> Solution Briefs

Risk Assessment Software: Enterprise Risk Management (ERM) in Energy and Utility Industry

A front end process for compliance management activities

Favorites

Download

Since the last decade, the process of ‘Risk Management’ has evolved rapidly, growing from a perfunctorily performed activity to a critical enterprise-wide requirement. Functions like recognizing and mitigating risks,complying with regulations, gaining increased market valuation and optimizing the use of assets with higher returns on risk capital are now generating new risk management requirements and thus companies seeking risk assessment and analysis software .

While risk managers in all industries are grappling with the problems of performing real-time risk measurement and mitigation, risk managers in the energy and utilities sector have to tackle additional complexities due to the inherent nature of the business. Optimizing risks and returns in generation plant usage, delivery schedules, natural gas and electricity selling prices, deliveries, oil pipeline usage and cash flows is a formidable task. Moreover, stringent compliance and regulatory requirements, like Sarbanes Oxley Act (SOX), FERC and NERC regulations (Federal Energy Regulation Commission and North American Electric Reliability Commission) and state and regional public service commissions add an additional layer of challenges for energy risk managers. All business functions are impacted operationally as well as strategically. As a result, companies in this sector are looking to systematically identify, measure, prioritize and respond to all types of risk in the business.

MetricStream offers an integrated solution for successfully meeting these enterprise wide risk management requirements while lowering the associated costs that can otherwise be substantial. It provides best-in-class integrated modules and services to companies in the energy sector, so that they can seamlessly automate and streamline compliance business processes and gain real-time visibility into their risk profile.

Enterprise Compliance Platform: Business Value

Standards Based	Using standards to deliver re-usable technology components that enable complex business processes in a consistent structured and repeatable fashion
Federated Process Driven Approach	Shift to a holistic perspective to meeting business process requirements. Instead of focusing only on the tactical need of individual silos, ECPTM looks to enable compliance requirements functionality in a way that can be used by others in the future. It also allows individual pieces of the business process to be realized by best-in-class solutions
Change Oriented	Focus on the creation of IT components expecting and anticipating changes in the compliance ecosystem. ECPTM looks to recognize that changes is inevitable: regulatory mandates, managing go-to-market risks and other change drivers are the reality. ECPTM is designed for relevant, agile solutions so that critical, dynamic business controls and processes can be quickly adjusted
Real Time Reporting and Visibility	Addressing business information and process across organised and technological silos. ECPTM delivers rolled-up visibility of key information across the enterprise
Knowledge Based	Shift to a holistic perspective to meeting compliance requirements. ECPTM engages ComplianceOnline.com's knowledge network and its ommunity of experts to provide know how in a way that can be used across the company for varied requirements

Challenges
The operational environment in energy companies has never been more challenging. Companies are wrestling with regulatory compliance requirements, market volatility and industry consolidation as they face pressure to drive revenues and increase efficiency. Rapidly changing and highly complicated energy policies are pressurizing companies to constantly look for better ways to manage and monitor compliance and controls processes across the enterprise, eliminating deviations, errors and redundant activities.

Despite the growth of various technologies, energy risk managers continue to face the two-fold challenge of compliance and risk management.

The global power industry is rife with price, supply and consumption issues. Energy companies also face an array of political, legal and regulatory risks on a daily basis. Those with international operations are particularly susceptible to commercial and security threats arising from currency inconvertibility or transfer restrictions, breach of contracts, nationalization and confiscation or ‘creeping’ expropriation of energy assets, besides war and civil unrest. Issues bedeviling the risk managers are best summarized by the following questions posed by a power risk manager: “Between constantly changing conditions and the immense amount of realtime data, how do I recognize threats to the company when they occur? How do I discriminate between different threats and their relative importance to the company? How can I then take the appropriate action in real time if more than one of these threats occurs?”

