GUIDELINES ON ESTABLISHING A RISK MANAGEMENT FRAMEWORK AND POLICY Committee of Chief Risk Officers February 18, 2005 THE COMMITTEE OF CHIEF RISK OFFICERS (“CCRO”) GRANTS USERS A REVOCABLE, LIMITED, NON-EXCLUSIVE, NON-SUBLICENSEABLE, NON-TRANSFERABLE LICENSE TO REPRODUCE THIS DOCUMENT SOLELY FOR INTERNAL, NON-COMMERCIAL AND EDUCATIONAL PURPOSES ALL OTHER RIGHTS ARE RESERVED BY THE CCRO WITHOUT LIMITING THE FOREGOING, THE CCRO DOES NOT CONSENT TO THE REPRODUCTION OF ANY OF ITS DOCUMENTS FOR PURPOSES OF PUBLIC DISTRIBUTION, SALE OR ANY OTHER COMMERCIAL USAGE ATTRIBUTION TO THE CCRO, AS THE COPYRIGHT OWNER, IS REQUIRED IN ALL CASES TABLE OF CONTENTS I INTRODUCTION .3 II FIRMWIDE RISK MANAGEMENT POLICY COMPONENTS .4 2.1 Scope, Objectives and Purpose 2.2 Discussion of Management Philosophy 2.3 Identifying Risks 2.3.1 Market Risk .6 2.3.2 Reliance or Credit Risk 2.3.3 Operative Risk 2.3.4 Business Risk 2.4 Governance and Organizational Structure .7 2.4.1 Governance - Committee Architecture 2.4.2 Governance – Regulated and Non-Regulated Entities Within a Firm 2.4.3 Risk Management - Organizational Structure 2.4.4 Organizational Risk Management Structure and other Company Functions 10 2.5 Enterprise Risk Management 11 III BUSINESS UNIT RISK MANAGEMENT POLICY COMPONENTS 11 3.1 Introduction 11 3.2 Risk Measurement 12 3.2.1 Enterprise Risk Metrics 13 3.3 Risk Limits and Guidelines 13 3.4 Risk Analysis and Reporting 15 3.5 Risk Management and Commercial Decision Making 15 3.6 Remedial Actions 16 IV CONCLUSION 17 APPENDIX A – BEST PRACTICE BIBLIOGRAPHY 18 APPENDIX B – RISK COMMITTEE CHARACTERISTICS .29 Appendix C – Risk Committee Structures 30 APPENDIX D – RISK MANAGEMENT STRUCTURES WITHIN ORGANIZATIONS 32 I INTRODUCTION The increased relevance of an energy company’s risk management policy and the importance of deriving such policies directly from risk tolerance as defined by the Board of Directors (“BOD”), or by senior management as delegated by the BOD, requires companies to either revisit their current risk management policies or develop a formal risk management framework and policy Energy firms should have a formal commitment to and cultural understanding of risk management across the organization The risk management framework and policy should provide: (1) for the delegation of the appropriate authority to management to manage risk, (2) the corresponding criteria to manage risk within the firm including risk tolerances, 3) a clear segregation of responsibilities around analysis and management of risks, and 4) a delineation of the communication channels needed to report risk management issues and concerns to appropriate levels in the Company The formal risk management policy should address both effective communication of risk and specific compliance requirements for each energy company The Committee of Chief Risk Officers (CCRO) was formed in an effort to compile risk management best practices for companies participating in energy markets The CCRO is composed of Chief Risk Officers from leading companies that are active in both the physical and financial energy markets The CCRO is committed to opening channels of communication and establishing best practices for risk management in the industry This position paper strives to address the necessary components of an effective energy risk management policy document without providing a “how to manual” level of detail that would be more typical of a CCRO white paper It identifies best practices in risk management, recognizing that not every practice can be incorporated into a company’s unique risk management framework This paper strives to provide a “roadmap” for developing an effective risk management policy that identifies the distinctive elements as they relate to the different segments of the industry This paper allows flexibility incorporating such components within a company’s formal risk management policy documentation – it is not in the scope to advocate an appropriate number or hierarchy of risk management policy documents within a firm For example, companies may have both corporate and business unit risk management policies as well as separate risk management policies for different risk categories such as market and credit risk In addition, companies may decide to address certain risk management issues in other corporate policies The purpose of this position paper is to identify the types of risk management issues that should be addressed and not dictate the ultimate policy document CCRO documents are referenced within the body of this paper and also in a bibliography, including abstracts, contained in Appendix A Again, the objective of this paper is to provide a components checklist or “roadmap” necessary for the development of an effective energy risk management policy Specifying the operating steps necessary at each level of the organization to implement the policy procedures and processes is not part of the scope Notwithstanding this paper’s focus, it is recognized that many firms elect to include procedural content within their risk management policy – that is a valid method to organize and communicate both policy and procedures within