4/20/2020 Understanding Enterprise Risk Management for Utilities © Copyright 2007, CCRO. All rights reserved. 11 insights and gaining buy-in from key stakeholders outside the company. This alignment is unquestionably an advantage for the utility that is trying to communicate the insights it has gained from its risk management function. Outside stakeholders such as investment banks, regulators, or rating agencies often have built their risk management expertise from their experience in the financial industry and the use of familiar risk categorizations is a distinct advantage. An orderly and exhaustive accounting for risks Even in the early stages of building an enterprise risk management framework, risk managers become increasingly aware of the diversity of risks at hand. Any energy company that makes an honest attempt to tally its risks finds a daunting spectrum of exposures which seriously challenge attempts to grasp the big picture. However, with an orderly accounting of these many risks, managers can begin to see a sensible way forward. Risk categorizations are the foundation to this orderly accounting. An effective ERM framework must be built on a risk accounting (or taxonomy) that can be called mutually exclusive and collectively exhaustive, or “MECE”. The four risk categories – Market, Credit, Operative, and Business – support MECE risk accounting at least to the greatest extent practicable. Attention to “mutual exclusivity” (the ‘ME’ in MECE) seeks to avoid double-counting. Inter- relationships between risks are carefully assessed, and underlying drivers of any particular risk must be understood. In this way, models and subsequent analyses are attentive to the many influences that one risk may have on another and are designed to acknowledge them. “Collectively exhaustive” (the ‘CE’ in MECE) means that no risks are missed. The risk taxonomy should not intentionally nor unintentionally exclude any sources of risk. Otherwise, model or assessment results are sure to provide incomplete messages which could prove to be costly errors. Furthermore, insights presented may fall apart when challenged if specific risks are excluded without robust explanation for their absence. The CCRO has available an exhaustive taxonomy, listing many detailed risks and where they fall into the four broad categories. It is true that in reality, few occasions of pure ‘MECE-ness’ are found. Nevertheless, attention to the MECE rule brings light to any interrelationships that need to be understood and will help management avoid having critical gaps in its analyses. Highlights stakeholder perspectives on risk The four categories for risk are also helpful to the risk manager proposing actions to address the risks measured. Actions that are arguably well aligned with stakeholder perspectives on risk are Advancing best practices for today’s competitive energy markets. • Price levels • Price volatilities • Interest rates • Currencies… • Counterparty credit • Concentrations • Country/political • Default… • Hazard • Interruption • IT systems • Trading control failures • Technical models • Behavior…. • Competitive landscape • Planning • LT supply & demand • Substitutes • Regulations • Infrastructure… Orderly Accounting for All Kinds of Risks is Needed Price levels Volatilities Hazard Behavior Infrastructure Credit Currency Supply and Demand Technical models IT Systems Concentration Interest Rates Default Interruption Regulations Country Planning Landscape Substitutes Trading control failure