The Rise and Evolution of The

8/2/2019 The Rise and Evolution of The

http://slidepdf.com/reader/full/the-rise-and-evolution-of-the 1/12

The Rise andEvolution of the

Chief Risk Officer

Enterprise Risk

Management at Hydro

One



Chinese boards of directors -

need to have a

thorough understandingof the key risks in theorganization and whatis being done to

manage such risks.

Security rating agenciesbegun to take account

of ERM systems in theirratings methodology.

The first symbolrepresents dangerand the second

opportunity. past - address risk in

silos,.

new (ERM) approach-

all would function asparts of an integrated,strategic, andenterprise-wide system.



More firms are notdoing ERM

One deterrent is thescarcity of case studiesdescribing successfulimplementations of

ERM. Joint Australian/New

Zealand Standard forRisk Managementprovides the firstpractical prescriptionfor implementation of ERM using genericexamples.

Articles and reportsprovide examples and

insights into thepotential benefits of ERM.

Best practices of

successful firmsCorporate RiskManagement Group

Head of internal audit,

John Fraser (one of theauthors of this article),was asked to take onthe additional role of chief risk officer (CRO).



Two full-timeprofessionals, one witha degree in industrialengineering and onewith an MBA in processreengineering andorganizational

effectiveness. Given six months to

prove its worth.

(1) an ERM policy and

(2) an ERM framework The Executive Risk

Committee

for discussion andapproval.

Pilot Study 80 potential risks or

threats to the businesswas developed and e-

mailed to themanagement team of the subsidiary.

Voting - Delphi method

Issues never openlydiscussed wereaddressed.



Common understandingof risks and of a

corporate plan forprioritizing action andresources to managesuch risks.

Identification andAssessment of Risks andControls

In assessing risks, the

aim is to understandthe size of the potentiallosses and the

probability of occurrence.

Probability curve -reflects the potentialoutcomes and theprobabilities.

Determine the impact of specific risks on variousobjectives.

Probability of outcomesis evaluated for a

specific time frame.

Produce a risk map(RM)



Risk map - track thehistorical developmentof particular risks andproject expected futuredevelopments.

The company has acontrol strengthmodel that complementits risk tolerances.

Tolerability of Risk andRisk Mitigation

rank-ordered list of residual risks isassembled.

The Risk-owner determinesthe firms tolerance foreach risk.

Seven possible ways of dealing with significantrisks:

Retain

Retain, but changemitigation

Increase

AvoidReduce the likelihood

Reduce the consequences

Transfer



Monitor, Review and

Report

Fundamental toeffective management

of business risks.

Risks may not always be

categorized correctly in

the first place.

Prediction is very

difficult, especially aboutthe future.

Niels Bohr

CORPORATE RISK PROFILE

Purpose - to ensure that

the senior managementteam shares a common

understanding of the

principal risks facing the

organization and toprovide a basis for

allocating resources to

address risks based on

their priority.

no means a static

document



Describes the corporateobjectives that are likely

to be most affected bysuch risks and thecorporate controlsbeing used to mitigatesuch risks.

In June 2000, Hydro oneevaluated 11 major risksand the corporatemeasures to manage

such risks.11 Major Risks:

Growth

Regulatory uncertainty

Organizational readiness

Network services launchAsset conditions

Catastrophic events

Environmentalcontamination

Hazardous operatingenvironment

Market Ready Project

New electricity market

Economy/financialmarkets (See notes attached : Note 1)



QUANTIFYING THEUNQUANTIFIABLE

Hydro One is inherentlyan asset managementcompany.

Assets life expectancy

is 30 to 70 years. Investment Planning

Department of HydroOne with the Corporate

Risk ManagementGroup developed a risk-based approach forallocating resources.

The approach rests onthree pillars:

Five-point risk tolerancescale (from Minor toWorst Case)

Five-point probability

rating scale (fromRemote to VirtuallyCertain)

Quality of controls (or

other risk managementmechanisms)



DETERMINING CAPITAL

EXPENDITURES (RISK-

BASED APPROACH): Levels of funding:

Highest Risk Exposure -

unacceptable risk level

and must be funded as

a priority.

Minimum Funding Level

(barely tolerable)

Level 1 Materially

lower than the

Minimum Funding

Level.

Levels 2 and 3 - Materially

lower than at Level 1.

Bang for the Buckequals risk divided by

dollar cost.

BENEFITS OF ERM AND

OUTCOMES AT HYDRO ONE



DETERMINING CAPITAL

EXPENDITURES (RISK-

BASED APPROACH): Levels of funding:

Highest Risk Exposure -

unacceptable risk level

and must be funded asa priority.

Minimum Funding Level

(barely tolerable)

Level 1 Materially

lower than the

Minimum Funding

Level.

Levels 2 and 3 - Materially

lower than at Level 1.

Bang for the Buckequals risk divided by

dollar cost.

BENEFITS OF ERM AND

OUTCOMES AT HYDRO ONE



Chris Naval

Documents

The Rise and Evolution of The