a company This paper is organized into two primary sections; a firmwide section that addresses the global components that should be universal to any risk management policy, and a business unit section that focuses on the risk management policy components where the specific elements are driven by the type of business that is being addressed As an example, governance issues such as risk management committee architecture, middle office independence, etc are global in nature and are included within the firmwide section Conversely, risk measurement, while certainly a necessary component in any risk management policy document, has elements that are very distinctive to the type of business in which risk is being measured; therefore this is contained in the business unit section II FIRMWIDE RISK MANAGEMENT POLICY COMPONENTS This section focuses on those components of a risk management policy that contain elements that are universal to the firm’s business operations The “roadmap” for developing and identifying the components of a firmwide risk management policy are highlighted in the following sections 2.1 Scope, Objectives and Purpose A risk management policy should start with a scope, objectives, and purpose section While the scope should define the applicability of the policy document within the organization, the objectives and purpose of the policy document should center on the need to develop a framework for risk management that addresses the following: • Senior management’s commitment to an effective risk management function to ensure appropriate management and oversight of the company’s risks • The development of an effective risk management function that identifies the process for establishing authorities and responsibilities (governance) and rules and guidelines (protocols) that will identify, measure, monitor and manage those risks that impact the company’s performance objectives • Clearly tying governance and protocols to the risk appetite defined by senior management and/or the BOD and to the appropriate best practices, some of which can be found in Appendix A • Distinctly setting out independence between the commercial and non-commercial responsibilities within the company • The need to keep the BOD and executives aware of the risk exposures of the company and ensuring that the disclosure of significant risks is not at the discretion of senior management • Consistent application of practices to ensure accurate and consistent measuring and monitoring of value and risk • Creating a living document that is revised as methods and approaches in risk management improve and/or management philosophy towards risk tolerance change 2.2 Discussion of Management Philosophy This section should provide a high level overview of the company’s commercial activities and strategies including: • Statement that correlates the company’s tolerance for risk with its business strategies and the willingness to undertake certain risks to achieve its financial objectives Formal recognition of a company’s tolerance for risk may be articulated in a number of ways, including: o A minimum earnings or cash flow level the company is willing to accept o A minimum acceptable credit rating o  Limits or targets on variability measures around the firm’s financial performance – for example: Value at Risk, Earnings at Risk, Cash Flow at Risk, Power Supply Cost at Risk, Rate Volatility (public power, cooperatives, municipalities), etc Managing risk covers the acceptance and management of risk as well as the elimination or mitigation of risk The company’s strategies and activities must be consistent with its tolerance for risk in order for the BOD to approve the risk management policy It is recognized that a company’s business strategy, in terms of the detail contained within this section, may be dynamic in nature and change over the course of time Therefore, it may be more appropriate for a company to address only the most generic aspects of its business strategy within this section Further details may be contained within other parts of its risk management policy that are more easily amended, such as in the appendices 2.3 Identifying Risks This section should define and identify the types of risks and how each contributes to the level of uncertainty around the company’s financial performance Typical risk categories along with high level definitions are as follows: 2.3.1 Market Risk is generally defined as the impact of price movements in energy, foreign exchange, interest rates, etc on the financial performance of the company 2.3.2 Reliance or Credit Risk is the risk of loss caused by a counterparty not fulfilling its obligations A firm’s financial objectives include the ability for the company to create economic value and to possess adequate financial liquidity to meet its ongoing obligations 2.3.3 Operative Risk includes the following: o  Operational risk - The risk of direct or indirect loss resulting from inadequate or failed internal processes, people, and systems or from external events o  Operations risk - The risks associated with physical assets or delivery of energy commodities 2.3.4 Business Risk is the