With nuclear energy again being viewed as part of the solution for the United States’ energy needs, a number of companies are starting the early permitting and licensing process. Meeting budget...
Betting Against the Gods
In search of the Holy Grail of utility risk management.
bond holders and other clients, and some investor groups and banks remember they were burned by the Enron debacle. As a result of pressure from stakeholders and new financial disclosure laws such as Sarbanes-Oxley, risk-management systems have become more prevalent at utilities, Parkinson says. Parkinson says it also has helped that groups such as the Committee of Chief Risk Officers have done much to create a level of standardization in risk management practices amongst the industry.
However, today many of these systems are outdated, and few utilities have the sophistication in their traditional risk management systems that are called for in today’s energy industry. Many utilities are at varied levels of risk-management sophistication.
Nevertheless, some utilities are taking the lead in managing the new risks, as new more sophisticated systems and services are becoming available.
Not Just About IT Systems
In outlining his company’s enterprise-wide risk-management program, Kent M. Harvey, senior vice president and chief risk and audit officer for PG&E Corp., believes an emphasis on IT systems is just one part of a comprehensive risk-management program at the company.
“It’s not about a huge capital investment in an IT system. We have those in the commodity area because that requires that. From my perspective, I view enterprise risk management as something that is about my fiduciary duty to better manage the company,” Harvey says. He explains that what he has done is brought together PG&E Corp.’s senior executives to go through a structured, thoughtful process, to make sure that the company is thinking about its key risks in the right way, and that there are good strategies in place to manage them.
He notes that very often utilities that undertake a program such as this fail because they make it too complex.
“There are companies that have tried and failed to put an enterprise system together. The biggest risk is that you try to make it too complex. You try to quantify things that are almost inherently impossible to quantify and you get bogged down. People are spending their resources on the system, and they are not seeing any business benefit. It is like they almost view it as something from corporate that is a requirement to do rather than this is going to help us be successful as a company or as a business,” he says.
Harvey emphasizes keeping things simple and linking them to the business.
“We engaged the senior team. We have identified a single officer level person who owns each risk. My job as chief risk officer is to set up a structure with roles and responsibilities and a process so they can do that effectively and we can have good visibility around what is happening.”
One risk PG&E Corp. senior executives identified as high on the list is electric and gas procurement—one of many identified risks that came as no surprise, Harvey says. But the process allows the company management to make sure it is thinking about the risks and actively managing them.
“We have the commodity risk. We have other ones that are more event