hydro

Applied Corporate

Finance

Hydro One Case Study Report

SPRING SEMESTER 2011/2012

Group #3:

Francisco Martins #439

Guilherme Lopes da Costa #421

João Miguel Bragança #457

Rui Coelho #425

Sara Loureiro #996

APPLIED CORPORATE FINANCE HYDRO ONE CASE STUDY REPORT

NOVA SBE APRIL 2012 2

CONTENTS

I. Executive Summary ......................................................................................................................... 3

II. Problem Statement ......................................................................................................................... 4

III. Risk Management ........................................................................................................................ 5

Risk Management Practices in Non Financial Institutions .............................................................. 5

The Importance of Managing Risk ................................................................................................... 5

Three Ways of Managing Risk ......................................................................................................... 6

IV. Hydro One’s Risks ........................................................................................................................ 8

Operational Risks ................................................................................................................................. 8

Regulatory Risks ................................................................................................................................ 10

Strategic And Financial Risks ............................................................................................................. 11

Overall Assessment ........................................................................................................................... 12

V. Risk Management at Hydro One – ERM Process ........................................................................... 13

ERM Process ...................................................................................................................................... 13

Global STrengths and Weaknesses of the ERM Process ................................................................... 16

VI. ERM Suitability in a Different Framework ................................................................................. 19

Large vs. Small Company ................................................................................................................... 19

State Owned Company vs. Private Company .................................................................................... 20

VII. Recommendations .................................................................................................................... 24

VIII. Appendix .................................................................................................................................... 25



I. EXECUTIVE SUMMARY

Hydro One is monopolistic, state-owned company, created in 1998, that distributes and transmits

electrical power across the Ontario province. Due to the nature of the service it provides, the

company presents a great degree of systemic risk for the overall economy, which led, in 2002, to the

Toronto Stock Exchange forcing it to adopt an Enterprise Risk Management (ERM) process, together

with measures involving cost cutting, performance measurement and strategic planning. Hydro One,

however, kept on using this ERM process even after it legally required to do so.

This continuous adoption of ERM has to do with the successful results the process has had in

identifying the main risks undermining the company’s strategic goals (Focus on Customer

Satisfaction, Cost Reduction & Margin Improvement, Safety, Quality, Financial Stability and Growth).

Main risks identified were, operations’ wise, safety issues related with the dangerous working

environment, as well as the conditions of the assets (aging) and the limited physical capacity. As for

regulatory issues, regulatory uncertainty related with environmental matters seems to be the most

pressing matter, especially given the impact it could have eventually have on the company’s

operational model. Finally, considering strategic and financial risks, the most relevant have to do with

the governance issues and overall conflicts that appear as a result of the Government’s interference,

which may prevent the success of the growth strategy it plans to undertake.

Given the growing importance of some of these risks, Hydro One had to undertake one the following

actions: increase its level of buffer, in the form of equity, forego its current strategy or associated

flexibility (credit rating), or implement risk management practices, which is where ERM comes into

place. After unsuccessfully trying to increase the level of equity through an IPO, the company

decided to focus on risk management practices, hence the continuous adoption of the ERM process.

On this regards, our analysis has then led us to conclude that ERM is the best risk management

approach for the company given the fact that ERM is a transversal process to the entire organization,

involving people in a bi-lateral way (by collecting their inputs and sharing its results), and given the

fact that it paints a big picture of the risks of the organization as a whole, rather than segmented,

separate ones. As a result, and despite the fact that there is still some room for improvement in the

process, we believe this is a better approach than a more qualitative based approach such as VAR,

considering the type of risks Hydro One is exposed to, which are poorly measured by analytical

models. In addition, we have also concluded that ERM would remain a suitable risk management

practice for Hydro One even if it current framework were to change, whether that may be if the

company size increases any further (following the company’s growth strategy) or if the company

becomes private (following it failed IPO attempt), as long as the company recognizes the differences

that both changes would entail and adapt the process accordingly (the main one being the different

perceptions strategic and financial issues have if the company becomes a private one).

It is therefore our recommendation that this ERM process continues to be further pursued by the

company, who should ensure that the process keeps on being suitable to properly capture all the

risks the company might be exposed to. This involves further improvement of the process in

technical matters (e.g. aiming for Quarterly, rather than Semi-Annually Corporate Risk Profiles), and

understanding that different frameworks imply a few modifications in the process to ensure its full

effectiveness, which basically means being ready to adopt the process with the involving conditions

of the company.



II. PROBLEM STATEMENT

Hydro One is a Canadian company which operates in the transmission/distribution energy sector and

is wholly owned by the Province of Ontario. When Hydro One, in 2002, first thought about entering

the Toronto Stock Exchange through an IPO, it had to make a series of changes in its policies, in order

to comply with a series of requirements imposed by the market regulator. This measures involved

cost cutting, performance management, strategic planning and, most of all, the implementation of

an Enterprise Risk Management (ERM) system. Despite the failure of the IPO, due to a successful

lawsuit made by the employees’ trade union, the ERM process was never abandoned, as, through its

integrated view of the company, it gave much better results in assessing the company’s overall risk

profile than the previous separate assessment of each risk.

When looking at the situation described above, there is one fundamental question that must be

answered which is whether or not the current risk management practice employed by Hydro One,

the Enterprise Risk Management (ERM), is adequate to properly capture the risks faced by the

company.

In order to be able to elaborate on this, we start by briefly elaborating on the importance of risk

management practices on a corporate level. We then move on to look into the various types of risks

currently faced by the company in light of their planned strategy. Bearing these risks in mind, we

then dwell into the strengths and weakness of the ERM procedure by looking at each of its phases

individually and establishing whether or not they properly capture the aforementioned risks. Finally,

we take a forward-looking approach and evaluate whether or not ERM would remain the appropriate

tool for Hydro One to capture its sources of risk if the characteristics of the company were to change

(specifically, in terms of size and in terms of changes in shareholder structure).



III. RISK MANAGEMENT

Risk Management Practices in Non Financial Institutions

Nowadays, more and more companies require from its board members and its managers that they

are not only capable successfully formulating and implementing a strategy for the firm, but also that

they deal with the eventual threats the company may face. Dealing with these uncertain events

involves not only being aware of the risks the company might face, but also of the potential damage

they are likely to cause, as well as the way to implement effective mitigation techniques. It is the

joint of these actions that constitutes risk management.

