This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Power & Utilities Spotlight — Strategic risks — Enhancing ERM capabilities in a changing P&U environment

Published on: Dec 04, 2014

Download PDFDecember 2014

The Bottom Line

  • At the November 2014 power and utilities (P&U) enterprise risk management (ERM) roundtable, Deloitte and ERM professionals discussed trends, challenges, issues, and opportunities in the P&U sector and adjacent sectors. Participants shared their views on industry disrupters that are affecting P&U entities today as well as on those that may affect utilities in the not-so-distant future.
  • In the context of ERM, disruption is defined as an event or activity that could have a significant impact on the core business model of an organization and may ultimately result in a need to change the way the company does business. Potential disrupters in the P&U sector include customer consumption behavior, technology, regulation, products, and competition.
  • Given the current pace of change in the sector, P&U entities will need to reassess and possibly modify their business models to operate successfully. Such adaptation is linked to understanding the potential catalysts for and barriers to change.
  • Bias is one of the most significant hurdles for companies to overcome in identifying and managing disruption risks, since biases affect an organization’s interpretation of the trends and decision-making process.
  • To mitigate individual and organizational constraints that may affect its decision making, a company may need to establish a systematic process for uncovering and preparing for potential business model disruptions. This process often comprises three stages: (1) discovering, (2) scanning, and (3) preparing.
  • Organizations have different approaches to identifying, monitoring, and reporting high-impact, low-probability risks (e.g., pandemics, system shutdowns, geomagnetic pulses, natural disasters). Some organizations do not consider these risks in detail because they believe that little can be done to mitigate them. Others, however, focus on high-impact, low-probability risks as part of their normal risk identification, evaluation, and monitoring processes.

Beyond the Bottom Line

Overview

Deloitte has hosted a P&U ERM roundtable series for the past five years. The primary goal of this series is to discuss leading practices, trends, and innovative solutions related to ERM in the P&U sector.

More than 40 ERM professionals representing over 35 companies convened at ArizonaPublic Service’s corporate headquarters in Phoenix, Arizona, to attend the fall semiannual roundtable, which was facilitated by Deloitte’s newly formed Strategic Risk Solutions team. Deloitte and ERM professionals discussed trends, challenges, issues, and opportunities in the P&U sector and adjacent sectors. Participants shared their views on industry disrupters that are affecting P&U entities today as well as on those that may affect utilities in the not-so-distant future. The discussion of disrupters also focused on how entities should consider disruption signals in formulating their strategies. Other key aspects of risk management addressed at the roundtable included strategic approaches and tools; practices related to high-impact, low-probability risks; risk reporting; and key risk indicators.

As it had done in the past, Deloitte set the stage for the discussion by holding a brief pre-roundtable poll on the key attributes of an organization’s ERM environment. The poll questions covered companies’ current positions on and activities related to potential disrupters. Questions and poll results were incorporated into the overall theme of the roundtable.

Industry Perspective

Setting the stage for a discussion of how executive management views risk and disrupter signals within an organization, two executives from the hosting utility offered their perspectives on potential signals of technology and regulatory risk disruption and how these signals might herald future changes.

One of the executives identified examples of risk categories within his organization that are directly linked to generation portfolios as well as to transmission and distribution systems. From the standpoint of the power generation portfolio, the regulatory environment has changed significantly. In the past, cost recovery related to new power plants was the norm; in the current environment, however, questions may arise about whether the costs associated with new generation plants will ultimately be recovered. Utilities may therefore find it challenging to determine the right generation mix, since they will need to consider the fleet mix that will be deployed in the future. Similarly, the existing transmission and distribution systems introduce a new level of risk, since those systems will need to be modernized to include a centralized intelligence system that can more predictably prioritize load distribution; at the same time, they will need to consider the distributed generation resources that are being added to the system. Like the cost recovery of generation assets, the recovery of costs related to transmission and distribution is a challenge that was not necessarily part of the older utility model but certainly is becoming so now.

The second executive gave his thoughts on the challenges that utilities will face in the future and on how they will need to respond to these challenges. In addition, he offered his perspective on what the utility of the future may look like. He noted that environmental regulations, increasing potential for limited demand growth, and new rate-making policies will continue to put pressure on electric utilities. Gone are the days when the consistent growth in a utility territory and usage can overcome the inherent inefficiencies of the system. Rather, the model has changed, and will continue to change, the ways a utility must operate. The electric utility of the future will need to consider all facets and systems involved — from the natural gas and fuel sources supplying the generation fleet to the transmission and distribution infrastructure. Such a utility will consider not only the regulatory and environmental framework in which it operates but also distributed generation and other third-party involvement affecting the grid and the system as a whole. In short, the utility of tomorrow will very likely need to be more nimble to adapt to the changing environment.