risk surrounding the uncertainty in the business environment in which companies conduct its operations Examples include: o  Changes in the regulatory environment o Competitor landscape and substitution of products/services o Shifts in the supply/demand for products/services o Reputation damage (Headline Risk) o Business continuity risk, i.e maintaining the integrity of the business in the event of a disruption o Security Risk These are broad risk areas Depending upon the business operations, there may be more detailed classifications of risk within each category For example, other risks such as volumetric risk, liquidity risk, performance risk, instrument suitability risk and other risks may play a large role in certain energy businesses It is difficult to quantify the impact of each and every risk on a firm’s financial performance, particularly certain aspects of operative risk and most areas of business risk In these cases, there are numerous qualitative techniques to address the impact of these risks such as using a risk matrix or a scorecard approach These methods are defined in more detail in the upcoming CCRO white paper on Enterprise Risk Metrics 2.4 Governance and Organizational Structure A risk management policy emanates from the highest level of an organization, at the BOD A clear path for managing risk starts at the BOD and senior management The BOD and senior management’s roles should include: • Being a major advocate of risk management within the organization • Being aware of, understanding, and supporting risk management activities across the organization • Approval of major strategies and associated risks the organization will take within the approved risk tolerance of the firm • Delegating the authority for managing these risks through a formal committee structure, or delegation policy 2.4.1 Governance - Committee Architecture There should be a structure in place which ensures the risk management function is ultimately accountable to the BOD through the company’s Audit Committee or other appropriate means Audit Committees are now charged with more responsibilities in the areas of risk assessment and risk management Recent mandates from the SEC, NYSE, NASDAQ, and other key stakeholders, address these responsibilities (see Appendix A) A risk management committee structure provides a level of transparency and shared accountability within an organization that allows more effective oversight of risk issues There may be a single risk committee within an organization or many committees specific to each business unit, depending on the size of the firm and the complexity of the risk management issues facing it Elements of a risk management committee structure should include the following: o  Authority - including a level of risk management and control commensurate with best practices prior to engaging in certain commercial activities o  Membership – specific members and titles across the organization with a independent risk management officer leading each committee o General Duties – variety of duties including independent monitoring and reporting of risk File Name: bis-basel2-0604.pdf Bibliographic entry: Bank of International Settlements Basel Committee on Banking Supervision “Basel II: International Convergence of Capital Measurement and Capital Standards: a Revised Framework.” June 2004 251 pages (www.bis.org) Abstract: This report presents the outcome of the Basel Committee on Banking Supervision’s work over recent years to secure international convergence on revisions to supervisory regulations governing the capital adequacy of internationally active banks The present paper is now a statement of the Committee agreed by all its members It sets out the details of the agreed Framework for measuring capital adequacy and the minimum standard to be achieved which the national supervisory authorities represented on the Committee will propose for adoption in their respective countries This Framework and the standard it contains have been endorsed by the Central Bank Governors and Heads of Banking Supervision of the Group of Ten countries A significant innovation of the revised Framework is the greater use of assessments f risk provided by banks’ internal systems as inputs to capital calculations In taking this step, the Committee is also putting forward a detailed set of minimum requirements designed to ensure the integrity of these internal risk assessments File Name: cro-capadeq-0903.pdf Bibliographic Entry: Committee of Chief Risk Officers “Emerging Practices for Assessing Capital Adequacy.” September 17, 2003 86 pages (www.ccro.org) Abstract: This paper lays out a risk-based capital adequacy framework that energy companies, industry analysts, and other stakeholders can use to analyze a company’s ability to meet both nearterm and long-term obligations, with a particular focus on merchant energy activities The main notion is that existing capital should be sufficient to enable a company to operate as a going concern through expected and unexpected business and economic cycles without disrupting operations and while continuing to support shareholder value creation A robust