Volume 2 — Governance and ControlsGovernance and Controls © Copyright 2002, All rights reserved 6 ROC ― Responsibilities and Duties • Review and approve the risk policy and oversee enforcement by corporate risk management and the middle office. • Ensure that risk management objectives, risk tolerances, and limits are employed throughout the organization. • Review and approve the risk management strategy proposals around each affiliate’s business plan. Each proposal should be reviewed for strategic fit, risk exposure monitoring, and reporting and control requirements these should be consistent with each affiliate’s approved yearly business plan. • Periodically review any risk management program approved in light of recent market changes, and ensure continued compliance with its established guidelines. (Perform a detailed review at least once a year.) • Review and approve new products, markets, trading locations, and trading offices. • Formulate risk management strategy and policy necessary for new product or market implementation. • Require and review regular risk reports prepared by the corporate risk management department and/or the middle office. These must include, but need not be limited to, the following: − Profits and losses (P&L), both realized and unrealized. − Open positions. − Limit utilization. − Status of exemptions and exceptions. − Credit utilization. • Periodically engage an independent audit (internal and/or external) of risk control processes and procedures. • Understand which trading activities are accounted for using mark-to-market (MTM) accounting and which using accrual accounting. • Approve the level (from individual trader to front-office management) at which authority to conduct trades in both MTM and accrual books resides. • Hold formal ROC meetings at least monthly. Standing agenda items should include, but not be limited to, current trading strategy, review of current exposure position, control requirements/enhancements, and review of counterparty credit exposure. • Perform an annual review of trading policies and codes of ethics. This includes review of disciplinary actions upon violation of ROC policies and procedures. (Note: The CCRO supports the principles and objectives of the Electric Power Supply Association (EPSA) Code of Ethics and encourages companies to implement this code or augment existing codes of ethics to embodies its principles.) • Enforce disciplinary action upon violation of ROC policies and procedures. • Ensure that transacting and risk management personnel are appropriately skilled. • Review the infrastructure supporting risk management (human resources, analytical tools, reporting procedures, etc.) and ensure that it meets the requirements for risk oversight and compliance • Review compensation policies to ensure that they are structured so as to avoid incentives for excessive risk taking.