Industry Risk Disrupter Signals

In the context of ERM, disruption is defined as an event or activity that could have a significant impact on the core business model of an organization and may ultimately result in a need to change the way the company does business. While disruption can be destructive, it is often a creative force. Disrupter signals can prompt a company to innovate, reassess its strategy, redefine its principal business model assumptions, enhance strategic risk management practices, and identify ways to mitigate potential operational challenges.

Thinking It Through

The ERM professionals attending the roundtable offered their perspectives on how industry disruptions will affect their organizations, with more than 90 percent indicating that they expect their companies to modify their business strategies in the near future as a result of such disruptions. In addressing the role of an organization’s ERM programs, more than 80 percent of the attendees indicated that their ERM team is either very involved or somewhat involved in identifying and discussing potential disruptions.

Although ERM professionals acknowledge the potential impact of industry disruptions on their organizations, it appears that a number of ERM programs are not properly equipped (e.g., in terms of organization structure/alignment, competencies, tools, access to data/information) to support strategic risk management activities (i.e., identification, evaluation, monitoring, reporting). In addition, at some companies, ERM functions often do not participate in the leadership discussions at which potential disruption signals and risks are considered (i.e., they do not have a seat at the table).

Potential Future Disrupters

Potential disrupters in the P&U sector include customer consumption behavior, technology, regulation, products, and competition.

Customer Consumption Behavior

One common risk disrupter in the P&U sector is customer consumption behavior. Customer demand for electricity is expected to continue to decline. For example, customers seem to be reducing their energy consumption, transitioning to renewable energy sources, and investing in self-generation. As a result, business as usual may now be anything but.

Technology

Improved technology is another disrupter that may affect the future of entities operating in the P&U sector. For example, utilities used to simply provide a commodity to customers; now, there is more of a two-way flow of electricity and other information between end users and utilities. Use of “smart grid” technology, for instance, may allow electricity providers and customers to better maximize their systems and resources; as a result, their energy consumption patterns may become more efficient and cost-effective. Similarly, because the cost of renewable energy (e.g., solar) is falling sharply, distributed generation (i.e., customers and businesses can generate their own power) continues to be a viable option and may reduce the demand for utility generation assets. Moreover, continued advances in energy-efficient technologies will affect the overall consumption of and demand for power.

Regulation

Regulation may directly affect P&U entities’ future roles and business models — for example, the focus on increased reliance on electricity (i.e., “digital economy”), energy efficiency, environmental protection, managing rising infrastructure costs, opening up the market, and improving energy infrastructure protection at both the federal and state levels. P&U entities may need to change how they manage their fleets and infrastructure as a result of such factors as proposed environmental regulations, the costs that regulatorswill allow utilities to recover, and political pressures related to clean and safe power generation.

Industry Perspective

Like P&U entities, regulators are considering the future of the P&U sector. For example, the New York State Public Service Commission issued a staff report, Reforming the Energy Vision, in April 2014. The report summarizes recent trends that highlight certain stresses and opportunities associated with the traditional utility model.

A number of state regulators have questioned the current utility model, which allows for cost recovery in a rate-making environment. In the future, regulators may place greater emphasis on transparency in a utility’s operations, which may create opportunities for the involvement of new parties. For instance, rather than spending a significant amount on a capital project, a utility may be encouraged by the regulator to engage a third party to implement alternative solutions (e.g., renewable technology, increased distributed generation) that better reflect changing customer consumption behavior. Such a regulator may incorporate incentives that are based on positive behaviors into its rate-making strategy rather than reward behaviors that may be perceived as negative.

Products

The future mix of products available to P&U entities is a possible disrupter. Customers may begin to evaluate whether the current system of electricity supply remains safe, reliable, secure, and affordable. As a result, they may look for nontraditional ways to meet their supply needs.

Competition

Competition may be yet another disrupter. Gone are the days when a utility provided all of the electricity and natural gas in its service territory. Today, emerging technologies, regulatory requirements, and innovative energy sourcing programs are transforming the marketplace into one in which many more players are offering products and services that may directly compete with those of the utilities.