This process, of assessing what kind of risks a firm is currently facing as a result of each of its strategic

objectives, as well as the estimated amount of damages these might cause, is a very complex and

non-linear one. In fact, contrarily to financial institutions, where the distribution of outcomes1 tends

to behave close to normality (although with tails usually fatter than the normal distribution function

implies – platykurtic distribution), non-financial institutions’ outcomes (thus resulting risks) cannot

be properly described by a Normal distribution. This is a result of the “misbehaved” properties that

these outcomes present, such as huge spikes with low probability of happening, large asymmetries in

the distribution and the existence of correlations between the different outcomes that contradict the

i.i.d. variables hypothesis. In fact, these risks would even be better described by a discrete

distribution.

As a result, quantitative-focused models, such as the computation of the Value-at-Risk for a certain

confidence level, which most of the times work well as risk management tools in financial

institutions, cannot be applied, as these fail to properly take into account all the relevant information

– it is very hard to model this type of risk, as it does not fit well with any of the usual statistical/

econometrical tools available. This implies that a more qualitative approach to risk management

must be taken – this is why a global, people-involving process that is transversal to the entire

company and raises awareness through all relevant divisions, such as ERM, is of the utmost

importance for a company like Hydro One.

The Importance of Managing Risk

Defining its strategy and working in the way of its implementation is a basic premise for any given

company. Depending on the strategy pursued, companies will be submitting themselves to a given

level of risk which, as we have just discussed, will be extremely hard to fully measure if we are not

talking about a financial institution. If we assume, however, for the sake of the analysis, that VAR is

actually an acceptable model of risk, then its value will tell us the amount of capital we need to cover

95%2 of our possible losses. This means that the amount of equity present in a company will work as

a sort of buffer, which absorbs downside periods.

This allows us to understand a very important relationship between strategy, capital structure and

level of risk. However, before exploring this relationship, let us add yet another ingredient to these,

which is the degree of flexibility involved in any strategy. In real life, where asymmetries of

information dominate virtually any business or financial transaction that happens, the degree of

1 Usually summarized through returns.

2 Or other desired confidence level.



flexibility associated with a strategy is captured by the rating given to a company by a credit rating

agency.

Bearing these four elements in mind (strategy, credit rating, capital structure, level of risk), we can

now understand the link between all the main decisions that a company has to make. The basic

premise here is that they are all interconnected, and so, when one of them changes, another one (or

a combination of them) will have to change accordingly as an adjustment. Let us consider the

example that is the most relevant to us, which is that of an increase in the level of risk. If the risk that

a company is exposed to increase, the company can either:

Change its strategy;

Allow for a reduction in the degree of flexibility associated with that strategy (lower credit

rating);

Increase the buffer associated with the risk, which means increasing the equity, thus

changing the capital structure;

Mitigate or Transfer Risk, so that it falls back to lower levels.

It is essential to point out the difference between the three first scenarios and the last scenario.

Whereas in the first three the company is assuming the risk it bears, in the last scenario it is taking

action to mitigate such risk. The first one would mean that the company’s distribution of outcomes

(and risk) would remain unchanged, whereas the last one would actually represent a narrowing

(lower weight of the tails) of the distribution. Both represent forms of risk management, with the

difference being that whereas in one case the company actually tries to combat the risks, in the

other one it decides to proceed despite them.

Three Ways of Managing Risk

As was just referred, knowing the approximate amount of the damages it may be facing in the case of

a negative outcome; there are three ways through which a company can try to control the risks it is

currently facing:

Identify and assume the risk;

Identify and transfer the risk to third parties;

Identify and mitigate the risk.

The first one refers to the instances previously mentioned concerning changes in capital structure, in

strategy or in flexibility of that strategy, with the most standard approach being for the company to

hold enough equity in its balance sheet so that if a certain negative event occurs the company is able

to withdraw those reserve funds and cover for the loss which it initially suffered. Sometimes,

however, the company does not have enough equity to cover for this risk or does not want to have

that much capital tied up in reserves. At the same time, altering the company’s strategy or allowing

for a reduction in the credit rating are typically also undesirable outcomes, which the company tries

to avoid. In these cases, a more active management of risk is necessary, which is where the

remaining two options come into the picture.



Indeed, the second option refers to the fact that a company can transfer the risk to a third party, who

is willing to cover for it, as long as a certain premium is paid, typically through hedging or insurance.

The third option is to impose stronger controls on the daily functioning of its activities, thus imposing

a more risk-averse approach to its investment opportunities and narrowing the distribution function

of the possible outcomes – mitigate the risk. Both of these approaches imply a lower probability for

abnormal positive returns, but most of all, since these tend to be outcomes negatively skewed,

significantly reduces the “black-swans” on the left tail, thus reducing the necessary amount of capital

to buffer for unexpected losses, allowing the capital structure, the strategy and the flexibility to

remain unchanged.

By knowing this, it is easy to see how Hydro One’s management team actions correspond to a

constant attempt to manage their risk. The first one is the IPO attempt, which was meant to find

enough resources to cover for eventual large drawbacks in its strategy policy. This therefore falls into

the first way of managing risk, which is to alter the capital structure to assume said risk. When the

IPO eventually did not go through due to the court’s decision to support the trade union’s request,

the company, not willing to change its strategy or give up on its desired credit rating (flexibility), had

to come up a with a way to either transfer or mitigate said risks. This is where the imposition of

controls in the company comes into the picture, showing that the company decided to go for a

mitigation attempt of these risks. It is important to mention on this matter that since most of the

risks faced by the company, such as the reputation risk, were risks that could not be eliminated

through diversification or financial instruments (such as hedging or insurance), the controls had to be

implemented on an internal level, transversal to the whole company.

In any case, what both this theoretical discussion and the concretization into Hydro One’s specific

case shows us is that risk management is intimately connected with the main strategic and financing

decisions of a company. Our first fundamental question, regarding why did Hydro One kept using a

risk management practice even when it was no longer legally required to do so, is therefore

answered. Indeed, risk management procedures improve the robustness of capital expenditures and

of strategic decisions, as they imply a collective decision-making process. In Hydro One, where ERM is

in place, investments do not solely focus on the expected return they can potentially yield, but also

on the risk mitigation characteristics they can potentially have (greatest overall risk reduction per

dollar spent), meaning that sectors and operations that have a higher risk will likely receive a higher

investment weight. This shows the great importance of risk management for a company.

