Leadership Lyceum

Leadership Lyceum: A CEO’s Virtual Mentor

This podcast series focuses on corporate and industry strategy and trends from the direct vantage point of key industry leaders. Subscribe to the podcast at Apple iTunes. Interviews with Tom Fanning and Bob Flexon are available, as well as one with Joe Rigby, Bob Skaggs and Les Silverman.

See Podcasts

Public Utilities Reports

PUR Guide Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

Beyond Sarbanes-Oxley

Energy Trading & Risk Management: How to evaluate risk and improve decision-making capabilities.

Fortnightly Magazine - October 2005

In an effort to comply with Sarbanes-Oxley, many companies spent thousands of hours assessing controls around financial reporting. When all was said and done, their main complaint was that the efforts failed to focus on the key processes, reports, and systems the companies used to make daily operational decisions.

This is where enterprise risk management (ERM) enters the picture. ERM was a methodology that was discussed by many organizations several years ago. Some utilities even implemented certain aspects of ERM, but broader application of the concept was shelved as problems developed within the energy trading sector. The reality is, most utilities applied components of ERM to specific risks, namely commodity market risks and interest-rate risks. This was a great place to start but, unfortunately missed many other important risks within these companies, such as operational risks, integrity risk, compliance risk, strategic and reputation risk, .

Boards of directors also have a heightened sense of need regarding governance and control infrastructure, given the current environment. The Committee of Sponsoring Organizations (COSO), the same organization that set forth the standards that most companies are using for compliance with Sarbanes-Oxley, recently introduced an integrated framework for ERM. Boards are under increasing pressure to understand how management is assessing and managing risks across the organization. This expectation has, in turn, increased the pressure on management. Yet, research consistently indicates that six of 10 senior executives "lack high confidence" that their company's risk-management practices identify and manage all potentially significant business risks.

With a heightened focus on risk management, it has become increasingly clear that traditional risk-management approaches do not adequately identify, evaluate and manage risk. Traditional approaches tend to be fragmented, treating risks as disparate and compartmentalized. These risk management approaches often limit the scope to managing uncertainties around physical and financial assets. Because they focus largely on loss prevention, rather than adding value, traditional approaches do not provide the framework most organizations need to redefine the risk management value proposition in ways that better reflect this rapidly changing world.

An ERM approach integrates risk management with existing management processes, identifies future events that can have both positive and negative effects, and evaluates the effectiveness of strategies for managing the organization's exposure to those possible future events. ERM transforms risk management to a proactive, continuous, value-based, broadly focused, and process-driven activity.

A New Approach

ERM differs from traditional risk-management approaches in terms of focus, objective, scope, emphasis and application. It aligns strategy, people, process, technology, and knowledge. The emphasis is on strategy, and the application is enterprise-wide.

Under an ERM approach, management's attention is directed to the uncertainties around the enterprise's entire asset portfolio, including intangibles such as customer assets, employee and supplier assets, and such organizational assets as its differentiating