Compliance Management

Compliance Environment with Increasing Regulation and Legislation: Regulatory compliance is a key challenge for companies in the energy and utilities industry with numerous standards and regulations governing nearly all aspects of their businesses. Benchmarking against best industry practices like GARP, CCRO framework, FSA requirements and financial accounting standards has become the norm. Regulatory acts like SOX, OSHA, EH&S, FERC and NERC govern the way companies in energy and utilities sector operate. These include complex and interconnected regulation guidelines regarding financial assurance, operations, ethics, record keeping as well as physical and cyberspace security, reliability and environmental protection policies in the country.

Data Security: Responsible entities must define methods, processes and procedures for securing critical information like company IP, customer and employee data, confidential strategic or financial data. FERC and NERC compliance regulations provide clear definitions of a well documented and a widely disseminated enterprise compliance program.

Document Management and Control: To ensure compliance with stringent regulations and legislations, energy and utilities companies must retrieve, compile and integrate data from multiple sources to be able to provide federal and state regulators with accurate, up-to-date information on the state of their business and day-to-day operations.

Compliance Reporting and Real-time Alerts: Most energy companies are managing compliance reporting and management in discrete categories - by geography, business unit or business function - resulting in lack of visibility into their operations. This silo-based approach is insufficient to keep pace with stringent compliance requirements. Companies must find a way to pull consistent, reliable and auditable reports from many disparate sources. This includes appropriate triggers to alert staff on potential compliance issues and updates, so they can react on a timely basis.

Operational Efficiency: With limited IT budgets, unpredictable market pricing and a massive infrastructure, companies in the energy and utilities industry are constantly focused on improving operational efficiency. Data managers seek holistic view of operations across the entire organization so that they are armed with the information they need to make key business decisions that directly influence the bottom line while ensuring compliance with internal policies and industry regulations.

Adverse Event Management: Due to the inherent hazardous nature of their jobs, energy industry risk managers require an efficient adverse management system that provides prompt reporting and tracking, analysis and resolution of adverse events.

Risk Management

Non-Prioritized Risk Management: Determining which risks are relevant through a manual procedure is tedious and time-consuming. Understanding risk management methodologies (like VaR, EaR, PaR and CfaR) and their pertinence to the energy or utility organization is highly resource intensive. Most ERM systems/framewoks are not customized for a particular company and they do not address company specific risk priorities.

Disparate Risk Systems: In a distributed organization, establishing a common risk management program is a challenging and labor-intensive task. Business units manage their risks independently and without coordination. Integration and standardization of process and procedures across the organization demands a central risk management information system.

Inefficient Risk Control Measures: Controls for mitigation of regulatory, operational and reputation risks are as significant as the company’s market, liquidity and credit risk management efforts. Response approaches are not optimized across risk types and commodities, exposing the company to unpredictable changes.

Reactive Threat Identification and Mitigation: Power firms follow a defensive approach and suffer losses by not identifying risks in a timely manner. Undiscovered exposures can result in massive losses. By guarding against situations where aggregate risk exposure exceeds its risk appetite, the company can prevent such situations. Preventive and detective controls that will help mitigate risks in real time using alerts are necessary in this highly competitive market.

Poor Visibility and Error-prone Reports: Current energy risk management systems offer an ad-hoc view of the multitude of internal and external risks faced by a company. Manual data-reporting procedures are unreliable, inflexible and do not provide site-level and enterprise-level views of performance and risks.

Operational Hazards: Accidents and injuries, fatalities, losses to plant and equipment, spillages and other loss of product and materials are a few of the issues that plague the energy industry. Proactive risk management can help avoid losses and drive faster crisis recovery times.

Risk versus Investment: Energy companies face an increasingly significant dilemma –making a bankable investment in the face of risk. Measuring the risk of long-term investments and assessing opportunities on daily basis proves to be taxing for companies. To facilitate implementation of desirable projects, the company must be able to assess with the profit–risk ratio.

