4/20/2020 Understanding Enterprise Risk Management for Utilities © Copyright 2007, CCRO. All rights reserved. iii Figure E.1: RISK MANAGEMENT CONTINUUM This continuum demonstrates that risk management practices can vary from individual business unit or even departmental risk management to fully integrated cross-company risk aggregation, monitoring and management. The intent of this paper is to provide guidance to utilities that are implementing or improving ERM frameworks. Such frameworks are not prescriptive, one-size-fits-all endeavors. Rather an ERM framework must balance the utility’s risks, business and regulatory structures and current risk management practices and governances. The guidelines published herein are intended as objectives to strive toward, only to the extent that it is practical and useful in managing the individual utility’s risk. Further, the full implementation of an effective ERM framework may be iterative, with each iteration improving on the framework. Therefore, each utility must consider where they are on the Risk Management Practices Continuum. Figure E.2: Risk Management Practices Continuum Many utilities may be tempted to strive for ‘industry best practice’ in developing all aspects of an ERM Framework. However, some particular ‘industry best practices’ may in fact not be a necessary part of the most efficient and effective ERM program for an individual utility. Instead, the utility must aspire to implement those practices that close performance gaps by identifying and effectively managing the risks it faces. Unlike ‘industry best practice’, appropriate practices will vary from utility to utility depending on business model, size, etc. Figure E.2 demonstrates that utilities should be cognizant of the differences between their current Silos Multi- Silos ERM Integrated Silos Insufficient Best Practice Appropriate Practice Actual Practice Practice Gap Performance Gap