In addition, our discussion has also showed us that regardless of the approach chosen to manage risk

(assume the risk, mitigate the risk, transfer the risk), the very first step of the process will have to be

identify the risks faced by the company, so that the appropriate course of action for its management

can be decided. This is why in the next section we will be dwelling into the risks currently faced by

Hydro One, so that in the section after we can dwell into the risk management practices this

company employs.



IV. HYDRO ONE’S RISKS

As it was just mentioned, the next logical step in order to perform our assessment regarding the

suitability of Hydro One’s risk management practices is to understand which risks Hydro One is

subject to. Only by doing this, can we then understand if the current risk management practice

properly captures these risks or not.

The main sources of risks faced by the company depend heavily on Hydro One’s defined strategic

goals. It is, therefore, paramount to identify the main cornerstones of Hydro One’s strategy:

Focus on Customer Satisfaction (Reputation), aiming to achieve 90% customer satisfaction

across all segments (it will become crucial to understand that, when considering this

objective, the reputation of the company will play a key role, as customer satisfaction will be

greatly influenced by their perception of the company)

Cost Reduction & Margin Improvement, while at the same time achieving a top quartile

employee productivity and operating efficiency position, as well as negotiate a long-term

deal with unions

Safety, aspiring to have the best safety record in the world

Quality, intending to be a top quartile transmission and distribution reliability company

Credit Rating (Financial Stability), seeking an “A” credit rating that will ensure its credit

worthiness

Growth Strategy, through organic expansion (rather than straight acquisitions)

We will be looking at the risks faced by the company by grouping them in three different sections

according to the source of risk we are dealing with. First, we consider the risks that arise from the

company’s operations (low level internal decisions). Secondly, we look at the risks that appear from

changes in regulations (external factors). Finally, we dwell into the risks that come from the

company’s strategic and financing decisions (high level internal decisions).

OPERATIONAL RISKS

Workforce Engagement and Demographics

One of the main types of risks involved in this category is the fact that Hydro One’s workforce is not

entirely engaged, which is shown, for instance, by the frequent strikes. This is a direct result from the

cost reduction strategy undertaken by the company, which has led to a significant downsize of the

workforce. Moreover, there is also an issue related with unfavorable demographics that create

difficulties for Hydro One to find the right skilled people when it needs to hire them. As a result of

both these factors, the company undertakes a cultural change as each worker is expected to work

more.

This impacts essentially two cornerstones of Hydro One’s strategy. For starters, by having a

workforce that is less engaged and thus less productive, operational efficiency is directly affected,

which will lower the potential for margin improvement. On the other hand, the company’s

reputation will also be harmed, which will affect customer satisfaction. This is especially relevant if,

besides the strikes, we also consider the controversial replacement of the company’s CEO, which all



together have led to an excessive exposure of Hydro One across the media, prompting the company

to become a target of public watch, thus increasing its chances of being harmed by negative

reputational issues.

Asset Condition (Aging Assets)

Another very relevant risk for Hydro One is the deteriorating conditions of its aging operating assets.

This is a very important risk for the company as it can potentially have impacts on almost all strategic

goals of the company. The most obvious effect is perhaps on the potential for margin improvement,

as higher maintenance costs will compromise a higher profitability. On the other hand, low quality

transmission and distribution assets are also likely to undermine the company’s goal of being a top

quartile transmission and distribution reliability company. Finally, and perhaps most importantly,

aging assets are more prone to accidents, which would not only undermine the safety strategic goal

of the company, but would also harm the company’s reputation, thus affecting customer satisfaction

indirectly.

Limited Physical Capacity

The limited physical capacity for transmission and distribution of electricity is also a very relevant

risk. In fact, as Hydro One has a limited capacity, its supply of electricity will also be limited, which

may potentially lead to a demand that is not fully met by the supply it can provide.3 This situation

tends to worsen in peaks of weather when demands grows above its normal levels without a

correspondent increase of supply, a situation that tends to be more and more frequent given the

climate changes.

On top of this, the response given by Hydro One to this limited physical capacity has been to try to

control demand (specifically by introducing real-time monitors) which may ultimately lead to

modifications in customer behavior that pose, in themselves, as risks. For instance, if households

start generating their own electricity and try to sell them back into the system, the operating model

currently employed by Hydro One would be inappropriate to deal with this, thus posing a very

relevant challenge for the company’s future operations.

Overall, the main implications of these risks relate with customer satisfaction, which will be harmed

if Hydro One cannot meet customers’ demand, as well as with the quality of the service itself, which

will be poorer in case demand cannot be fully met.

Reduced Suppliers Bargaining Power

Another risk that may potentially undermine the strategy of improving margins is the fact that the

soaring demand from China and the other emerging markets leaves Hydro One’s suppliers better off

and less dependent on Hydro One, thus lowering the company’s bargaining power, which may

ultimately lead to higher costs. This, obviously, impacts the company’s strategy of improving its

margins.

3 As will be explained in the next section, this is also largely influenced by regulatory issues.



Catastrophic Events

Hydro One has been suffering every year with the effects of catastrophic events, particularly the

damages caused by tornados which have hit the company’s transmission/ distribution facilities at

least once a year in the recent present4. This is, therefore, a quite important risk, with implications on

the company’s safety goal (accidents being much more prone to happen than in usual

circumstances); quality goal and customer satisfaction (overall quality of the service likely to be

affected), as well as financial stability (need to have a financial structure that is flexible enough to

allow the company to sustain the losses caused by these events).

Dangerous Operating Environment

As a result of the very nature of the business in which Hydro One operates, the operating

environment faced by the company may be regarded as a dangerous one. In fact, not only are the

company’s facilities “electrically energized, [thus] representing a threat to employees, contractors

and the public”5, but the lands owned by the company also contain chemicals that may lead to

environmental contaminations if there is an accident in an operation. These risks have very strong

implications not only for the customer satisfaction goal, but also (and most importantly) for the

safety goal, as safety can be seriously undermined by this risky operating environment.

IT

As most companies, Hydro One’s operations rely more and more on IT, which means that the risk

associated with IT has also been increasing during the last years. In fact, a failure in the IT systems of

the firm may severely harm not only the quality of the service (which indirectly would also harm

customer satisfaction and reputation) but also prevent margin improvement if extra costs are

incurred due to these failures.

