SSE : Group Risk Report 2021

GROUP RISK REPORT

2020/21

CONTENTS

1. About SSE
2. Managing SSE's Principal Risks

CORE

businesses	SSE Renewables
What it does
	Develops, builds, operates and invests in assets that generate electricity from renewable sources.
	Who it does it for
	For electricity customers across the GB and Ireland markets, who are increasingly seeking lower-carbon sources of energy.
Energy	How it supports net zero
Develops and generates zero-carbon electricity at large scale from onshore and offshore wind farms and provides clean flexible power from hydro
	schemes.
	How it is remunerated
	Through the wholesale energy market, ancillary services market, Capacity Market, power purchase agreements, and government support schemes for
	renewable energy.

4 SSE's System of Internal Control

6 Risk Management Framework

8 Review of Group Principal Risks

10 2020/21 Group Principal Risks

21	2020/21 Emerging Risk
22	Risk Appetite Statement

Networks businesses

SSEN Transmission

What it does

Owns, operates and maintains the electricity transmission network in the north of Scotland.

Who it does it for

Electricity generators, large electricity demand customers and ultimately all electricity customers across GB.

How it supports net zero

Connecting sources of renewable electricity generation to the national grid and transporting that clean electricity to areas of demand.

How it is remunerated

Through economically regulated returns that are recovered from electricity generators and customers and potentially enhanced through efficient delivery.

SSEN Distribution

What it does

Owns, operates and maintains the electricity distribution networks in the north of Scotland and central southern England.

Who it does it for

For the homes, businesses, generators and service providers that are connected to, or are seeking a connection to, its distribution networks and electricity customers in its operating area in the North of Scotland.

How it supports net zero

Through the timely connection of local renewables and the coordinated delivery of network investment and flexible solutions to alleviate network constraints and allow for further electrification.

How it is remunerated

Through economically regulated returns, recovered from customers and connecting parties. Additional earnings can be made through efficient delivery of investment and targeted, performance-related incentives.

COMPLIMENTARY

23	Viability Statement

CORONAVIRUS STATEMENT

Energy businesses

SSE Thermal

What it does

Generates electricity from thermal sources in a reliable way, supporting balancing of the electricity systems in GB and Ireland. In addition, SSE Thermal's Gas Storage business holds around 40% of the UK's underground capacity.

Who it does it for

For electricity suppliers, traders and other generators through the energy market; for the national grid; and ultimately all electricity customers across GB.

How it supports net zero

Produces progressively lowercarbon electricity and electricity system support to enable net-zero transition. Facilitates increasing levels of renewable electricity by offering flexibility to balance renewables' natural variability.

How it is remunerated

Through the wholesale energy market, Capacity Market and ancillary services market.

Customers

What it does

SSE Business Energy and SSE Airtricity provide energy and related services to households, businesses and public sector organisations across Great Britain and the island of Ireland.

Who it does it for

For domestic and business customers in the Republic of Ireland and Northern Ireland, and business customers in Great Britain.

How it supports net zero

Increases the accessibility of green energy solutions through the provision of customer- driven propositions and acts as a partner to customers and stakeholders as they seek ways to respond to the climate crisis.

How it is remunerated

Competing for customers and direct billing to them and third party intermediaries (GB), and through state-supported schemes (ROI).

SSE Enterprise

What it does

Following the sale of its Contracting arm, SSE Enterprise is increasingly focused on distributed energy solutions. The business invests in, builds and connects localised flexible energy infrastructure. It offers integration, aggregation and trading capability via the Energy as a Service platform and provides digital services for buildings, cities and businesses.

Who it does it for

The public sector and commercial and industrial markets in the UK and Ireland.

How it supports net zero

Through offering grid edge services, bringing low-carbon,on-site generation, storage and delivery flexibility close to the point of use. Diverse capabilities (battery, solar, EV infrastructure, district heating and networks infrastructure deployment) offer a local 'whole system' approach.

How it is remunerated

Through the open B2B market, CPPAs and public and private sector tenders.

Energy Portfolio

Management

What it does

Combines trading skills and deep market insights to drive value by providing energy trading, risk management and settlement services, and wider analytical support and insights, including business unit advice on long- term market decisions.

Who it does it for

For SSE's Business Units and the SSE Group.

How it supports net zero

Provides efficient route- to-market for low-carbon electricity, supports system balancing and provides energy solutions for business energy customers.

