FERC’s revised policy provides greater predictability and transparency in the commission’s approach to determining civil and criminal penalties under its statutory authority. Despite a more...
Corporate Risk: What Does Management Really Know?
A short list of questions that every board member and senior manager should be able to answer.
an independent, empowered chief risk officer (CRO) who reports directly to the CEO and to the board. The CRO's responsibilities would include the following:
- Proactive Analysis -Analyze and assess the risks of significant transaction activity, including capital structure and M&A decisions, long-term structured transactions (tolling deals, PPAs, etc.), and hedging policy prior to execution.
- Risk Reporting -Ensure timely, complete, and consistent risk reports from the different business units (regulated, unregulated, trading).
- Communication-Educate and communicate risk information to the board and senior managers at regularly scheduled meetings. This individual also should set the agenda for risk-management committee meetings.
Quality Assurance -Audit deal capture, mark-to-market valuations, risk-measurement models, risk reports, and risk disclosures for accuracy and adequacy.
Failure to appoint an individual for this position, to give the role sufficient authority, or to understaff the function can exact a high price; it signals to the organization that risk management is of secondary importance, and is something that can be done on an basis by the businesses, treasury, or CFO's office.
Failure to give the CRO sufficient independence and authority typically results in the business functions ignoring the CRO's recommendations and marginalizing risk management within the organization. Business unit and trading managers must respect the CRO and his authority for the position to be successful.
Finally, understaffing the risk management function typically ends in its ruin. An understaffed risk management group cannot keep up with its responsibilities to analyze multiple time-sensitive transactions, and the resulting frustration from the commercial teams means the group will not be involved in future transactions.
7. Can I personally summarize and quantify the firm's key risks based on the risk reports I receive?
If you are an executive who receives the weekly, monthly, or quarterly risk reports and aren't sure which end of the report is up, you are not alone! Risk reports developed by quantitative analysts typically require significant refinement to provide a meaningful, accurate, and comprehensible picture of the risks facing today's utilities.
Many companies have no formal non-market risk reports because those risks are more difficult to quantify and communicate. Outage risk, credit risk, and potential collateral requirements are just some of the significant risks that typically go unreported in the monthly or quarterly board package and represent some of the most significant risks facing the business.
Market risk reports typically focus on VaR as the relevant risk measure, but although VaR is a useful tool for communicating the risk of a group of trading positions, its usefulness is questionable when applied to physical assets. Senior management thinks in terms of cash flows and earnings when discussing physical assets, not mark-to-market values.
Risk reports that are not linked to corporate objectives are difficult for non-traders to interpret and understand. There are two alternatives facing senior managers and board members:
- Go back to school in your spare time and get a Ph.D. in statistics; or
- Ensure that the risk management group is communicating risk management information in a set of clear and comprehensible reports that facilitate decision making and input from senior management and the board.