REGULATORY RISKS

Lower Distribution Rate

Regulations concerning a lower distribution rate allowed to the company are a very important risk in

the sense that these worsen the aforementioned difficulty the company currently faces in meeting

the demand for electricity. Again, customer satisfaction will be harmed by this.

Regulatory Uncertainty on Environmental Areas

The uncertainty concerning regulation focusing on environmental areas (climate change, carbon

emission, use of renewable energies) is also a major source of risk for Hydro One. For instance, if new

regulation arises imposing the usage of wind power, Hydro One would significantly need to alter its

current operational model to a new one visibly characterized by lack of knowledge and uncertainty

(e.g. the uncertainty about when the wind will be blowing would impose challenges on the 4 Tom Aabo, John R.S. Fraser, Betty J. Simkins, “The Rise and Evolution of the Chief Risk Officer: Enterprise Risk

Management at Hydro One”, Journal of Applied Corporate Finance, A Morgan Stanley Publication, 2005

5 Tom Aabo, John R.S. Fraser, Betty J. Simkins, “The Rise and Evolution of the Chief Risk Officer: Enterprise Risk




transmission practices; the absence of an effective method for storing wind-generated electricity

would pose a threat for the storing practices). This risk is actually exacerbated by the current re-

election programs which vastly feature energy savings and environmental conservation initiatives

which, if developed further, would negatively impact the company’s revenues and earnings, as well

as its long term sustainability and operational model.

This type of risk therefore affects not only the company’s margins (by changing the operational

model as a whole), but also the quality of the service, as well as the safety practices it would need to

verify. On top of this, financial stability would also be majorly affected.

STRATEGIC AND FINANCIAL RISKS

Ownership Issues Growth-Related

Growth is, as explained, one of the cornerstones of the company’s strategy. Yet, it also is, at the

same time, a source of risk. Specifically, there are ownership issues related with this strategy that

pose as significant threats for the company. This has to do with the fact that Hydro One is a

government-owned company, which means that its strategy of growing, or not, will tend to be

determined not by the organic (internal) needs of the company, but instead by how this strategy fits

the current government’s agenda (for instance, it may be the case that a growth strategy is

postponed or anticipated given the fact that an election will take place). This means that ownership

issues will arise.

This will have implications on the success of the company’s growth strategy, as it is easily

understood, but also on the financial stability of the company. In fact, governance issues are often

one of the factors to which credit rating agencies look the most when deciding on the rating of a

company.

Financing Difficulty Concerning Infrastructure Buildin g Program

Hydro One is currently planning on setting into motion a large infrastructure building program as part

of its growth strategy. However, there remains a great deal of ambiguity as far as the financing of this

program is concerned. Depending on the financing scheme selected, the financial stability of the

company may be affected, as well as the success of the growth strategy itself.

Macroeconomic Factors

The various macroeconomic factors which affect the company’s performance are also a very

important source of risk for the company. On this matter, we can identify the price of commodities,

the exchange rates, the interest rates and the exposure to credit risk as the most relevant

macroeconomic factors whose fluctuations the company is exposed to. Adverse fluctuations of these

macroeconomic factors will undermine the financial stability of the company and potentially harm

also the strategy of margin improvement.



OVERALL ASSESSMENT

As we have been discussing, Hydro One is exposed to a large number of risks that come from its

operational activities, potential regulatory changes and strategic and financing decisions. On the

operational side, we highlight the safety risks related with the dangerous working environment, as

well as the risks related with the aging assets that impact transversally almost all strategically goals of

the company. As far as regulatory issues are concerned, regulatory uncertainty related with

environmental matters seem to be the most pressing risk for Hydro One, especially given the impact

these could have, eventually, on the company’s operational model. As for strategic and financing

risks, we highlight the governance issues and the overall conflicts that appear in the company as a

result of the Government interference, which may prevent the success of the growth strategy that it

plans to undertakes. Exhibit 1 in the Appendix summarizes all the main risks that were analyzed, as

well as the potential impact these might have on each strategic goal of Hydro One.

The link between these risks and the strategy followed by the company is not only very tight, but it is

also bi-lateral, in the sense that not only will these risks drastically impact the company’s strategic

goals, but they also arise, to some extent, because of such strategy. It is therefore paramount to have

a mechanism that properly identifies all these risks and that allows for their prioritization



V. RISK MANAGEMENT AT HYDRO ONE – ERM PROCESS

Having grasped the risks that Hydro One faces given its current strategy, we can proceed to analyze

the risk management practice followed by the company, which is the ERM process, so that we can

understand if it properly captures these risks or not. We start by briefly looking into each of the

phases of the process individually before performing an overall assessment of its adequateness given

Hydro One’s current setting of risks.

ERM PROCESS

Hydro One was the company responsible for first developing and implementing the Enterprise Risk

Management (ERM) practice. This risk management program came as the result of a successful pilot

test run by Hydro One’s Corporate Risk Management Group, which was constituted by the Chief Risk

Officer, John Frasier, and two professionals with specialization in engineering and organizational

effectiveness. Were it not for the tremendous effectiveness that it had within the firm, this would

probably not be such a broadly used risk management tool nowadays.

The ERM process at Hydro One was designed to be a three-phase program where phase one

consisted of giving risk workshops and selecting the most relevant risks applying the Delphi Method;

phase two consisted of reviewing the Corporate Risk Profile; and phase three consisted of in a risk-

based investment appraisal and planning.

Phase One: Workshops and the Delphi Method

The Phase One of the ERM process starts with the Corporate Risk Management Group collecting the

opinions from several managers regarding their assessment of the main risks currently faced by the

company. These results are then compiled into a list of 60-80 main risks and forwarded to the

business units’ managers, which are asked to select those they believe to be the 8-10 that are

currently more relevant to the company. The risk management team later narrows this existing risk

list into the 10 that were considered by the majority to currently be the most important ones.

One advantage of this practice is that, as it is a dynamic rather than a static process, it allows the

company to focus their efforts on only debating the risks that are still currently being faced by the

company. Were the discussion to be focused always on the same predefined risks, resources and

time would most likely be wasted discussing threats which might have already been mitigated by the

company. Yet, a weakness of this method is that it relies on the managers’ ability to identify the most

important risks, which means that if the management team is in some way shortsighted in their

assessment, then this will lead to the disregard of risks which might eventually prove to be crucial for

the company’s future.

