160 likes | 168 Views
Learn about the Enterprise Risk Management (ERM) policy implemented at Hydro One Inc., an Ontario electrical distributor. This policy outlines risk definitions, assessment, mitigation, and the roles and responsibilities of key personnel in managing risks effectively. Explore risk profiles, tolerances, and the risk management process guided by the policy.
E N D
Hydro One Inc.Aabo, Frase & Simkins [2005] Jurnal of Applied Corporate Finance17:3, 62-75 Ontario electrical distributor Formed in 1999 (privatized) IPO 2001 (withdrawn) Finland May 2010
ERM at Hydro One • Late 1999 head of Internal Audit appointed CRO • Corporate Risk Management Group established • CRO, 2 full-time professionals • Given 6 months to prove themselves • Early 2000 prepared • ERM Policy • ERM Framework Finland May 2010
ERM Policy • Audit & Finance Committee of the Board • Annually reviews the Corporation’s risk profile, the risk retention philosophy/risk tolerances of the Corporation, and the risk management policies, processes and accountabilities • President • ultimate accountability for managing the Corporation’s risks • Chief Financial Officer • specific accountability for ensuring that enterprise risk management processes are established, properly documented and maintained • Senior Management Team • provides management oversight of the Hydro One risk portfolio and the Corporation’s risk management processes • provides direction on the evaluation of these processes • identifies priority areas of focus for risk assessment and mitigation planning • Each of the President’s Direct Reports • specific accountabilities for managing risks in their subsidiary or function • each will establish specific risk tolerances for their lines of business that do not exceed the limits of corporate risk tolerances • expected to annually formally attest that the unit’s risk management process is in place, operating effectively and is consistent with this policy. • Line and Functional Managers • responsible for managing risks within the scope of their authority and accountability • risk acceptance or mitigation decisions made explicitly and within the risk tolerances specified by the head of the subsidiary or function • Chief Risk Officer • provides support to the President, CFO, Senior Management Team and key managers within the corporation • includes developing risk management policies, frameworks and processes, introducing and promoting new techniques, preparing annual corporate risk profiles, maintaining a registry of key business risks, and facilitating risk assessments across the Corporation Finland May 2010
Risk Definitionsfrom Risk Policy • Risk: • potential that an event, action or inaction will threaten Hydro One’s ability to achieve its business objectives. Risk is described in terms of its likelihood of occurrence and potential impact or magnitude. Broad categories of risk in Hydro One include strategic, financial, and operational risks. • Risk Assessment: • systematic identification and measurement of business risks on a project, line of business or corporate basis. It also includes the review or establishment of risk tolerances, the evaluation of existing mitigation controls and conscious acceptance or treatment of residual risk. • Risk Mitigation/Treatment: • Actions or decisions by management that will change the status of a risk. Options include • retaining the risk (either completely or partially), • increasing the risk (where mitigation is not cost-effective), • avoiding the risk (by withdrawing from or ceasing the activity), • reducing the likelihood (by increasing preventive controls), • reducing the consequences (by emergency or crisis response), • and/or transferring the risk (by outsourcing, insurance, etc.). Finland May 2010
Risk DefinitionsFrom Risk Policy • Risk Profile: • results of any risk assessment, assembled into a consolidated view of the significant strategic, regulatory, financial and operational risks at play in a project, line of business or across the Corporation. • Risk Tolerances: • Guidelines first establish levels of acceptable and unacceptable exposure from any risk. • Tolerances define the range of possible impacts (from minor to catastrophic) that risks might have on business objectives. • Risk tolerances are established for the Corporation and reviewed annually. • Each project, function or line of business assessing its risks is expected to use or develop a set of risk tolerances that does not exceed established corporate limits. Finland May 2010
Risk Management Process • Establish Business Context • Identify Risks • What can happen?/How? • Assess Risks & Controls • Determine consequence • Assess Current Controls • Confirm existence/Determine effectiveness • Estimate strength of controls • Determine likelihood • Estimate level of risk • Check if Risk is Tolerable • If not, Mitigate/Treat Risks Finland May 2010
Dimensions of Likelihood 5 – Virtually certain 0.95 probability will occur within 5 years 4 – Very likely 0.75 probability will occur within 5 years 3 – Even odds 0.50 probability will occur within 5 years 2 – Unlikely 0.25 probability will occur within 5 years 1 – Remote 0.05 probability will occur within 5 years Finland May 2010
Risk Magnitude • Minor • few controls needed • Moderate • Major • Severe • Worst case • full prescriptive controls with executive oversight Finland May 2010
Means of Dealing with Risk • Retain • risk exposure accepted without mitigation, since potential return is viewed as desirable and downside exposure is not significant; • Retain but change mitigation • a partially mitigated exposure is maintained, but change in mitigation reduces the cost of control; • Increase • risk exposure is increased, either because the potential return is viewed as desirable or the controls in place are not cost effective; • Avoid • risk exposure to be entirely eliminated, possibly by withdrawal from a business area, since the potential return does not offset downside exposure; • Reduce the likelihood • risk exposure reduced cost-effectively through new or enhanced preventive controls; • Reduce the consequences • impact of any risk that materializes will be reduced through emergency preparedness or crisis response; Finland May 2010
Hydro One Risk Tolerances3 of 16 total Finland May 2010
Pilot Study • Spring 2000 workshop • One subsidiary • Pre-meeting – e-mailed participants • Asked for list of 10 most critical risks • Compiled, top eight selected • Delphi • Vote on 1-5 scale • Discuss • Iterate • Deemed successful • ERM continued Finland May 2010
Corporate Risk Profile Finland May 2010
Corporate Risk Profile Finland May 2010
Corporate Risk Profile Finland May 2010
Benefits of ERM • Lower debt cost: • Initial debt issue was oversubscribed about 50 percent, and ERM was credited by ratings analysts as being a significant factor in high ratings received • Capital expenditures focused on greatest risk mitigation per investment: • the risk-based structural approach yielded an optimal portfolio of capital investments • Catastrophe avoidance: • dismissal of the Board of Directors and reaction to the oil spill. • Reassurance to stakeholders that the business is well managed: • ERM workshops aided the executive team to articulate risks faced • Many other examples of stakeholder reassurance existed. • Improve corporate governance: • Board of Directors was initially skeptical • now routinely expects risk analysis • Implement formalized risk management system: • Formalized system drives periodic assessment, documentation, and risk reporting • Identify risks where Hydro One is most competitive: • A subsidiary involved in marketing electricity was sold due to high commodity risks • several processing and administrative functions were outsourced to transfer labor union and cost risks Finland May 2010