Public Utilities Reports

PUR Guide 2012 Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

Derivatives in the Boardroom?

Positioning the risk professional in the corporate hierarchy.
Fortnightly Magazine - June 1 2002

Australasia might be the better bet.

The CRO as risk manager, therefore, uses risk data to inform project and business decisions, allocate risk capacity (risk capital) to various business lines, and monitor performance on a risk-adjusted basis. In fact in many energy companies of today's deregulating environment, performance attribution may be the most important function of the CRO.

The CRO as Risk Controller

Risks lurk on and off our balance sheets. Some are disclosed, others are footnoted, but much risk is invisible to those who scour financial statements for crumbs of insight. Risk ebbs and flows while financial statements take stop-action snapshots. Yet most corporations take only baby steps toward understanding and quantifying risk in their portfolios. Some hire consultants to provide lists of hundreds of risks, but they rarely quantify the size, manageability, and impact of the risks in question.

One must take risks to profit as a necessary matter of growth and progress. This is a legitimate part of the business process and as such, the risk undertaken should be completely overt. In fact, risk management in most organizations is the identification, measurement, and minimization of risks. But those who are over-zealous in pointing out risks sometimes imperil the potential profits of a venture seen as too risky to continue or start. Self-appointed risk managers are often pariahs, isolated and alone. They sacrifice career potential for truth, a personally damaging tradeoff. Perhaps former Enron Vice Chairman J. Clifford Baxter, who committed suicide, and Sherron S. Watkins, the Enron whistle-blower who testified before Congress, fall into this category.

For these reasons, the CRO as risk controller cannot work directly for the CFO or CEO. He must report to the audit committee. Yet even if the position is structured correctly, several problems remain. Would Enron's risk manager have been able to see the hidden risks in the securitization deals? Would he be able to draw experience from many different industries to identify hidden risks? Would he or she have the breadth of practical knowledge to identify market, credit, operational, model, legal, systems, competitive, and other risks?

The CRO as risk controller must be a jack-of-all-trades, able to identify all the relevant risks and ensure they are being reported, measured, and managed properly. () In this role, he or she must be able to credibly represent to the board, senior managers, and credit analysts how the risks are being identified, measured and managed. It is the responsibility of the audit committee to ensure that the CRO as risk-controller has the necessary resources-staff or independent consultants-to get the job done.

Efficient Risk Management Structure in the Corporation

In most large corporations, the CRO function should be separated into two parts according to the two distinct and conflicting functions often ascribed to the CRO. The first role-the CRO as risk manager-should report to the CFO. Risk capital is as important as cash capital, and measures of capital, risk, and return need to be consistent throughout the organization.

The second function-CRO as risk-controller in chief-cannot report to a business head, but must report to the audit