Having gathered the top 10 risk list, the risk management group has now all the necessary

information to properly conduct the workshops, which proceed as will now be described. After the

Risk Officer announces this short list in the beginning of the workshop, participants are asked to

confirm if these are actually the most important threats that need to be accounted for or if there is

any other that they would like to add to the discussion. After being discussed one by one, the risks

are then subjected to a voting process. This voting process is based on the Delphi Method, which was

a process developed by the RAND Corporation in 1964 to generate expert collective decisions. By

making use of iterative anonymous voting technology and providing a controlled feedback, this

method tries to remove the “follow the leader” and the “reluctance to abandon previously stated



opinions” syndromes that are usually present in group meetings, as anonymity prevents the pressure

of choosing a specific decision when voting6. In addition, by facilitating group discussions, this

method tries to mitigate the biases usually associated with single experts’ decisions.

The voting process starts with each manager assigning the possible impact they perceive a certain

risk can have, using a five-point scale ranging from Minor(1) to Worst Case(5), based on their specific

expertise. This means that, for example, a executive whose main area of work is the financial sector

of the company will take into consideration more the impact that a certain event might have on the

financial performance of the company, while a manager responsible for sales will be more concerned

with the effects that it might have in the firm’s relationship with its clients.

After this initial voting, there is usually another debate regarding the causes and the consequences

associated with the risk in discussion, and only after this discussion is finished will there be another

voting. This is an iterative process, as it will only finish when there is a broad consensus about the

true magnitude of the risk.

In what concerns the existence of a debate at this stage, although this is essential to narrow the

range obtained in the initial voting process and allow for the convergence of different opinion, it

might also induce a “follow the leader” syndrome, as managers with the greater ability to persuade

the others will eventually bias the decision towards their respective division’s risks. In our opinion, a

feasible solution to reduce these biases would be to have these discussions occurring electronically

rather than personally, as these would reduce the influence of emotion (thus the arguing power of

each speaker) and also reduce possible conflicts of interests that may arise in the discussion.

Another problem with this type of voting system is that, although including different sectors gives a

more complete perspective of the overall situation, sectors of the company with bigger percentage

of employees will have a bigger influence in this “democracy” , as they will have more votes. This

results from the fact that people will tend to bias their views towards their daily activities operations.

A possible improvement to this would be to give each sector an equal weight in the voting process,

by making some votes count more than others.

Another point worth looking at is the exclusion of the internal auditors of the process. Although this

might be enhance employees’ freedom of expression, we also believe their presence would add

value to the process as they are among the employees that have a more accurate idea of the true

situation of the company’s current operations. This, therefore, constitutes a flaw in the process, as it

will not allow them to express their views and influence the final risk assessment of the main issues

threatening the company. A possible correction to this situation would be to have internal auditors

being able to participate by giving their inputs to the discussion and answering questions, without

having them being able to listen to the remaining discussions.

Coming back to the process itself, after establishing the possible impact of each threat, managers are

asked to compute the worst possible outcome risks might have within 2-3 years and the probability

of that happening, for all threats which are considered to have a possible impact higher than Major

(3). The advantage of computing the worst possible outcomes, instead of building the expected

probability distribution function with the correspondent outcomes, is that it allows the control of

major risks without having to waste time in complex calculations. In addition, since outcomes of a

6 Morgan Stanley Paper



non financial firm do not follow any known form of distribution function7, several mistakes would

likely be made while trying to model mathematically unknown distributions. Worst case scenario

analysis, on the other hand, prevents the underestimation of the risks, as it represents an upper limit

for eventual losses, in addition of not being dependent on assuming a given distribution function.

After taking into account all the controls that already exist within the company to account for that

type of risk, a “Champion” is assigned among managers, who become responsible for overseeing all

the actions associated with managing that type of risk. The big advantage of the nomination of this

“risk-owner” is that, although all employees continue to have responsibility in every risk

management activity, there is now a person responsible for overseeing and coordinating the existing

controls and future initiatives associated with a certain threat and so it is easier to coordinate all the

efforts being made. The weakness, however, is that, since the person who will be primarily held

responsible for the failure of certain risk controls is the “risk-owner”, the other employees might not

have the right incentives to dedicate themselves one hundred percent to doing everything in their

ability to manage the existing risks.

The Phase One of the ERM finishes with the drawing of a risk map where all the risks are plotted

ranked accordingly to three different factors: magnitude of the risk, probability of the risk happening

and size of existing controls. The main strength of this risk map is that it allows to the top

management team to easily understand the main threats facing the company, as well as what are the

areas where the necessary controls have already been implemented and the ones that need further

development. The disadvantage of this map is that it merely provides a quantitative measure of the

risks currently being faced by the company, thus leaving out qualitative information that might be

crucial in the definition of the most appropriate path the company must follow in order to continue

operating safely.

Phase Two: Review of Corporate Risk Profile

Phase Two of the process consists in the drawing of a document with the company’s Corporate Risk

Profile, which is updated every six months, based on all the information previously gathered in the

workshops, as well as in a series of interviews with the top management of the firm. The main goal of

this phase is to create a simple report where the top management of the firm is able to quickly view

how all the relevant events since the last semester have affected the company in terms of its risks.

This allows them to more easily control the different risk management practices being implemented

within the company and concentrate in the issues that still need to be addressed in greater depth.

The main weakness of this process, however, is that it only happens semi-annually, thus implying a

time interval of six months between each Corporate Risk Profile review, which is a period that might

prove too long in the case there are important risks that come up in the meanwhile and need to be

dealt with rapidly. As such, the publication of Quarterly Corporate Risk profiles would probably be a

more adequate risk management practice.

Phase Three: Risk-based Asset Planning

The Phase Three of the ERM process regards the application of a risk-based capital allocation system

called “Bang for the Buck”. This system consists on ranking the existing possible risk mitigation

projects based on their risk-per-dollar value, obtained by dividing the risk for the company if the

7 As deeply elaborated in section III.



project is not done8 by the implementation cost of the project. With this ranking, top management is

then able to better allocate the existing capital expenditures to the projects that display a higher risk

mitigation-cost ratio.

