Building a system to evaluate the leadership's ability to meet corporate goals.
Nominating committees and CEOs need to ask hard, fundamental questions about their own...
Energy Risk Management: Rise of the Chief Risk Officer
is RAROC-risk adjusted return on capital," says Gordon Allott, a vice president with KWI North America. "It's still undefined for the energy business, but the fundamentals of RAROC would bring in asset risk, market risk, and counterparty credit risk. Also, foreign exchange and interest-rate exposures are important. We are bringing those together in the not-too-distant future."
Already, some systems incorporate exchange-rate risks, and integrators are knitting various platforms together to obtain an integrated perspective on companies' risks. However, non-quantitative risks, such as regulatory and operational risks, will probably remain outside the scope of computer modeling for the foreseeable future.
Companies need not stand by and wait while programmers design better boxes. The key to successful risk management is not in having the biggest, best modeling system, but in executing the fundamentals. These can be summarized in several key steps:
- Obtain senior executive buy-in. The vision for creating a risk-management culture must start at the top. The CEO, CFO, and board of directors all need to understand how risk can influence the performance of the company.
- Establish a risk committee. A core group of senior executives should assemble to develop and implement the risk-management strategy.
- Study risk exposure. Examine each part of the organization to determine what risks it faces. Evaluate the likelihood, magnitude, and effects of these risks on the business.
- Prioritize the risks. Focus on managing the most important exposures first.
- Create a reporting process. Develop a workable reporting structure. Establish consistent methods for assessing and reporting the status of risks, and implement a simple rating format-such as a "stop light" system-that informs executives quickly and concisely.
- Set risk policies. Establish guidelines, limits, and triggers for important and routine risk exposures.
- Communicate goals, policies, and limits throughout the organization. Train business managers in the rationale, imperatives, and objectives that are driving this change. Use the system in the decision-making process. Hold business-line leaders accountable for enforcing risk policies and reporting the status of their exposures.
- Continue developing the system.
This approach might seem simplistic, but it incorporates the major stages in the process of creating an effective, global risk management system. Such a system need not be obsessively quantitative, nor should it be expected to quickly reach some arbitrary state of finalization. "Organizations don't stay the same. Requirements change," Sempra's Randle says. "We have a stable and completed platform that is undergoing continual adjustment. We are always looking for the optimum solution to meeting those requirements."
Perhaps no risk-management system can ever be considered perfect or 100 percent complete, but even a minimalist process can inform executives' risk-taking decisions. And reports from the field suggest that progress in this direction is paying dividends.
"Rating agencies have been very pleased with what they've seen in our risk-management capabilities," says Randle. "It's been a factor in maintaining our solid credit rating. And because we're emerging as one of the stronger credits of the energy trading business, our business in unregulated markets has seen deals that it hasn't in the past."
Companies that develop solid risk-management competencies-and use them to refine their