How it is remunerated

Receives fees for providing energy trading services to other parts of the Group.

The report covers the first full year of operations within the constraints of the coronavirus pandemic. Thanks to a highly resilient business model and the commitment and flexibility of its employees, SSE maintained the safe and reliable supply of electricity throughout the year and did not draw on furlough or rates relief in doing so. SSE Renewables, SSEN Transmission and SSE Thermal were not significantly adversely affected by the pandemic and the financial impact on the Group's other businesses was restricted to £170m for the year.

	What it does
services	Provides cost-effective shared HR, legal, finance, IT, procurement, investor relations, corporate affairs and other services. Ensures compliance with
Who it does it for
	SSE's regulatory requirements as a listed company. Develops a strategic framework that maintains the Group's focus on net zero through targeted
	acquisitions and non-core disposals. Provides finance and capital allocation to fund growth. Offers the regulatory and policy insight required to
	navigate each stage of the energy value chain.
Group	For the SSE Group's core and complementary businesses and their stakeholders.
How it supports net zero
	Through the advancement and promotion of SSE's sustainability and ESG credentials, and delivery of a net zero-focused strategy.
	How it is remunerated
	The Group services function is funded by business units through a recharge model and corporate unallocated costs as set out in SSE's Financial Statements.

1

MANAGING SSE'S PRINCIPAL RISKS

MANAGING SSE'S PRINCIPAL RISKS

The execution of SSE's strategy and delivery of its purpose is dependent on the effective identification, understanding and mitigation of the Group's Principal Risks.

SSE's established Risk Management Framework and the wider system of internal control described on pages 4 to 5 continued to inform strategic decision- making in 2020/21. This, combined with a resilient business model, helped the Group manage and minimise the human, operational and financial impacts of coronavirus and to meet its objective

of supporting the reliable supply of electricity to those who needed it, particularly those tackling the pandemic.

In addition to coronavirus, SSE managed and assessed the potential risks associated with a number of other external factors throughout the year. Brexit gave rise to a high degree of economic, regulatory and political change. SSE was well prepared and the direct impacts were limited, but it continues to manage the resulting uncertainty over carbon pricing and the establishment of a standalone UK Emissions Trading System agreement.

SSE also appealed to the CMA on a narrow range of technical points against Ofgem's final RIIO-T2 price control determination, seeking to balance affordability for energy consumers with the need to attract the investment needed for the transition to net zero.

Against this backdrop SSE continued to deliver significant strategic progress through its disposals and capex programmes. The Group has been streamlined and £1.5bn of proceeds have been announced through the sale of

noncore assets and construction is under way on a number of predominantly low- carbon infrastructure projects including the world's largest offshore wind farm at Dogger Bank.

The above factors, along with the likely longer-term impacts of the coronavirus pandemic in the UK, Ireland and abroad and all other influencing factors formed the basis of the full review of SSE's Principal Risks that took place during the financial year.

Board Considerations

Effective identification, understanding and mitigation of Principal Risks underpins the Board's approach to setting strategic objectives for SSE and informing strategic decision making. The Board aims to consider all material influencing factors and key external trends in the energy market, including those relating to climate change, technological developments and capital flow and aims to do so in a way that reflects the expectations of SSE's key stakeholder groups.

These material influencing factors also have an impact on the nature and extent of risks the Board is willing to take in order to meet these objectives, and related mitigation strategies adopted by the Group. Material changes in the nature and potential impacts of SSE's Group Principal Risks are regularly assessed with appropriate mitigations implemented where necessary.

Overseeing Risk

The Group Executive Committee and its sub-committees have responsibility for overseeing SSE's Principal Risks.

During the third quarter of SSE's financial year, an assessment of each Principal Risk is completed by the assigned oversight committee. This assessment requires committee members to provide commentary on contextual changes to the risks and whether they consider them to have become more or less material during the year. In 20/21 this commentary covered both changes specifically related to coronavirus and those changes that are not related to the pandemic impacts. Consideration is also given to potential emerging risks and whether or not any of those identified have the potential to become a Principal Risk to the business in the medium- to long-term.

These responses are then consolidated into reports, one for each Principal Risk, which are presented back to the committees along with the results of provisional viability testing and analysis of relevant, current management information and key information relating to Business Unit Principal Risks and Controls. These reports form the basis for the committees to discuss and confirm the risk trend (more, less or equally material), overall effectiveness of the risk control and monitoring environment, and whether any additional control improvement actions are required. This

is an inclusive and iterative process that results in considered and objective outputs and a robust assessment of Principal Risks.