assessment of capital adequacy requires an analysis of – and balance between – economic value in the long run and financial liquidity in the short run The framework for determining capital adequacy for economic value requires an estimation of economic capital This economic capital should cover the most significant quantifiable risks that a merchant energy business faces: market risk, credit risk, and operative (operational/operations) risk This paper assesses each of these sources of risk It also introduces methodologies for combining separate assessments of each of these risk components into a single representation of a company’s economic capital The CCRO recommends calculating liquidity adequacy by measuring internal funding requirements from all expected internal and external financial resources in meeting cash flow obligations or demands under normal and adverse market conditions, taking into account market, credit, and operative contingencies File Name: cro-govrnce-1102.pdf Bibliographic Entry: Committee of Chief Risk Officers “Governance and Controls.” Volume of November 19, 2002 55 pages (www.ccro.org) Abstract: This white paper is primarily focused on risk controls and governance to support energy trading and marketing activities Governance follows a top-down approach whereby the board of directors1 discusses policies with respect to risk assessment and risk management, followed by the development of strategic policy development and oversight by a senior management-level risk oversight committee (ROC) chaired by a chief risk officer (CRO) Controls should be implemented and aligned throughout an organizational structure, with distinct roles and responsibilities that result in an enhanced control environment Accordingly, the risk management roles and responsibilities of the board, the ROC, the CRO, and the corporate risk department are organized to support a risk management framework This white paper outlines governance responsibilities of the board, the ROC, and the CRO and then steps through the risk control responsibilities and duties of the front, middle, and back offices (the “three-office” structure) File Name: cro-valuation-1102.pdf Bibliographic Entry: Committee of Chief Risk Officers “Valuation and Risk Metrics.” Volume of November 19, 2002 60 pages (www.ccro.org) Abstract: This white paper discusses the metrics most commonly used to assess the risk of the trading and asset management segments of companies engaged in energy merchant and trading activities, as well as best practices for risk management It also defines the terminology pertinent to the merchant energy sector, with particular emphasis on trading and marketing The objectives of this white paper are to:1) Disseminate risk management metrics and practices that energy companies can use to quantify and assess the risk within their energy trading and hedging activities, 2)˜Provide a common platform for stakeholders to use to better understand risk management and compare companies, 3) Enhance business capabilities by, 4) Disseminating knowledge of best practices, 5) Providing guidance for training employees in valuation methodologies, 6)˜Fostering communication internal and external to the corporation by creating a common vocabulary and understanding of valuation methodologies This white paper does not cover the operation or optimization of a physical asset (e.g., how to run a power plant/pipeline), the technical accounting directives and implications, or how a company should model transactions Certain discussions like liquidity, volumetric risk, and interest rate and currency risks will be held for later release File Name: cro-crdtrisk-1102.pdf Bibliographic Entry: Committee of Chief Risk Officers “Credit Risk Management ” Volume of November 19, 2002 35 pages (www.ccro.org) Abstract: The purpose of this document is to present a set of credit risk management best practices for the energy merchant industry We define credit risk as the cumulative potential nonpayment and nonperformance of counterparties on contracts to buy or deliver energy products and derivatives thereof Counterparty credit exposure is equal to the sum of all money due (billed or delivered and unbilled) plus the replacement cost of the contracts if positive (netted if appropriate) While these definitions are not unique to energy, the contract structures and credit risk arising from commodity price behaviors are decidedly unique Energy merchant credit risk management is concerned partly with industrial trade credit (because of the physical commodity business) and also partly with derivative and mark-to-market (MTM) credit risk This document covers the five key credit risk management functions: Credit Allocation and Financial Risk Analysis, Contracts, Measurement, Monitoring, Mitigation File Name: cro-disclose-1102.pdf Bibliographic Entry: Committee of Chief Risk Officers “Risk Management Disclosures.” Volume of November 19, 2002 28 pages (www.ccro.com) Abstract: This white paper is intended to enable merchant energy companies to use consistent risk management disclosures and provide enhanced transparency in their communications with the public This