Public Utilities Reports

PUR Guide 2012 Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

Beyond Sarbanes-Oxley

Energy Trading & Risk Management: How to evaluate risk and improve decision-making capabilities.

Fortnightly Magazine - October 2005

a strategy for advancing it.

    It takes discipline to advance the capabilities around managing critical risks. The policies, processes, organization, and reporting that instill that discipline are called "ERM infrastructure." We have asserted that the purpose of ERM is to eliminate significant gaps between the current state and the desired state of the organization's capabilities around managing its key risks. We provided some examples of ERM infrastructure earlier when discussing Step 2. Other examples include a common risk language and other frameworks, knowledge sharing to identify best practices, common training, a chief risk officer (or equivalent executive), definition of risk appetite and risk tolerances, integration of risk responses with business plans and supporting technology.

    ERM infrastructure facilitates three very important things with respect to ERM implementation. First, it establishes fact-based understanding about the enterprise's risks and risk management capabilities. Second, it ensures there is ownership over the critical risks. Finally, it drives closure of gaps.

    ERM infrastructure is not one-size-fits-all. What works for one organization might not work for another. The elements of ERM infrastructure vary according to the techniques and tools deployed to implement the eight ERM components, the breadth of the objectives addressed, the organization's culture, and the extent of coverage desired across the organization's operating units. Management should decide the elements of ERM infrastructure needed according to these and other appropriate factors.

    5. Advance the risk management capabilities for key risks.

      This step begins with selecting the enterprise's priority risks. After the first four steps are completed, it often is necessary to update the ERA for change. Once the priority risks are defined, based on the updated ERA, management must determine the current state of the capabilities for managing each risk and then assess the desired state, with the objective of advancing the maturity of the capabilities around managing those risks. This already has been accomplished for one or two priority risks (see Step 3) . Now management broadens the focus to other priority risks.

      Risk-management capabilities must be designed and advanced, consistent with an organization's finite resources. For each priority risk, management evaluates the relative maturity of the enterprise's risk-management capabilities. From there, management needs to make a conscious decision: How much added capability do we need to continually achieve our business objectives? Further, what are the expected costs and benefits of increasing risk-management capabilities? The goal is to identify the organization's most pressing exposures and uncertainties and to focus the improvement of capabilities for managing those exposures and uncertainties. The ERM infrastructure that management has chosen to put in place drives progress toward this goal.

      Companies in the early stages of developing their ERM infrastructure often lay the foundation with a common language, a risk-management oversight structure, and an enterprise-wide risk assessment process. Some companies have applied ERM in specific business units. A few companies have evolved toward more advanced stages, such as the management of market and credit risks in financial institutions and the management of compliance risks in other industries.

      Wherever a company stands with respect to developing its risk-management process, directors and executive management