The outputs from these committee assessments are then presented to the Group Executive Committee for full review, with any emerging risks or additional material changes resulting from this being proposed to the Board.

2020/21 Review Outcome

Following the 2020/21 annual review process, the number of Principal Risks to the Group remains at 11 but there are two revisions of note.

The "Large Capital Projects Quality" risk has been redefined and renamed "Large Capital Projects Management". This broadens the risk definition in response to changes in the operating environment and reflects the increase in value of SSE's Large Capital Projects portfolio over the next 10 years.

The emerging risk "Joint Venture and Partner Management" previously identified during 2019/20 was retained by the Board. The importance of joint ventures and partner management continues to increase in SSE as its Business Units pursue their strategic and

business objectives in association with other companies and organisations, in some cases in international markets. An additional review of this emerging risk will be undertaken by the Group Risk Committee in Q2 of the financial year 21/22.

Important revisions have also been made to the descriptions of each of the other Principal Risks to take account of key developments and corresponding mitigations that were introduced during the year. Full details of the Group Principal Risks are available on pages 10 to 21.

2SSE PLC Group risk report 2020/21

3

SYSTEM OF INTERNAL CONTROL

SYSTEM OF INTERNAL CONTROL

The various elements that make up SSE's Risk Management Framework are aligned to different levels of its Governance Framework as shown in the diagram. Outputs of the Strategic Framework - principally being the Group's objectives and the SSESET of values - form the basis for all activity within the Risk Management Framework.

The Governance Framework. Designed to ensure focus on the key components of high quality and effective decision-making- clarity, accountability, transparency and efficiency. For further details please see page 102 of the Director's Report of the Annual Report and Accounts.

The Strategic Framework. This includes Group's strategic objectives, financial objective and sustainability goals and forms the basis for all activity within the Risk Management Framework. For further details please see pages 8 to 13 of the Strategic Report of the Annual Report and Accounts.

The Risk Management Framework. This Framework supports each Business Unit in managing its risks and helps to ensure that the Board can meet its obligations. The framework is underpinned by

the fundamental principle that everyone at SSE is responsible for the management of risk.

The Assurance Framework. An integrated programme of audit and assurance activity that is independent of the day to day operations of the Business Units and Corporate Functions. It is made up of Internal Audit, Group Compliance, Large Capital Projects Services and Group Safety, Health and Environment.

The Standards and Quality Framework. Sets out the expected standards and guidelines to be followed in the delivery of the Group's core purpose.

GOVERNANCE

FR AMEWORK

Board and

Board Committees

Group Executive Committee and Executive sub-Committees

Business Unit Executive

Committees and

Corporate Support

Functions

S TR ATEGIC

FR AMEWORK

Strategic

Objectives

Financial

Objective

Sustainability

Goals

RISK MANAGEMENT	A SSUR ANCE	S TANDARDS AND
FR AMEWORK	FR AMEWORK	QUALIT Y FR AMEWORK

Group Risk Management and
	Internal Control Policy		External Audit			Group Policies
Review of the Eectiveness of the		Internal Audit
	System of Internal Control
Principal Risk Self-Assessment		Group Compliance
	Risk Appetite Statement		Group Safety, Health			Governance
				and Environment
	Viability Assessment				Manuals
		Large Capital
	Key Risk Indicators
		Projects Services
Business Unit Principal Risk
	Self-Assessment	Business		Business Unit, Policies,
					Procedures, Processes
	Assurance Evaluation	Assurance
			and Systems

Risk Blueprint

4SSE PLC Group risk report 2020/21

5

RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK

Within SSE, we apply the fundamental principle that everyone who works for us is responsible for the management of risk.

Group Risk Management and Internal Control Policy:

The policy consists of clear principles and sets out roles and responsibilities which guide the risk management culture within SSE. These include:

- That everyone at SSE is responsible

for the management of risk. All

employees must understand and

manage all risks that threaten

the achievement of objectives or

work conducted in the year to improve the control environment and making a recommendation on the overall effectiveness of the System of Internal Control.

In addition, when undertaking the review, the Committee considers the Assurance Evaluations undertaken annually by the Managing Directors of each of SSE's Business Units.