The MetricStream Solution
Understanding and managing risk is imperative to succeed in a competitive environment. Enterprise Risk Management (ERM) software platforms and tools empower the energy and utilities organization through careful structuring of risk assessment and automation of compliance efforts. MetricStream’s solutions for both risk and compliance management help energy and utilities firms with:

Regulatory Compliance Management: The MetricStream solution provides a common framework and an integrated approach to manage energy risks as well as cross-industry mandates and regulations such as SOX, OSHA, EH&S and FCPA and industry focused regulatory guidelines from FERC, NERC and Data Management laws.

Streamlined Risk Management Methodology: The MetricStream solution ensures that a formal procedure for analyzing and managing energy enterprise risk is implemented and followed. It identifies and documents potential threats and vulnerabilities, quantifies total cost of risk and compliance management, and drives the creation of business processes and controls. Its flexible scheduling tool allows the enterprise to assess, test and document internal controls. Prioritizing response strategies for optimal risk/reward outcomes is also easier to perform. The solution quantifies trade and market risks for energy portfolios and ensures that the right risk management methodology is followed.

Increased Protection: Energy organizations must adopt a strategic approach to enterprise wide risk management in order to ensure maximum protection from attacks. Process vulnerability and risk exposures are fully mapped by MetricStream and threats to the most critical assets are prioritized to set the right protection strategy for the organization. The underlying workflow and collaboration engine of MetricStream’s solution determines the potential impact of threat occurrence and the existing level of risk to develop and implement a suitable corporate risk management and mitigation plan.

Efficient Controls: The MetricStream solution enables process owners to take direct responsibility for managing controls while auditors can focus on key compliance risks and project oversight. To eliminate risks from deviations in procedures, errors and redundant activities, compliance and controls can be made consistent across the enterprise using the centralized framework. It also helps avoid the danger of stringent and varied sanctions by encouraging employees across the enterprise to contribute information that pertains to reducing exposure to risk and improving safety, productivity and quality.

Cost Reduction: Automated information flows, assessments and testing, remediation assignments and time stamped audit trails reduce overall compliance and risk management costs. The solution helps avoid increased write-offs, losses and rising cost overlays while creating investment opportunities and improving performance.

Web-based Reporting and Role-based Dashboards: Risk heat maps, graphical charts and compliance dashboards provide increased enterprise-wide transparency into the compliance process and highlight issues that need to be addressed. Continuous reporting and benchmarking of implemented procedures using control diagrams and scorecards ensures that risks are identified and resolved in real-time. Detailed and relevant risk data is automatically compiled by the MetricStream solution and drives internal audit, regulatory and financial compliance processes (e.g., FERC, NERC, SOX). Quarterly and monthly trending analysis, detailed reports and elaborative dashboards provide a bird’s eye view of the risk scenario. Automated alerts help the risk managers foresee future challenges and manage risks better.

Integrated Document Management System: MetricStream’s integrated document management system with change control capabilities synchronizes compliance documentation and business processes, ensuring availability of data across the enterprise. When fully integrated with a company's daily compliance management activities, accurate tracking of risks and compliance efforts helps the company easily and effectively grow its business and strengthen its operations.

Structured Process for Sharing Confidential Information: MetricStream’s centralized document control system coupled with its rigorous data mapping process enables real time sharing of sensitive data among key stakeholders and support NERC CIP data loss prevention.

Closed-loop Issues Management: The MetricStream solution provides a robust issue and remediation management platform that enables companies to establish and follow mandates for managing nonconformance, adverse events, exceptions, failures, and process deviations. It is a comprehensive solution that enables companies to streamline the development and implementation of remediation and corrective action plans processes across the enterprise. It provides end-to-end exception and change management capabilities to help companies capture problem data from anywhere in their operation, conduct investigation to determine the root cause, manage the entire preventive and corrective process, implement changes, and ensure that the issue is resolved effectively. Powerful analytics and reporting capability with graphical dashboards to track each case from initiation to closure, gives managers complete real-time visibility into the remediation process.