For more information, see Deloitte’s Beyond the Math — Preparing for Disruption and Innovation in the U.S. Electric Power Industry and The New Math — Solving the Equation for Disruption to the U.S. Electric Power Industry publications.

Key Takeaways

  • Although disrupters often negatively affect the P&U sector, they may also be a game-changer that reorders the field and opens new opportunities for companies.
  • While much of the roundtable discussion centered on the future, many disrupters are already affecting the P&U sector (e.g., changing rate-making landscape, growing interest in distributed generation, and shift in customer consumption behavior). Certain P&U entities are already developing and executing new strategies to both defend themselves from, and take advantage of, emerging disrupters.
  • In addition to companies, regulators are evaluating the disrupters and are trying to adapt to the changing business landscape. Investors are similarly assessing the industry disrupters to determine their investment practices and resilience going forward.
  • Historically, regulators, investors, and utilities have sometimes reacted sluggishly to change and potential disrupters. However, the shift from an aging to a younger and more malleable workforce may challenge the status quo and lead to a quest for more innovative solutions.

Adapting a Business Model to a Changing Environment

Given the current pace of change in the sector, P&U entities will need to adapt their business models to operate successfully. Such adaptation is linked to understanding potential catalysts for and barriers to change.

Catalysts for Change

Certain of the existing core competencies will serve a utility well as it adapts to changes in the business model. For instance, a utility with political savvy and regulatory experience may be more able to navigate changes in the regulatory and political landscape. In addition, utilities are generally large employers in the cities where they are headquartered and frequently give back to the community (e.g., in the form of local event sponsorships or maintaining a charitable foundation). Their employees are similarly active in their local communities. Such a reputation is likely to result in a strong brand image and customer loyalty as the business evolves. Further, utilities often operate within a good corporate governance structure under which the current business models are regularly assessed and challenged in light of potential changes and new market opportunities. Utilities also generally have a labor force with substantial talent, which can be an integral part of adapting to potential changes in the business model.

Barriers to Change

However, a utility may also encounter certain barriers to change as a result of its historical business model. For example, a utility’s legacy regulatory structure often limits the extent of the changes it can make to its business model (i.e., the structure may have been developed in response to federal and state legislation that is now outdated). Another potential barrier is the dependence of the current utility system on a cost-intensive infrastructure that may have been in place for decades. Depending on future technological and other advances, a utility may need to change its existing infrastructure and financial reporting practices but may not have the financial means to do so. In addition, investors in utilities are generally risk-adverse and desire steady earnings, dividends, and a low-risk profile. Thus, a utility needs to balance its fiduciary responsibility to its shareholders with the increased risk and potential investor backlash associated with significant changes in the business model. The current corporate culture could be another significant barrier to change, since it could be difficult to change employees’ current mindsets to make them more forward-looking.

Key Takeaways

  • Responsiveness to disrupter signals in the marketplace is directly linked to a P&U company’s success. A P&U company needs to use its strengths as catalysts to respond to the changes that will inevitably occur in the industry, while recognizing and mitigating potential barriers to such changes.
  • There are many possible strategies and associated business models a company can use to navigate changes. For instance, a company can use either a defensive or an offensive strategy. Defensive strategies defend the status quo and are exclusively “up to the meter” strategies associated with electric generation, transmission, or distribution investments. In contrast, in employing an offensive strategy, a company exploits opportunities created by the changing electricity landscape. Offensive strategies can be “up to the meter” or “behind the meter” (i.e., strategies that represent the new frontier of opportunity and associated risk).
  • An organization’s alignment of its strategy and ERM function efforts is critical to proactively managing and monitoring disrupter signals and, therefore, the organization’s strategic risks.

Strategic Risk or Opportunity?

Inherent Challenges to Identifying and Managing Disruption Risks

Bias is one of the most significant hurdles for companies to overcome in identifying and managing disruption, since biases affect an organization’s decision-making process and, often, its business model. Management must challenge the outcomes of a strategic decision as well as the overall impact the decision could have on the company’s success. To this end, managers should aggressively seek out information that contradicts the desired outcome. The entities may need to engage an outside party to assist with this process.