Principal Risk Self Assessment

course of the year the suite of severe but plausible scenarios has continued to be developed for each of SSE's Principal Risks. These scenarios are based on relevant real life events that have either been observed in the markets within which the Group operates or related markets globally. Examples include critical asset failure (for Energy Infrastructure Failure); changes to key government energy policies (for Politics, Regulation and Compliance); and the impact of the loss of key systems (for Cyber Security and

Risk Management. This provides an opportunity for each Managing Director to identify areas where controls could be improved or where assurance arrangements require to be strengthened. Planned improvements are then tracked with updates reported to the Chief Executive on a regular basis.

Risk Blueprint

SSE Risk Blueprint is a best practice guide to risk management that is available to anyone who requires it within the Group. The Blueprint is reviewed on an annual basis in line with the review of the Group Risk Management and Internal Control Policy.

compromise the SSE SET of values

which, in turn, help define our

corporate culture.

- All decisions must be made with full

consideration of the risks involved.

This principle is reflected in SSE's Risk

Appetite Statement and underpins

our disciplined approach to

decision-making.

- The Board of Directors is

accountable to SSE's customers,

investors, employees and other

key stakeholders, and has ultimate

responsibility for the effectiveness of

SSE's management of risk

Review of the Effectiveness of the System of Internal Control:

The Board is required to carry out a review of the System of Internal Control each year in accordance with the UK Corporate Governance Code ("the Code"). The Board has delegated responsibility for reviewing the System of Internal control to the Audit Committee. This covers

all material controls including financial, operational and compliance controls.

To assist the Committee's review of the System of Internal Control, all elements are evaluated by key stakeholders. These evaluations are assessed by the Finance Director and a letter is provided to the Audit Committee summarising the

SSE's Group Executive Committee and relevant sub-committees are assigned oversight of each of SSE's Principal Risks, and a full review of these is carried out each year which includes the effectiveness and appropriateness of all relevant controls, detailed analysis relating to monitoring information and comprehensive scenario impact analysis. The deemed change in materiality of each risk is also included within these assessments.

The outputs from these committee assessments are then presented to the Group Executive Committee for full review, with any emerging risks or additional material changes resulting from this being proposed to the Board for approval.

Risk Appetite Statement

As required by the Code, SSE's Risk Appetite Statement, as defined by the Board, sets out clearly the nature and extent of risk that the Group is willing to take in order to achieve its strategic objectives, and key decision-making is aligned with this Statement.

Viability Assessment

Provision 41 of the Code requires Directors to make an annual statement of the longer term viability of the Group. To help support this Statement, over the

Resilience).

Scenarios that have the greatest potential to adversely affect SSE's ability to deliver its vision, strategy and purpose are stress tested against forecast available financial headroom. In addition to considering these in isolation, the Directors also consider the cumulative impact of different combinations of scenarios, including those that individually have the highest impact .

Key Risk Indicators

As part of the ongoing assessment of the Group's Principal Risks, Key Risk Indicators (KRIs) are reported to SSE's various oversight committees on a regular basis. These provide high level insight into key risk factors which are likely to influence SSE's exposure to these risks.

Business Unit Risk Approach

The Group Risk Management and Internal Control Policy allows flexibility for the Managing Directors of SSE's Business Units to tailor operational risk management to the specific requirements of their business areas.

Assurance Evaluations

The Managing Directors of each of SSE's Business Units carry out an annual Assurance Evaluation covering key management areas, including

RISK MANAGEMENT

FR AMEWORK

Group Risk Management and

GOVERNANCE

S TR ATEGIC

Internal Control Policy

A SSUR ANCE

FR AMEWORK

FR AMEWORK

FR AMEWORK

Review

of the Eectiveness

of the

System of Internal Control

Board and

External Audit

Internal Audit

Board Committees

Strategic

Objectives

Principal Risk Self-Assessment

roup Compliance

Group Executive

Financial

roup Safety, Health

Committee and

Risk Appetite Statement

and Environment

Objective

Executive

sub-Committees

Large Capital

Projects Services

Viability Assessment

Sustainability

Goals

Key Risk Indicators

Business Unit Executive

Business

Committees and

Assurance

Corporate Support

Functions

Business Unit Principal Risk

Self-Assessment

Assurance Evaluation

Risk Blueprint

S TANDARDS AND

QUALIT Y FR AMEWORK

Group Policies

Governance

Manuals

Business Unit, Policies,

Procedures, Processes

and Systems

6SSE PLC Group risk report 2020/21

7