Enterprise Risk Management for Public Power Utilities

Photo of author
Written By Chris Ekai

Many public power utilities are now using Enterprise Risk Management (ERM) to help identify and manage risks across the enterprise. ERM is a systematic, disciplined approach for identifying, analyzing, and managing risks that could affect the achievement of an organization’s strategic objectives using a risk management program.

ERM helps utilities make informed risk management decisions that balance opportunities and threats to create and protect shareholder value. Key risk indicators can mitigate risks through risk management processes.

Public power utilities have long been subject to various financial, operational, legal, and reputational risks. Implementing ERM can help utilities effectively manage these risks and make sound decisions that protect and enhance shareholder value.

ERM is a comprehensive approach to managing risk that considers an organization’s entire portfolio of strategic and operational risks. ERM helps organizations make informed decisions about allocating resources and managing risks to create and preserve shareholder value.

The development of ERM can be traced back to the early 1990s when many companies experienced large losses due to unforeseen events such as natural disasters, product recalls, and litigation.

These companies realised that traditional risk management approaches focused on individual risks in silos and were no longer sufficient. They needed a more holistic approach that would allow them to manage all types of risks across the enterprise.

Since then, ERM has evolved into a well-defined discipline with a clear set of principles and best practices. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) released the first enterprise risk management framework in 2004. This framework has been updated several times and is currently in its third edition.

There are many ways in which public power utilities can use ERM to improve risk management practices. One way is to identify risk factors that could affect the achievement of strategic objectives. For example, a utility might identify regulatory changes as a risk factor that could impact its ability to meet its financial goals.

Another way public power utilities can use ERM is by assessing the potential impact of identified risks on achieving strategic objectives. This step is important because it allows utilities to prioritize risks based on their potential severity. For example, a utility might identify a severe weather event as a high-impact risk because it could lead to customer outages and damage to infrastructure.

The third way public power utilities can use ERM is by developing mitigation strategies for each identified risk. This step is important because it allows utilities to take proactive measures to avoid or minimize a risk event’s impact. For example, a utility might develop a mitigation strategy for a severe weather event by investing in redundant infrastructure or increasing staff levels during peak demand periods.

Risk is no longer common in any enterprise. Every business decision is subject to risks, which could generate greater risks. To maintain sustained business results, however, it must be managed effectively with rigorous monitoring and management of the associated risks.

It is especially true for the electricity and utility industries operating worldwide in highly volatile and price-sensitive markets. Organizations within this industry with long-term investments require a risk-sensitive attitude to cope with economic and geopolitical instability.

The risks for sustainability have rapidly risen and have reached the top of the agendas of executives and boards for the coming decade. Climate change problems are most acute in industries largely dependent on coal and electricity, and companies that have not initiated strategic planning are behind.

In early 2022, the SEC issued new rules to standardize companies’ disclosure of climate risks. We expect that this type of proposal will increase requirements for ESGs.Currently, we are facing complex political, environmental, geopolitical, and technical risks.” Executives grapple with rapid change and uncertain futures, especially from the effects of the pandemic.

Interestingly the company reported risk volume at 12 years high. In 2021 the utility sector will face challenges as it enters a critical phase in its development. As states and the government try to reduce emissions from electricity and water, the grid is sluggish, and cybercriminals target third-party software.

To implement enterprise risk management programs, utilities should find that the ERM theory has no chance. Developing and maintaining an ERM system for the strategic administration of operations and finances should be achieved through an organization-wide engagement.

This blog post will provide an overview of ERM and discuss how public power utilities can use it to improve risk management practices.

project management
organizing, controlling company resources, risks, achieving project goals.

Current Risk Management Is… Well…Risky

The risk management association said the 2019 results are bleak: only 21% said they thought their risk managers were prepared for the upcoming challenge. A survey of NCSU risk management professionals shows that less than half have a “mature” level of risk management.

A recent study found a ‘disconnection’ between organizations reporting they’ve never weighed risks yet assessing immature risks. Although many businesses use ERM in their names, they have not eliminated traditional risk management altogether. Risk is largely unchanged in this regard.

Mitigating Underlying Risks

Energy organisations should also monitor the risks underlying these risks, which are credit risk, market risk, operational risk, and legal risk. The study includes evaluating specific aspects of the energy value chain, assessing the current patterns of supply & demand and evaluating the appropriate level of risk.

One key element is data mapping. These mapping techniques incorporate the available risk data and create the appropriate relationship to determine and assess risk. Ensure that risk evaluation and the corresponding accounting techniques are implemented with great care as a prerequisite to their effectiveness.

Elevate your CRO

A Chief Risk Officer (CRO). As an equivalent role, the role provides a very effective means of ensuring a healthy risk management debate within the board. Despite CROs, the organization can not formally delegate risk to committees, limit risks to compliance and auditing, or present risk to the management only occasionally, separated from the strategy.

CROs can be champions for ERM. Nevertheless, their effectiveness is only enhanced when empowered. Jim DeLoach, CEO at Protiviti, notes the value of integrating risk within an organization’s business culture.

risk management
Risk Management

Understand ERM’s value and get leadership on board

ERM needs help from the management team. Integrating your programs with a holistic risk management approach is difficult. Managing director at ERM Beverley Harrington advises: “ERM does not require sprinting.

