Corporate Risk: What Does Management Really Know?


A short list of questions that every board member and senior manager should be able to answer.

A short list of questions that every board member and senior manager should be able to answer.

Fortnightly Magazine - February 2005

“We pursue a disciplined approach to risk management" says the CEO of a major utility during the company's earnings call with analysts and investors. In this era of increased scrutiny over corporate governance, how can senior management and the board be certain that this statement is accurate, and where does the discipline begin?

Senior managers and board members cannot be expected to know every detail of risk management, but by asking a handful of questions, they should gain a comfortable understanding of the firm's risk-management strategy and control structure.

Asking the following questions of the risk management staff sends a clear signal to the organization that risk management discipline is not something to be delegated to the "financial guys," but is a high-level priority.

1. How do we decide how much risk is the right amount of risk?

Defining the appropriate risk tolerance for a utility is a difficult business. Different stakeholders have different tolerance for risk. For example, debt holders want less risk than equity holders. Risk tolerance is also a function of profitability: We are willing to take more risk when we are very profitable.

Capital adequacy standards that help banks determine risk tolerance have been slow in coming to the utilities. Standard and Poor's recently produced its own version of capital adequacy standards for utilities, which, when combined with various other financial ratios, provide a meaningful benchmark to help determine the appropriate risk tolerance for a utility. For example, if variations in spark-spreads result in a 20 percent chance that interest coverage may fall below ratio targets, then a hedging program should be initiated to reduce the probability of the interest coverage shortfall to a level consistent with the company's credit rating and risk tolerance.

2. Are our limits adequate and appropriate?

Since risk management techniques were developed in the banking sector to describe the risks surrounding financial products and traded derivatives, utility risk managers rightly applied them to their trading and hedging activities. Unfortunately, that left out the largest risk an average utility faces: operating a fleet of assets while serving a large and variable retail load base. Traditional risk measures and limits are unsuitable for such operations. Yet most utilities continue to try to bang a round peg into a square hole. Why?

The typical answer is that they don't have the ability to compare long-term plant and load risks to short-term trading risks. There is no doubt that this exercise is more challenging than applying simple value at risk (VaR) measures to a portfolio of transactions, but it is also infinitely more valuable. Risk limits around the generation and load position could be established to ensure that ongoing operations are hedged at the appropriate levels based on benchmark financial and rating agency ratios, while at the same time communicating the firm's risk tolerance to shareholders and