Adopting digital capabilities to transform operations and processes holds immense promise for utilities. Indeed, it’s the best path to growth.
Risk Management Starts at the Top
How to sort out strategies and weather the storm.
incur. This willingness to accept or avoid risk sends a message to employees, shareholders, and creditors. The risk manager may have helped the board to formulate the risk policy, but should not have formulated the policy for the perfunctory approval of the board. The risk manager then has to implement the board’s policies throughout the organization. Given that the risk manager may have no line authority, and may have to work through senior executives who have their own agendas for the operations under their supervision, it is essential that everyone understand that risk management policies derive from the authority of the board of directors. Otherwise, the risk manager becomes, in the eyes of the line management, just one more meddlesome bean counter sent in by central staff to harass and annoy those who know what the business really is all about. Brett Friedman and Tim Essaye of the consultancy Risk Capital (recently purchased by Towers Perrin) enunciate the type of authority the CRO needs:
Failure to give the CRO sufficient independence and authority typically results in the business functions ignoring the CRO’s recommendations and marginalizing risk management within the organization. Business unit and trading managers must respect the CRO and his authority for the position to be successful. 7
Once policies are in place, the risk manager must monitor activities within the organization—not an easy task in a large firm. Monitoring, furthermore, has to go beyond collecting pieces of paper that claim compliance with the rules. Employees who cheat do not fill out forms explaining what they are doing. Monitoring may require cross-checks and alert supervisors who can spot unusual activities. (Organizations shooting for low risk levels may have to avoid certain activities for no other reason than that they cannot monitor the risks taken with great enough certainty).
The risk manager, then, has to compare activities underway with the policy guidelines, make necessary changes in risk management procedures to assure compliance with the guidelines, and report back to the board on a regular basis.
The risk manager might, instead, report to one of the top executives, such as the chief financial officer. That chain of command might work well in an organization that, as a matter of policy, engages in minimally risky activities. The indirect line of command, however, may remove the board from active discussion of risk management, and may not make clear to the board that some seemingly low-risk activities really involve high risk to the corporation. Risk management, probably, requires explicit discussion by the boards. In addition, the compensation of the risk management staff needs to be independent of, and not tied to, the performance of the energy trading business or market operations. 8 Otherwise, the trading organization can hold the risk managers hostage by controlling compensation, advancement, or allocation of resources.
Oversight of Trading
In designing a corporate structure for a trading operation, it is essential to separate the operation and oversight of the front, middle, and back offices.
The front office executes the firm’s strategies with respect to trading and managing risk through the purchase and