Thinking It Through

In facilitating this discussion at the roundtable, a Deloitte specialist highlighted four of the key biases that companies should consider:

  • Overconfidence bias — Reaction on the basis of gut instincts and overestimation of the extent of one’s current knowledge.
  • Availability bias — Reliance on examples from recent memory as evidence of reality.
  • Confirmation bias — Searching for information that confirms current beliefs and discounting information that may contradict those beliefs.
  • Optimism bias — Assertion that nothing bad will happen and that all plans will work out as intended. (This is perhaps the worst bias of all.)

In addition to biases, the following constraints commonly affect a company’s identification and management of a changing environment:

  • Poor communication — Also known as silos, divisions, and turf wars.
  • Bureaucracy and centralization — Misguided attempts to use processes and hierarchies to control uncertainty.
  • Busyness — For example, endless meetings, conference calls, and e-mails that rob us of the time to think about the future.
  • Group-think — The “organizational consensus” on the future, often perpetuated by yes-men who may be afraid to tell their bosses the truth.
  • Reactive governance — Report-outs, rather than proactive discussion and engagement, are encouraged, often as a result of packed board agendas.

Systematic Response to Addressing the Problem

To mitigate individual and organizational constraints that may affect its decision making, a company may need to establish a systematic process for uncovering and preparing for potential business model disruptions. The diagram below illustrates the interconnectedness of this process, which has three overall stages: discovering, scanning, and preparing.

PU-1214

Accelerating Discovery

A systematic method can accelerate the pace at which companies identify changes in their businesses. Rather than relying on the conventional ways of assessing their businesses, companies should consider the views, experience, and business models of companies in different industries (i.e., the “outside-in” approach). In addition, several tools can help companies accelerate discovery. For example, companies can establish a comprehensive research program to consider the state of affairs in their own industry and other industries. Similarly, organizations can develop scenario-planning strategies to address potential disruptions and changes to their business models.

Scanning Ruthlessly

Because disrupters may be coming from the usual sources, a company should establish plans for identifying, monitoring, defining, and interpreting potential risks and market changes that may affect their current and future business models. To accomplish this task, the company may, for example, leverage information and analysis from both the P&U sector and outside the industry.

Preparing for Disruption

Organizations should have a well-defined plan for mitigating disruption. A company should use this plan to identify new and emerging risks to its business strategy; look for strategic options that will curtail these risks; and strengthen its roles, systems, and governance structure.

See Deloitte’s Deloitte on Disruption publication for additional information.

Key Takeaways

  • Bias is one of the most significant challenges for a company to overcome when identifying and managing disruption risks.
  • To ensure its continued success, an organization should consider implementing a systematic process for monitoring and identifying risks. As part of this process, the organization would often discover, scan, and prepare for disruptions.
  • Two techniques that can be leveraged for identifying and adapting to disruptions include a formal scenario-analysis program and a risk-sensing system. 

Prevailing Practices for Managing Risk

While much of the November roundtable discussion focused on the future, participants also addressed current risk management practices. Specifically, participants discussed their practices for identifying, monitoring, and reporting on high-impact, low-probability risks as well as consideration of key risk indicators (KRIs).

Practices Related to Identifying, Monitoring, and Reporting on High-Impact, Low-Probability Risks

High-impact, low-probability risks (e.g., pandemics, system shutdowns, geomagnetic pulses, natural disasters) are risks that are “unexpected” and could be devastating to a company. A question that was asked at the roundtable regarding identifying and planning for these types of risks was “How do you plan for what you have never seen?”

While some ERM teams address these risks as part of their normal ERM process, others use various approaches to identify them, including (1) scanning media sources, (2) periodically initiating a survey, (3) reviewing industry studies, and (4) facilitating workshops. Entities’ approaches to monitoring and reporting such risks also differ. From a monitoring standpoint, some organizations do not consider these risks in detail because they believe that little can be done to mitigate them. Others, however, focus on high-impact, low-probability1 risks for which there are emergency management implications. Some ERM teams include such risks in a risk register, periodically reevaluating the risk’s significance and updating as necessary. When reporting high-impact, low-probability risks, some ERM professionals include these “black-swan” risks as part of their normal, periodic process of reporting to executive management and the board. Others may report on these risks less frequently or even at ad hoc intervals. The consensus seemed to be that high-impact, low-frequency risks are reported at least once a year to the board, management, or both.

Key Risk Indicators

A KRI is a measure of the potential presence or state of, or trend related to, a risk condition within an organization. When effectively designed and used, a KRI has predictive value and can act as an early-warning signal of possible changes in an organization’s risk profile. At the roundtable, industry ERM professionals discussed the use of KRIs at their organizations.