paper presents a broad set of objectives and guiding principles for greatly improved disclosures that will help investors, lenders, regulators, credit rating agencies, and commercial counterparties reasonably assess the risks of a company’s energy trading and marketing activities and compare them with risks incurred by other participants in the same lines of business These principles are designed to complement existing accounting and financial reporting guidelines and requirements As a result, these recommended risk management disclosures will be affected by current and future changes in relevant disclosure standards, changes to the overall and individual company business environment and process and system design changes required to respond to changing conditions It is recommended energy trading and marketing companies prepare disclosures with the following characteristics: Comprehensiveness, Consistency, Relevancy, Standardization, and Transparency File Name: fcb-corpgovr-0703.pdf Bibliographic Entry: Financial Reporting Council United Kingdom “The Combined Code on Corporate Governance.” July 2003 86 pages (www.frc.org.uk) Abstract: This publication includes guidance on how to comply with particular parts of the Code: first, “Internal Control: Guidance for Directors on the Combined Code”, produced by the Turnbull Committee, which relates to Code provisions on internal control (C.2 and part of C.3 in the Code); and, second, “Audit Committees: Combined Code Guidance”, produced by the Smith Group, which relates to the provisions on audit committees and auditors (C.3 of the Code) In both cases, the guidance suggests ways of applying the relevant Code principles and of complying with the relevant Code provisions In addition, this volume also includes suggestions for good practice from the Higgs report, which addresses guidance for the chairman, guidance for the non-executive directors and summary of principal duties of remuneration and nomination committees File Name: act-riskmgmt-0204.doc Bibliographic Entry: Australian Capital Territory Insurance Authority “Guide to Risk Management.” February 2004 10 pages (www.treasury.act.gov.au) Abstract: This guide is based on Australian/New Zealand Standard AS/NZS 4360:2004 - Risk Management (the Standard) and describes how to meet the requirements of the Territory’s Risk Management Policy Statement A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004) as “…the possibility of something happening that impacts on your objectives It is the chance to either make a gain or a loss It is measured in terms of likelihood and consequence.” The effective management of risk enables a firm to maximize opportunities and achieve output objectives File Name: osc-disclose-0104.pdf Bibliographic Entry: Ontario Securities Commission “Multilateral Instrument 52-109 Certification of disclosure in an issuers’ annual and interim filings.” January 2004 22 pages (www.osc.gov.on.ca) Abstract: New public reporting requirements effective March 2004 that set forth the rules for certification by a CEO or CFO of annual and interim filings and disclosures The certification instrument requires the certifying officers to certify that the financial statements (including prior period comparative financial information) and the other financial information included in the annual filings and interim filings fairly present the issuer’s financial condition, results of operation and cash flows The certification statement regarding the fair presentation of financial statements and other information is not limited to a representation that the financial statements and other financial information have been presented in accordance with the issuer’s GAAP OSC believes that this is appropriate as the certification is intended to provide assurances that the financial information disclosed in the annual filings and interim filings, viewed in their entirety, meets a standard of overall material accuracy and completeness that is broader than financial reporting requirements under GAAP As a result, issuers are not entitled to limit the representation to Canadian GAAP, US GAAP or any other source of generally accepted accounting principles Fair presentation includes but is not necessarily limited to selection of appropriate accounting policies, proper application of appropriate accounting policies, disclosure of financial information that is informative and reasonably reflects the underlying transactions, inclusion of additional disclosure necessary to provide investors with a materially accurate and complete picture of financial condition, results of operations and cash flows File Name: ont-la198-02.doc Bibliographic Entry: Legislative Assembly of Ontario, Canada Bill 198-2002 Part III “Commodity Futures Act.” pages (www.ontla.on.ca) Abstract: This document provides for amendments and changes to Part III of the Commodity Futures Act that establish the consequences for non-compliance and misleading or untrue statements The more notable points include: 1) a director or officer of the company or person who authorized, permitted or acquiesced in the non-compliance shall be deemed to also have not