4/20/2020 Understanding Enterprise Risk Management for Utilities © Copyright 2007, CCRO. All rights reserved. 31 and tolerance levels, risk positions and performance objectives. The committee should also address exceptions to risk policies, procedures and/or limits and ensure that business units are capable of measuring, managing, and monitoring their risks. In a recent survey of energy companies, over 80% had established either a board or management level risk committees. In some cases, RMC’s existed at both the board and management levels. Within the business units the responsibility for risk management is to implement risk policies and designated processes. The business unit must have individuals whose job descriptions outline their responsibilities relative to applicable risk policies and processes. In general, the business unit activities articulated in the policies and processes will be to identify, assess, and report on risks confronting their business unit as well as implement risk management actions to maintain operations within limits or at the direction of business unit or corporate management. The following table summarizes the potential roles and responsibilities of the risk management organizational elements. Each policy will carry a different emphasis for each utility. In fact, some utilities may not need to adopt all of the policies shown above. For example, a public power utility whose primary risk management objectives and risk metrics may be focused on maintaining rate certainty and stability may put more emphasis on its hedging policy while an investor-owned utility may not require an energy hedging policy. While the enterprise risk policy structure defines the firm’s risk management philosophy and compliance requirements, the detailed procedures, process and internal control documentation provide the evidence of execution. A periodic comparison of the internal control framework with Enterprise Risk Management and Governance PolicyPolicy Enterprise Risk Management and Governance Trading Authority Policy And CEO Limits Credit Policy Violations and Sanctions Policy Energy Hedging Policy Financial Policy Safety Policy •Umbrella policy that sets overall ERM objectives •Creates expectation of disciplined and controlled process •Establishes ERM framework and governance • Mitigate/ Avoid credit losses • Standards for granting credit • Credit controls • Authority for granting credit • Board required approvals • CEO Authority and delegations • Acceptable trading instruments • Required controls • Signed by those with authority • Clear Consequences for non - compliance of policies • Creates appropriate risk management culture • Establishes Financial objectives for: equity, cash, net margin, key ratios, investment criteria, credit rating target • Audit committee charter • Establishes energy (power and fuel) hedge ranges including time horizon, % hedged, % left to staff discretion • Other energy related energy activities: congestion, capacity, transportation, emissions • Emphasizes priority of safety • Establishes key safety and training functions • Identifies key safety targets Enterprise Risk Management and Governance Policy Enterprise Risk Management and Governance Policy Trading Authority Policy And CEO Limits Credit Policy Violations and Sanctions Policy Energy Hedging Policy Financial Policy Safety Policy • Umbrella policy that sets overall ERM objectives • Creates expectation of disciplined and controlled process • Establishes ERM framework and governance • Mitigate/ Avoid credit losses • Standards for granting credit • Credit controls • Authority for granting credit • Board required approvals • CEO Authority and delegations • Acceptable trading instruments • Required controls • Signed by those with authority • Clear Consequences for non - compliance of policies • Creates appropriate risk management culture • Establishes Financial objectives for: equity, cash, net margin, key ratios, investment criteria, credit rating target • Audit committee charter • Establishes energy (power and fuel) hedge ranges including time horizon, % hedged, % left to staff discretion • Other energy related energy activities: congestion, capacity, transportation, emissions • Emphasizes priority of safety • Establishes key safety and training functions • Identifies key safety targets