Specifically, participants offered their views on the potential challenges with implementing a KRI approach. For instance, certain presenters noted that it is often time-consuming to gather information supporting a KRI, since this process often involves others within the organization. In addition, some attendees noted that not all risks are created equal. While certain risks (e.g., many operational risks) can be quantitatively measured (e.g., by being linked to certain metrics), others (e.g., certain strategic risks) are often difficult to assess and measure because little quantitative information is available.

Industry ERM professionals have shown an increased interest in incorporating KRIs into their risk assessment processes (e.g., by developing leading practices for gathering and monitoring necessary internal and external information and data). The use of KRIs results in improved reporting, deeper insights into the underlying risks within an organization, more effective and timely risk mitigation strategies, greater awareness of risk trends, and better decision making. In addition, via the KRI development process, an organization may identify opportunities to enhance its key performance indicators.

Thinking It Through

In a pre-event poll about risk indicators, all respondents indicated that their organizations believe that KRIs should be included in their ERM reporting. Almost half of the respondents indicated that their organization has directly considered KRIs (i.e., some organizations currently have KRIs for their top risks or all of their risks, while others have piloted or are currently piloting KRIs for a few risks). In contrast, slightly more than half of the respondents indicated that while their organization is interested in KRIs, they have yet to adopt a strategy to incorporate KRIs into their ERM program. These statistics reveal that P&U entities are considering KRIs more than they had in prior years.

Understanding Your Audience Leads to Better Reporting

Regarding the mitigation of operational and strategic risks, identifying and assessing these risks is only half the battle. The other half consists of having meaningful discussions with the company’s executives and boards, since they can effect change.

During the roundtable, participants were introduced to Deloitte’s proprietary personality system, “Business Chemistry,” and explored the communications and decision-making preferences and potential pitfalls associated with each of the four personality types:

  • Drivers — Like logic, systems, and laser focus on goals.
  • Pioneers — Like variety, possibilities, and generating new ideas.
  • Integrators — Like personal connection and seeing how the pieces fit together.
  • Guardians — Like concrete details and stability; they respect what is tried and true.

Participants learned that by knowing the personality types and related traits, an ERM professional can develop a “hunch” about key stakeholders. This hunch can help an organization devise a communication plan that will be better received by stakeholders who have the power to make decisions about how to mitigate operational and strategic risks. In addition, knowledge of the personality types can help professionals understand the (1) structure of communications (i.e., formal meeting vs. informal discussion), (2) frequency of communications (e.g., weekly, monthly, quarterly), (3) length and type of communications (e.g., one-page presentation vs. multipage board book), and (4) best way to effect change at the C-suite level.

Key Takeaways

  • Organizations have different approaches to identifying, monitoring, and reporting high-impact, low-probability risks. Some organizations do not consider these risks in detail because they believe that little can be done to mitigate them. Others, however, focus on high-impact, low-probability risks for which there are emergency management implications. In the context of risk identification, “low probability” can be viewed through different lenses. Some may view these risks as an inherent part of the organization, while others may view them as residual risks that exist after controls are considered.  
  • More and more companies are incorporating KRIs into their risk management process to better understand and identify the risks they face (e.g., by measuring internal and external quantitative and qualitative information).
  • It is important for organizations to establish a communications and reporting system so that those at the company who can effect change (e.g., stakeholders, executives) understand the implications of these risks.
  • Understanding an individual’s business preferences, such as communication style, decision-making style, and risk tolerance, can make the ERM process more effective and is the first step in creating business chemistry.

Thinking Ahead

The Deloitte P&U sector team will continue to monitor current and future ERM-related activities. As an industry leader, Deloitte will continue to host these roundtable events so that P&U ERM professionals can share prevailing practices with others in the industry. The next ERM roundtable is tentatively scheduled for March 2015 and will be held at NextEra in Juno Beach, Florida. Keep an eye out for the pre-roundtable survey, since the results of the survey will be a catalyst for discussion at the March roundtable. For more information about this roundtable series, please contact or reach out directly to Dmitriy Borovik at dborovik@deloitte.com.

____________________

1 In the context of risk identification, “low probability” risks can be viewed through different lenses. Some may view these risks as an inherent part of the organization, while others may view them as residual risks that exist after controls are considered.

Download

Related Topics

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.