This process also allows the division of the projects of the company between those that bear a

minimum level of risk for the company and those that represent an intolerable amount of risk. As

result, even though a project with intolerable amount of risk might have a lower ratio than one with

minimum risk due to its high comparative cost, the former will be preferred, as the company can

most likely not allow the persistence of that type of risk. The main disadvantage of the “Bang for the

Buck” approach is that it does not consider the possible returns of a project but only its risk

mitigation. As result, if the company has limited resources which must be allocated either to project

which gives good returns or to other which mitigates important risks, there is no criteria which allows

the top management to decide which project will add more value to the firm.

GLOBAL STRENGTHS AND WEAKNESSES OF THE ERM PROCESS

As stated, before to the development of the ERM process, most firms regarded risk management as

series of separate risk assessments of the different factors threatening the company’s performance.

The creation of the ERM process completely modified this fragmented approach to risk management,

by integrating all the risk management tasks into a single global evaluation of the company’s risk

profile. Indeed, with this single global evaluation, this enterprise-wide approach enables regulatory,

strategic, operational, and financial risks to be managed and aligned with our strategic business

objectives.9 Bearing this in mind, it is of the extreme importance to complete the analysis of the

process that we did by mentioning the strengths and weakness of each of its steps by dwelling into

the overall advantages and disadvantages that this entails for a company.10

Benefits

To begin with, from a finance perspective, the first topic that should be raised is that a company

which puts in place ERM is likely to achieve a more favorable rating (which, as stated in section III,

relates with a greater strategic flexibility), as credit rating agencies have a positive reaction towards

the implementation of such a careful risk management process, thus allowing it to achieve a lower

cost of debt. An evidence of this is the fact that in 2000 the company received a higher rating than

anticipated while making its first debt issuance, with analysts actually stating ERM as a significant

factor in the ratings process for Hydro One.11

An extension of this argument can be made in the fact that analysts are not the only ones who

perceive a business with a consistent risk management system in place as a better managed

8 The risk for the company if the project is not done is obtained through an evaluation, in a five-point scale, of

the associated combination of the following factors: magnitude of the risk, probability of the risk happening and size of existing controls.

9Hydro One Annual Report 2006

10 The previous section elaborated more on the technical aspects of the process, such as voting procedures,

whereas here the idea is to look at the overall results, both positive and negative, of the process.





business, but that other stakeholders such as investors, regulators and the press, will also feel

reassured with such a system, which will ultimately have positive impacts in the company’s results.

Another consideration is that, as previously described, with ERM in place, a company allocates capital

expenditures in order to achieve the greatest mitigation of risk per dollar spent, and therefore it will

more likely achieve its optimal portfolio of capital projects, while getting a better understanding of

which risks can be pursued better than its peers. At the same time that projects are managed, land

mines are also easily spotted and avoided since the risk identification involves different phases and

different people are part of each of them, reducing the likelihood that these are actually pursued.

Corporate Governance procedures are also improved with this system as best practice guidelines are

followed. For instance, Hydro One has effectively moved from Board Committees wondering why

were risk reports being brought to their attention to them actually expecting such information in a

routine way. Moreover, non executive directors at Hydro One have even recognized that Hydro One

is ahead of other companies on whose boards they sit when it comes to corporate governance and

risk management practices.12

Another key result is that, since ERM is based on a bottom-up process, it also contributes to give

employees and middle-management a broader view of the company’s overall strategy, thus

increasing their ability to play an important role in the execution of the daily risk management

activities of the company. Indeed, the program is implemented in such a way that everybody in the

organization is part of the process, resulting not only in an increased employee contribution in

recognizing the various risks the company is facing, but above all in letting employees become aware

of them in a broader base resulting in a shared sense of responsibility within the whole organization.

This concept, of shared responsibility, seems to fuel, to a great extent, employee motivation, as there

is no more such a concept as risk-owner, but instead everyone is engaged towards the optimal

balance risk/return. Additionally, throughout the process other key motivational concepts are

reinforced, such as the general understanding and alignment of the company’s strategic objectives.

Therefore, the overall impact on the company’s culture is certainly a positive one. In fact, Hydro

One’s top management believed that ERM have led to an impressive change in company’s corporate

culture.13 Confirming Hydro One’s success in making risk management everyone’s responsibility, in

2002, the company received the Sir Graham Day Award for Excellence in Culture Change.14

Finally, it is imperative to mention the importance of the consistency of the program. The fact that its

implementation is done continuously allows not only for comparisons along the years but also to

strengthen the whole process, as it is possible to recognize possible flaws and trends year after year,

improving the process and its effectiveness.

Drawbacks

Despite the numerous benefits the implementation of ERM brings, this process also presents some

drawbacks. First of all, the process has a great degree of complexity and bureaucracy, likely to have

12

Tom Aabo, John R.S. Fraser, Betty J. Simkins, “The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One”, Journal of Applied Corporate Finance, A Morgan Stanley Publication, 2005







implications in the quality of the information that reaches the final analysis. Indeed, it seems likely

from the qualitative to the quantitative phase, information gets lost, resulting in a poorer final

conclusion than the one expected. Furthermore, considering that the environment in which

companies are rooted is a fast-changing environment, with high amount of information being

changed and arousing at any time, such a bureaucratic process might restrain the company from

taking advantage of upcoming opportunities.

Another major flaw that can be pinpointed is the fact that the process seems to be excessively based

in a flux which has only the upward direction. Although it is true that different people among the

organization have different, valuable knowledge, it is also true that knowledge related to risks as

financial or strategic risk, both of extreme importance, cannot be perceived by people which are not

part of the top management. Therefore, it might be advisable to guarantee that these type of risk

(strategic, financial, solvency) are formally taken into account by the process, because although top

managers are aware of these risks, their input for the Corporate Risk Profile is, somehow, limited.

Assessment

Nevertheless, despite these drawbacks, the process long list of benefits still makes it a very

recommendable choice for a risk management process. When compared with other risk

management practices, typically more analytical, this process primes for involving people in every

step of its way (in a two sided way, meaning that it collects their valuable input but it also shares with

them its results) which does not happen in an analytical process. Therefore, even though it is a true

that an analytical process will probably be subject to less losses of information along the way, its

starting “pool of information” is also smaller to begin with, which makes us believe the amount of

risks that will be overlooked will be higher.

