Strong CROs: More Important Than Ever


How important is the risk function at your company?

How important is the risk function at your company?

Fortnightly Magazine - April 2007

How, in the post-Enron environment, can some utilities continue to ignore the benefits of, or downgrade the importance of, the chief risk officer (CRO)? As many utilities retrenched and divested themselves of risk-creating businesses such as energy trading and merchant-power development, they were lulled into the belief that they simultaneously had divested themselves of all risk.

To an outside observer, it would appear that the risk-management function within utilities is now less critical or even wholly unnecessary. Despite this false sense of “security,” volatility is extreme, assets are being run more aggressively with less room for forgiveness, and the regulatory environment is unpredictable at best. With these and other factors taken into account, it is safe to say that the CRO function, and its associated infrastructure, risk culture, and staffing requirements has become more important than ever, and investment analysts are taking note and keeping score.

The majority of senior management at utilities were, of course, keenly aware of the need for serious and focused risk management when they became involved in large-scale energy trading and marketing activities during the heady days of the 1990s and early 2000s. However, as post-Enron capital and credit constraints became insurmountable hurdles, many utilities were forced to evaluate their stomach for risk and volatility. Several chose to shut down, or sell off trading/marketing subsidiaries. As utilities implemented a “back-to-basics” strategy, some boards of directors and top executives chose to relax their vigilance in the area of risk management under the false assumption that the risk-creating businesses had been discontinued. As a result, some organizations eliminated the CRO function entirely, and some allowed the discipline to be “spun off” along with the trading function.

Utilities may have retained some staff in middle-office positions who once reported to a CRO, but they now are under the umbrella of the responsibilities of a CFO or a controller. No longer is there an independent, risk-savvy, strategic thinker at the top of the risk-management pyramid who has the mission and authority to identify, quantify, and mitigate enterprise-wide risk. In other cases, the CRO remains, but the risk function is perceived as less important than it once was. The CRO may be working with a smaller staff than before, or may have been pushed downward in the management hierarchy.

Risk Remains

Despite all these changes, the risks remain, and they are as big as ever. Utilities still are “trading around their assets,” still buying and selling wholesale commodities in a complex and volatile market, and still exposed to a substantial amount of regulatory risk. They must deal with many more uncertainties, from the huge volatility in the price of energy in the last few years to the ripple effects of these wild commodity swings on the creditworthiness of counterparties.

As many companies have exited trading, the remaining ones have assumed larger and larger roles. If one of the remaining players performs badly,