complied with Ontario commodity futures law, whether or not any proceeding has been commenced against the company or person under Ontario commodity futures law or any order has been made against the company or person 2) A person or company shall not make a statement that the person or company knows or reasonably ought to know (a) in a material respect and at the time and in the light of the circumstances under which it is made, is misleading or untrue or does not state a fact that is required to be stated or that is necessary to make the statement not misleading; and (b) significantly affects, or would reasonably be expected to have a significant effect on, the market price or value of a commodity or contract File Name: g30-finanrpt-1203.pdf Bibliographic Entry: The Group of 30 “Enhancing Public Confidence in Financial Reporting.” Overview December 2003 pages (www.group30.org) Abstract: In December 2002, the Group of 30 formed a working group to look into issues relating to accounting policies and practices in light of recent corporate accounting scandals The working group concluded that the scandals were not the result of systemic flaws in accounting standards as much as they were serious breakdowns in corporate governance and control The overview provides a 17point list of best practices regarding governance, internal control, price verification, and audit practices An 8-point list of recommended principles for more effective public disclosure in financial statements is also provided Chapter of the full report is titled, “Analytical Framework for Accounting Systems.” Chapter is titled, “Best Practices for Valuation of Financial Instruments.” Chapter is titled, “The Role of More Effective Public Disclosure.” File Name: osc-ni52107.pdf Bibliographic Entry: Ontario Securities Commission "National Instrument 52-107 Acceptable Accounting Principles, Auditing Standards and Reporting Currency " (www.osc.gov.on.ca) Abstract: Effective March 30, 2004, this document sets forth acceptable accounting principals, auditing standards and reporting currency requirements for Canadian public companies National Instrument 52-107 was adopted by the other Canadian provincial securities commissions The new standards allow for exemptions from Canadian GAAP for firms utilizing US GAAP provided the material differences and impacts on the firms performance between the two standards are clearly explained National Instrument 52-107 also provides for an exemption from Canadian GAAP for firms utilizing International Financial Reporting Standards The new rule potentially reduces the redundant financial reporting burden for Canadian firms listed on US exchanges by allowing them to use US GAAP only in their financial reporting Appendix B– Risk Committee Characteristics Risk committees are usually small groups made up of personnel with diverse expertise and varied responsibilities These persons are delegated responsibility to oversee risk issues within the corporation Risk committees provide for: Transparency Risk committees are set up to be very effective at providing transparency into a variety of risk issues The makeup of diverse committee members increases transparency and makes risk taking which is not compliant with policies, much more difficult to initiate or sustain Transparency is one of the most important attributes that is derived from a risk committee structure Committees Provide Ownership & Accountability Committees are only effective if ownership is clear and the agenda is well managed Committees should be chartered to advocate risk management principles and best practices throughout the organization Committee members should set the agenda, determine membership and set protocols for their committee Notwithstanding the layers of risk committees, all committees should be consistent in their responsibilities to adhere to the corporation’s risk policy document Membership As mentioned above, committee membership should be diverse Business unit and corporate personnel should be involved and cover a wide range of functions independent of taking or managing risks In addition to commercial operations and risk management, representatives from internal audit, treasury, financial reporting, legal, information technology, etc should be part of the risk committee membership Appendix C– Risk Committee Structures Illustrative Examples Example nce Structure Example Corporate Governance Board of Directors and Audit Committee R i s k G o v e r n a B u s i n e s s U n i t B u s E x e c u t i v e R e v i e w i n e s s U n i t r i s k m a n a g e m e n t f o r u m s e s t a b l i s h e d b y e a c h B u s i n e s s U n i t V P P u r p o s e : R e v i e w s B u s i n e s s U n i t l e v e l r i s k s a n d o p p o r t u n i t i e s P a r t i c i p a n t s : D e t e r m i n e d b y t h e B u s i n e s s U n i t V P E x e c u t i v e R e v i e w & R i s k C o m m i t t e e P u r p o s e : R e v i e w a n d a p p r o v a l o f f i n a n c i a l a n d o p e r a t i o n a l r i s k a n d o p p o r t u n i t i e s R e v i e w o f C o r p o r a t e & B u s i n e s s U n i t r i s k / t o l e r a n c e l e v e l , c a p i t a l p