And if leadership believes the ERM should be necessary, you must understand its potential value. Carol Fox, a former RIMS executive, discusses the challenges of defining and measuring your goals. Reframing the value the organization seeks and how the value is derived.


ERM is a comprehensive system which enables organizations to control risk effectively and its overall return to accomplish their stated business goals without significant disruption.

Furthermore, the system provides the ability to handle enterprise risk within a proper business context effectively. The key building blocks of any successful ERM program include economics and business contexts, functional application systems, organizational capability, and technology infrastructure.

Managing volatility

Energy firms employ commonly used techniques, including hedged hedging and commodity trading, for reducing price risks and avoiding adverse economic conditions. Commodity prices have always been one of the major factors in the prediction and reporting of EBIT (Earnings before Interest and Taxes).

Therefore, organisations hedge against these price risks and exposures with careful management. Hedging is also employed when the volatility of these industries is seen often.


Energy firms adopt different approaches to ERM depending on the scale of operations, energy reserves, and revenues. While many energy companies have more reserves to explore, they seek bigger profit margins and have more risk tolerance than others who face overexploitation of their reserves.

Some more complex companies may have more risks in their operations than others. Some may also worry about fragile energy systems that operate under extreme conditions.

Choose a standard: ISO, COSO or both!

If you need executive support, examine ERM standards and choose what fits you. Use this standard as a foundation for an ERM system and process. The Standard provides a visual view as well as guides for efficient practice.

There is no choice for us either. While some companies stick to the same standards, RIMS reported that 45% of risk professionals used different standards to plan. COSO ERMS frameworks ISO 31000:2018. The two are industry standards that provide a structured approach and risk universe to business models.

Develop an ERM framework & determine risk appetite

When you’ve researched the ERM framework and chosen the standard for your program, you can apply the principles in your business using the ERM framework and the definition of risk appetite. A risk appetite statement is important for inherent risks and emerging risks.

According to ISO 31000, the risk framework includes a set of components that enable the design and implementation of risk management strategies. All key business risks must have risk mitigation strategies


The perfect mix of a bottom-up and top-down approach fits well with a risk management governance strategy for organizations. The board of directors and audit committees hold the most important positions in management and help chart an organization’s risk planning plans managed by the head risk manager.

Followed by the Executive Risk Management Committee, led by the Chief Risk Officer, followed by key business functions and functions. Risk response and risk capital.

Enterprise Risk Management for Public Power Utilities

Risk management in changing times

EY says ESG goals and disclosures will remain key for utilities in the coming years. This growing mindset needs to be balanced with tighter safety and environmental requirements and increased compliance costs.

The new SOX compliance survey shows the amount spent on maintaining compliance hours and costs for the company has increased across all business types.

Beyond the bottom line

Deloitte has hosted a roundtable on risk management in the industry over the past ten years. This series aims to talk about lessons learned, identify trends, promote innovations, carry out analysis and benchmarking, encourage networking within industries, improve risk management practice and increase ERM functions’ value to the industry.

The Future of Digital Utility and Risks Stemming From Digitization

Most participants reported that ERM functions participated heavily in discussions regarding various digital initiatives and risks. What is the meaning and significance of digital transformation? Digital means that entities can reach higher performance levels by integrating technology into new ways of working, creating better outcomes and improving the customer experience.

According to Moore’s Law, some digital technologies could easily surpass the curve of expectations and unlock immense capacity. The battle for utilities will get bigger and more affordable than their competitors.

Scenario planning and the role of ERM

Current P&U industry conditions are volatile and ambiguous (VUCA). By acknowledging uncertainty, scenario planning allows organizations in the VUCA environment to assess the opportunities and the risks they face in evaluating potential opportunities and risks.

The system helps help organizations react even when the situation is uncertain. Typical responses to an uncertain situation are denied or paralysis. Scenario planning can overcome such reactions by offering data-driven stories about the future or descriptions of external circumstances.

The CPUC’s Risk-Based Decision Framework

During the aftermath of the 2010 Gas pipeline explosion in San Bruno, California, CPEC refocused on identifying the safety of consumers. This is an effort by utilities and the S-MAP program to provide an overview of the hazards and the mitigations.

S-MAP focuses on the risk assessment framework and methodology in the risk assessment mitigation phase.

risk management
Third Party Service

Extended Enterprise Risk Management/Third-Party Risk Management

As p&u organizations become digital utilities, there are growing dependencies on third parties. This dependency could further increase organizational risks based on the

(1) growing uncertain business and macroeconomic environment,

(2) the concerns of regulatory scrutiny and

(3) the threat of incidental/destabilizing third Party actions.

Companies must also be agile to adapt to regulatory change, customer demand, and technological change.


ERM is a comprehensive approach to managing risk that considers an organization’s entire portfolio of strategic and operational risks. Public power utilities have long been subject to various financial, operational, legal, and reputational risks. The implementation of ERM can help utilities effectively manage these risks and make sound decisions that protect and enhance shareholder value.

Leave a Comment