Volume 2 — Governance and ControlsGovernance and Controls © Copyright 2002, All rights reserved 3 1.0 Governance and Controls Governance follows a top-down approach whereby the board of directors1 discusses policies with respect to risk assessment and risk management, followed by the development of strategic policy development and oversight by a senior management-level risk oversight committee (ROC) chaired by a chief risk officer (CRO). Controls should be implemented and aligned throughout an organizational structure, with distinct roles and responsibilities that result in an enhanced control environment. Accordingly, the risk management roles and responsibilities of the board, the ROC, the CRO, and the corporate risk department are organized to support a risk management framework. Note that some companies may not have a corporate risk department if not, the functions may be performed by the middle office. The following information outlines best practices for governance and control of energy trading and marketing operations and related risk management activities. Governance and controls will enact organizational setup, policies, and procedures that support the company’s business models, establish risk tolerances, and segregate responsibilities for the front, middle, and back offices. While this white paper is primarily focused on risk controls and governance to support energy trading and marketing activities, readers should recognize that the board and corporate officers have broader responsibilities. Specifically, this document outlines governance responsibilities of the board, the ROC, and the CRO and then steps through the risk control responsibilities and duties of the front, middle, and back offices (the “three-office” structure). This approach has been patterned after that of the banking industry, with adaptations to the intricacies of the energy industry. By formalizing processes for front, middle, and back offices in this structure and implementing a written risk policy, companies may help minimize operational risk, including conflicts of interest. The front office, which executes the company’s risk taking and risk mitigation strategies, has a significant financial impact. Front-office functions include deal execution, initial capturing and logging of a transaction’s specific terms and conditions, and other transaction support roles such as scheduling and nominations. Due to the real-time market opportunities available to the front office, executed transactions have the potential to expose the company to significant market, credit, liquidity, and operational risk. Therefore, an infrastructure of control separate from that of the front office is necessary to monitor market participation. The middle office controls and polices a significant amount of the front office’s activities. Middle office functions include assuring data integrity through deal validation and confirmations, analyzing and monitoring market and credit risks, validating price curves, and reporting risk data to management, in compliance with policies authorized by the ROC. The back office expands the control environment through balance sheet maintenance (reconciliations, accounts receivable [A/R], and accounts payable [A/P]), settlements, and financial reporting. 1 The board of directors’ roles and responsibilities can be performed at either the board or board committee level (both are referred to here as “the board”).