The ERM approach therefore seems to be appropriate for Hydro One. However, it is very important

to understand now if this statement would still hold were the company’s conditions, specifically size

and the fact that it is a state-owned company to change. This is the analysis that we will be

performing in the next section.



VI. ERM SUITABILITY IN A DIFFERENT FRAMEWORK

As we have just established, ERM appears to be, despite some flaws, a fairly good process to manage

risk at Hydro One. This assessment, however, is not independent of the framework/ set of conditions

in which Hydro One operates. Throughout this section, we will therefore be looking at in which ways

the changes in this framework would alter the adequateness of ERM as a risk management

procedure for Hydro One. Yet, before doing so, it is necessary to take a step back and look again to

what is Hydro One’s current framework so that we can then think of possible changes.

Hydro One is a large monopolist company that owns the power grid system of the province and that

is obliged to guarantee the delivery of energy to countless economic agents, from big factories to

normal home-customers. Due to the nature of its business, it has a special role in Ontario’s economy,

which is why the ERM process became a feature in its Corporate Risk Profile in the first place. There

are therefore three key features of what is the current Hydro One’s framework:

1. It provides an essential, non-substitutable (as is monopolistic) service;

2. It is a large company;

3. It is a State-Owned company.

The first characteristic is, in itself, intimately connected with the need for an appropriate risk

management procedure. Indeed, as the company has some special duties with the general public,

especially regarding customer satisfaction and levels of service, it is forced to develop strong

mechanisms of control and supervision, for which ERM is essential. If a monopolistic energy provider

fails to deliver energy to its customers, not only the province’s economic activity will be damaged, as

the circumstances can smash the reputation of the corporation.

Yet, as close as the link between risk management practices and the essentiality of electricity

providing is, it is not realistic to think of any framework under which this would change. For this

reason, we will stick our analysis to what would happen to the suitability of the ERM process first if

the company’s size were any different (in a briefly way) and second if the company was not State-

owned (in a more comprehensive way).

LARGE VS. SMALL COMPANY

It is relatively straightforward to understand that the larger and the more complex a firm becomes,

the more relevant will get the role of ERM, as the approach enables managers to be aware of a

broader number of risks that are easily ignored when the size of companies increase.

Yet, what may not be as easy to understand is that an increase in the size of a company would also

lead, in itself, to an increase in the systemic risk associated with a company. This means that the

larger a company becomes, the higher its importance for the overall economy, meaning that the

more it is connected with other agents/ companies in an economy, so the higher the spillover effects

in the case of a default. In fact, even though this cascade effect is typically more associated with

financial institutions, due to their obvious link with the remaining economy, when non financial

companies become large enough, then their systemic risk also becomes very significant. This leaves

room for a stronger interference from regulations if the company’s size increases, which may lead to



a higher regulatory risk.15 This issue is actually especially relevant in a company that provides a

service that essential and non substitutable, as is the case of electricity, considering that this, by

itself, already implies a great degree of systemic risk for the company, regardless of the size of the

company.

The existence of a strong regulatory activity reinforces the need of implementing and strengthening

the controls of the company and its risk mitigation plans. If the company miscarries to comply with

the regulatory authorities, it may face legal disputes and punishments for not being able to provide

electricity properly – a good that is taken as granted and secure by one and all. If the company is not

able to mitigate, identify and prepare itself to deal with threats, it can put at risk all other agents that

rely economically on their operation.

Therefore, were the size of the company to increase (which appears to be the case as the company

has growth as one of its strategic cornerstones), ERM would remain a suitable process to manage risk

at Hydro One as long as 1) the company is still able to effectively implement the risk identification

processes, and 2) the process remains capturing, in its fullness, regulatory risks, which are certain to

increase, considering the higher systemic risk that the company would entail for the overall

economy. We believe requirement number one can easily be achieved with proper organization

inside the company, whereas there is no reason that suggests us that regulator risks are not properly

captured by ERM, meaning that requirement 2 will still be fulfilled.

In short, although there is a significant increase in systemic risk which ultimately leads to higher

regulatory risks if size of the company increases, ERM remains an appropriate process to capture

these risks.

STATE OWNED COMPANY VS. PRIVATE COMPANY

As a public sector company, Hydro One’s ultimate goal does not pass by maximization of shareholder

value, as it happens in a private-sector company. In fact, whereas in the private sector companies

chase attaining the maximization of shareholders’ value, in the public-sector, as the ultimate

shareholders of a state-owned company are the citizens themselves, the strategy is typically much

more customer-oriented, as they aim at providing high levels of service and at having satisfied

customers, leaving the achievement of outstanding returns to a secondary level. This means that

companies in the public sector lean towards serving a specific and pre-defined mandate or following

a customer-oriented approach, directed at providing an essential, high-levels of service, with

effectiveness and reliability16.

Despite this different focus, Hydro One’s ERM framework can be applied to unlike companies, with

different capital structures, with dissimilar shareholder bases and operating in diverse industries, as

the framework is not oriented towards a standard result but, instead structured in a way that allows

any company to adapt it, making use of its core features. By prioritizing threats and by making use of

different points of view, meaning, by using an ERM approach, companies are able to attain a wider

15

Most recently, regulations have actually imposed that companies with a high degree of systemic level for the overall economy be forced to implement risk management practices.

16 Public sector companies, as well as private-sector companies do not ignore the benefit of avoiding losses but,

for these companies, reliability of an essential public service is undoubtedly the major incentive to implement Risk Management techniques.



view of what can possibly go wrong with the entire business, regardless of its capital structure,

shareholder base and type17 or management goals. Therefore, for both private-sector and for public-

sector companies, ERM represents an opportunity to protect a company from some of the

downturns it will possibly face if it does not deal with risk correctly.

However, even though both private-sector and public-sector companies can attain positive results

from using risk management tools (from using a company-wide approach to risk), their incentives to

create such programs are certainly different, as it is the importance attributed to each of the risks

that might be identified in the process. On the one hand, for a privately owned business, protecting

the downside scenario is indeed what drives companies to implement ERM, in an attempt to avoid

losses, reputation costs and cash-flow deterioration. In addition, by decreasing the level of risk in the

company, the creditworthiness might improve, as it is believed that ERM programs reduce the

probability of default and increase the likelihood for debtholders to receive their claims. On the other

hand, even if it is also believed that value and creditworthiness are important elements, public-

companies use ERM programs to ensure that essential products are in fact delivered appropriately

and with high levels of quality, without harming economic agents that rely on them.