r o j e c t s , u s e o f f i n a n c i a l d e r i v a t i v e s P a r t i c i p a n t s : C O O , C F O , G e n e r a l C o u n s e l , C R O , A d m i n i s t r a t o r a n d a p p o i n t e e s a s n e e d e d , C E O a s a p p r o p r i a t e F i n a n c i a l O u t l o o k & R i s k R e v i e w P u r p o s e : R e v i e w o p e r a t i o n a l a n d f i n a n c i a l f o r e c a s t , A O , s t a t u s , T r e a s u r e r , r i s k s a n d o p p o r t u n i t i e s , t o i n c l u d e p e r f o r m a n c e m e t r i c s P a r t i c i p a n t s : C O O , C F O , E V P ’ s , C C R O , D i r e c t o r F P & A a n d S e l e c t G r o u p C o n t r o l l e r s ; C E O p a r t i c i p a t e s q u a r t e r l y S t r a t e g i c , P l a n n i n g E n t e r p r i s e R i s k M a n a g e m e n t C o m m i t t e e P u r p o s e : S t r a t e g i c p l a n d e v e l o p m e n t a n d m o d i f i c a t i o n s P a r t i c i p a n t s : C E O C O O , E V P s , C R O Appendix D– Risk Manageme nt Structures within Organizati ons Illustrative Example [...]... (www.treasury.act.gov.au) Abstract: This guide is based on Australian/New Zealand Standard AS/NZS 4360:2004 - Risk Management (the Standard) and describes how to meet the requirements of the Territory’s Risk Management Policy Statement A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004) as “…the possibility of something happening that impacts on your objectives It is the chance... identification and measurement of risks inherent in commercial opportunities and the obligation to bring this information forward for evaluation in capital allocation decisions • The ongoing evaluation and measurement of risk- adjusted performance • The impact of risk limits and potential limit breaches on commercial decisions The risk management policy document should be clear in linking effective risk management. .. company’s risk management policy document should specifically define potential mitigating actions and repercussions that will occur when risk management limits and policies are violated This includes defining the roles and responsibilities of the risk management function and the commercial operation around reviewing the breach, and determining remedial actions and sanctions Individual employees also have a. .. operations and while continuing to support shareholder value creation A robust assessment of capital adequacy requires an analysis of – and balance between – economic value in the long run and financial liquidity in the short run The framework for determining capital adequacy for economic value requires an estimation of economic capital This economic capital should cover the most significant quantifiable... risk- based capital adequacy framework that energy companies, industry analysts, and other stakeholders can use to analyze a company’s ability to meet both nearterm and long-term obligations, with a particular focus on merchant energy activities The main notion is that existing capital should be sufficient to enable a company to operate as a going concern through expected and unexpected business and economic... business operations As mentioned before, the CCRO has been at the forefront of this effort and specifically addresses these methodologies and measures in its Valuation and Risk Metrics, Credit Risk Management, and Emerging Practices in Assessing Capital Adequacy white papers (Appendix A) The risk measurement section of the risk management policy should be organized around the risk categories (market, credit,... the critical success factors for ERM and breaks down the ERM program into a design phase and an implementation phase Credit risk, investment risk, operation risk, risk aggregation, capital allocation, and systems and data are detailed within the framework of ERM, much of it insurance industry specific, but also revealed are general principal and tools File Name: pwc-utility-1103.pdf Bibliographic Entry:... managing risk through the identification, measuring, monitoring, and controlling of risks that impact the firm’s financial performance Risk management may initially concentrate on controlling these risks through the silo management of risks However, as silo risk management broadens into an enterprise wide approach, risk management expands its role by impacting the firm’s commercial decisions as follows:... corporate and business unit risk management groups o  Framework of risk management groups within the business unit infrastructure 2.4.4 Organizational Risk Management Structure and other Company Functions Many of the responsibilities associated with other functional areas within the company have an impact on the risks faced by the company Therefore, the risk management function, both through the governance... decisions Although risk management entails the identification, measurement, monitoring, and controlling of risks throughout the organization, this does not imply that the risk manager necessarily makes or carries out commercial decisions The risk management policy should be clear in separating the role of the risk management function and the commercial function in this respect 3.6 Remedial Actions A company’s