4/20/2020 Understanding Enterprise Risk Management for Utilities © Copyright 2007, CCRO. All rights reserved. 26 A firm’s enterprise risk policy structure is a necessary foundation of ERM. The exact structure and presentation will vary by organization, but taken in totality, the enterprise risk policy structure includes an “umbrella” ERM policy. The “umbrella” ERM policy covers the ERM process, organization and responsibilities that provides specificity about, for example, how specific risks will be managed, which risk measures will be employed, specific authorities, and limits. The figure below illustrates two potential approaches to organizing the enterprise risk policy structure – by risk type and business unit. In practice, larger organizations with diverse business units might employ a hybrid of these “pure” approaches that includes some sub-policies by risk type (e.g. credit risk) and others by business unit. Regardless of the approach employed, key attributes of an enterprise risk policy structure include alignment between the ERM Policy and the sub-policies, and completeness in terms of risk types covered. Figure 2.6: Illustrative Risk Policy Frameworks RISK TYPE SUB-POLICY BUSINESS UNIT SUB-POLICY The key objectives of a risk policy are to clearly articulate: • The specific business activities that are permitted • The roles and responsibilities of individuals and departments in complying with the policy • All risk measurements that will be used to monitor each risk type and • Well-defined limits for each risk type. 2.4.6. Measurement and Reporting The ERM framework encompasses a number of tools that can be used to identify, measure, and monitor risks. Many of these tools have emerged from financial markets, which were generally the first to implement extensive risk measurement and monitoring programs to manage market and credit risk. These risks have been the focus of many energy companies as they reflected the majority of risks born by energy marketers, IPPs and merchant generators. These market and credit risk tools typically focus on metrics related to minimizing losses to the value of an existing portfolio, and are statistically based. For utilities, these metrics may have only limited value for two reasons. First, these methods are based on statistics of highly liquid standardized products such as power and gas swaps. The types of products utilities offer rarely fall in this category,