspects of the business, and organized into categories. It then selected five categories that are considered “top” because of their potential impact on the company’s strategic objectives and goals. For each “top” risk category, key risk indicators (KRIs) and risk tolerance thresholds were identified.
Cross-functional teams (one for each top risk category), appointed by senior management, monitor and manage the identified KRIs using specially created dashboards. Team members are charged to determine any corrective actions needed to maintain the risk tolerance thresholds for each category.


The Payoff

For certain, implementing a risk-aware culture takes time, significant energy, and buy-in throughout the organization. Executive sponsorship from senior management is absolutely essential. And, those responsible for overall risk management must be willing to evolve and fine-tune processes and tools based on input from those involved.
But, a structured approach to risk management pays off with greater business agility and the ability to face challenges with a proactive process and greater confidence. It also demonstrates to shareholders – and the market – that the company has solid corporate governance and a business strategy determined with risk appetite in mind.

In my next post, I will focus on how CCH Tagetik supports our risk management processes.

For a preview download the Astaldi Case Study!


Risk Management at Astaldi

Share this post!