Volume 2 — Governance and ControlsGovernance and Controls © Copyright 2002, All rights reserved 47 III POLICIES AND PROCEDURES A company’s corporate ethics and risk policy documents are the primary governing documents for its energy trading and marketing activities. The business unit may create and maintain individual policies specific to the company’s business and markets, but these must conform to the corporate policies. Such policies should include (but are not limited to) a prohibition of trade on personal accounts disciplinary action in the event of a violation delegation of authority hedging guidelines authorized traders, commodities and products and core risk measures. All policies should be approved by the ROC, and the corporate risk policy should be approved by the board (see section I for more detail). All personnel engaged in trading and marketing activities should review the policies and sign an acknowledgement statement at least once a year. In addition to setting up the processes and standards for the company, a risk policy also defines the authority of the personnel involved in the process. The following are general principles for designating authority in the organization (according to the recommendation of the Group of 30): • Management of energy providers and end users should designate who is authorized to commit their institutions to derivatives transactions. • Authority may be delegated to certain individuals or to persons holding certain positions within the organization. • Management may choose to limit authority to certain types of transactions—for example, to certain maturities, amounts, or types of underlying risks. • Communication and information are essential to this process. 1.0 Risk Policy The following is an outline of the contents of a typical policy and procedures manual for an energy trading and marketing company. Companies with operations other than trading and marketing may have broader risk management issues that are addressed in their risk policy accordingly, the various roles and responsibilities of specific functions may be broader than those risk management issues solely focused on trading operations. The policy should provide guidelines for the establishment of supplementary policies and operational procedures at each business unit. Depending on the corporate structure, a company can have risk policy and procedures that are enterprise-wide, as well as risk policies for each subsidiary or business unit. A typical risk policy may include the following elements: 1. Policy Introduction • Purpose of policies. • Scope of policy. • Policy establishment, authority, approval, and revision.