Average North America power-plant asset value is at $725/kW.1 Compared with our winter 2005-2006 analysis, this figure has barely changed; however, we have seen significant value...
Derivatives in the Boardroom?
Australasia might be the better bet.
The CRO as risk manager, therefore, uses risk data to inform project and business decisions, allocate risk capacity (risk capital) to various business lines, and monitor performance on a risk-adjusted basis. In fact in many energy companies of today's deregulating environment, performance attribution may be the most important function of the CRO.
The CRO as Risk Controller
Risks lurk on and off our balance sheets. Some are disclosed, others are footnoted, but much risk is invisible to those who scour financial statements for crumbs of insight. Risk ebbs and flows while financial statements take stop-action snapshots. Yet most corporations take only baby steps toward understanding and quantifying risk in their portfolios. Some hire consultants to provide lists of hundreds of risks, but they rarely quantify the size, manageability, and impact of the risks in question.
One must take risks to profit as a necessary matter of growth and progress. This is a legitimate part of the business process and as such, the risk undertaken should be completely overt. In fact, risk management in most organizations is the identification, measurement, and minimization of risks. But those who are over-zealous in pointing out risks sometimes imperil the potential profits of a venture seen as too risky to continue or start. Self-appointed risk managers are often pariahs, isolated and alone. They sacrifice career potential for truth, a personally damaging tradeoff. Perhaps former Enron Vice Chairman J. Clifford Baxter, who committed suicide, and Sherron S. Watkins, the Enron whistle-blower who testified before Congress, fall into this category.
For these reasons, the CRO as risk controller cannot work directly for the CFO or CEO. He must report to the audit committee. Yet even if the position is structured correctly, several problems remain. Would Enron's risk manager have been able to see the hidden risks in the securitization deals? Would he be able to draw experience from many different industries to identify hidden risks? Would he or she have the breadth of practical knowledge to identify market, credit, operational, model, legal, systems, competitive, and other risks?
The CRO as risk controller must be a jack-of-all-trades, able to identify all the relevant risks and ensure they are being reported, measured, and managed properly. () In this role, he or she must be able to credibly represent to the board, senior managers, and credit analysts how the risks are being identified, measured and managed. It is the responsibility of the audit committee to ensure that the CRO as risk-controller has the necessary resources-staff or independent consultants-to get the job done.
Efficient Risk Management Structure in the Corporation
In most large corporations, the CRO function should be separated into two parts according to the two distinct and conflicting functions often ascribed to the CRO. The first role-the CRO as risk manager-should report to the CFO. Risk capital is as important as cash capital, and measures of capital, risk, and return need to be consistent throughout the organization.
The second function-CRO as risk-controller in chief-cannot report to a business head, but must report to the audit