Therefore, although the motivations behind applying the ERM technique are different, the technique

is suitable and makes sense for both cases, at least in general terms. We will now be looking at the

way each type of risk varies in the context of a private and a public sector company, which we will

then use to conclude our assessment.

Operational and Regulatory Perspectives

Operational and regulatory risks are strongly connected with the business and with the market in

which the company operates. There is no reason to believe that, because the company is either

privately or publicly owned, risk management procedures (regarding operations) must change

dramatically or a major change should occur in the operational risk prioritization index that was set

to be addressed.

Actually, by analyzing the Hydro One’s case, one concludes that if the company was instead privately-

owned, the ERM framework that was created would still be valid for operational and reputational

risks, as, for example, the workshops that were prepared to measure the awareness of employees to

the most diverse kinds of risk would still be an important tool to contemplate.

However, one should notice, as the two types of firms aim at achieving different goals and objectives,

the mitigation priority can be seen differently. Under the state-owned set-up, Hydro One would

probably consider riskier some threats that could perhaps harm the quality of service and the

reliability of the delivery of energy. Under the privately-owned set up, Hydro One would possibly

regard as more hazardous reputational problems, as if some controversial issue shows up with the

operations of the company (i.e. a fatality caused by unprotected cables), its reputation, its future

earnings and value creation could become compromised. Therefore, even though the ERM

framework that was set for Hydro One can work in both public and private companies, the harm that

a given analyzed risk is assumed to cause in each type of company, may be evaluated differently.

Strategic Perspectives

17

Public vs. Private



As public-sector companies usually follow a pre-defined mandate, strategic decisions are something

that goes beyond the board of directors. In fact, even though as governments are usually responsible

for defining the general strategy for state-owned companies, the risks that are implicitly connected

with whatever is decided at political level, have to be addressed by management. In private-sector

companies, on the other hand, strategy is defined internally, where risk judgments can undoubtedly

play a role – ERM Officers will try to guide the decision-making process towards the less risky

strategic company policy. Because of this distinction in the formulation of strategy, we believe that

private-sector companies have a more structured way of approaching the subject of strategic risks

than public-sector companies do, in the sense that whereas private sector companies define strategy

depending on the risks they imply, public-sector companies are somehow forced with the risks

brought by a certain strategy.

As Hydro One is a state-owned company, we therefore believe, following the previous reasoning,

that the way of approaching strategy would not have so much to do with risk management.

However, since 2000, the company has tried to recapitalize itself through an IPO, with this being in

fact one of the main triggers for implementing the ERM policy18. As such, as the company tries to

access the private sector, it is natural that many of its strategic decisions are taken incorporating the

judgments and opinions of the Chief Risk Officer. Actually, as it was already explained, in Hydro One

capital expenditures, and investments at large, are a joint-decision of the investment department

and of the risk-management officers, incorporating therefore some important judgments regarding

the risks that the company is facing in each moment.

Therefore, regarding strategy, ERM plays different roles depending on whether the company is

publicly or privately-owned. In the private-sector, risk management has an “input role” as it helps to

determine the best and less risky course of action as well as the most suitable overall strategy for the

company. In the public-sector however, as strategic decisions are sometimes taken as exogenous,

ERM works as tool to mitigate the strategic risk and to identify all threats that can possible be

brought by external players (i.e. governments).

Financial Perspectives

As it is understandable, the financial management of a private-sector and a public-sector company is

considerably different. Nevertheless, ERM plays an important role to determine the most suitable

capital structure, regardless of the type shareholder the company has. This is because ERM helps the

company to identify and reduce possible threats. By doing so, the company can increase the cash-

flow worthiness and decrease the likelihood of a default on its debt obligations. Therefore, ceteris

paribus, for a given credit rating level, a riskier company will need to have a higher level of equity

(cushion for risks) than a company that is able to implement an effective risk mitigation strategy, who

will naturally be more protected, thus able to afford higher levels of debt.

Credit ratings and risk management are therefore connected19. A company that is able to identify,

mitigate and manage the risks it faces is more prepared to accommodate negative shocks, possible

downturns and losses, requiring consequently less equity. As such, credit ratings improve when an

effective, comprehensive and complete risk assessment system is in place, as debtholders perceive

18

The Toronto Stock Exchange requires all listed companies to have a Risk Management team and a structured policy of dealing with risks.

19 This link was actually already mentioned also in section III.



its claims as less risky. Holding an investment-grade rating and holding an unsullied credit profile is

especially important when market imperfections are in place. In fact, as illiquidity is a problem for

lower ratings, having access to a more fluid credit market brings huge advantages to firms.

Therefore, ERM or any other effective approach to risk identification and mitigation, which is

perceived as effective, can eventually bring benefits to companies as it reduces its debt-cost

structure and supports an easier interaction with capital markets.

In fact, although both private and public-sector companies must aim at having investment grade

credit profiles, as they both access capital markets, state-owned companies benefit from having an

“ultimate collateral status”. Therefore, financial risk is especially important for private-owned

companies as it assumed that the single cushion these firms have is the amount of equity in the

balance sheet. In publicly-owned companies, as most of them are monopolies that control an

essential good in the economy, it is assumed that the shareholder will not let the company fail and

will potentially support most of the financial risks and downturns that might show up. Therefore,

although important for both, private sector companies rely mostly on themselves, meaning that they

need to ensure that their balance sheet and their operations do not present outermost risks for

capital providers. Contrarily, in the public-sector, debtholders sometimes assume that default risk is

transferred to taxpayers, as the government will not let companies, which are essential for the

economy, fail. Since there is no immediate risk-transfer mechanism from the private-sector to

taxpayers or to a supreme identity, ERM procedures play a more important role in private-sector

financing, when we compare them with public-sector companies.

Looking into the case of Hydro One, as this is a public sector company, we therefore know that the

company enjoys of this government as collateral advantage. However, if the company tries to do an

IPO again and become private, then it would have to ensure that it would have, by itself, without the

government, enough financial stability (including collateral) that would allow it to keep its high credit

rating, as is actually one of the cornerstones of their planned strategy.

Overall Assessment

In short, the general conclusion that we take from our comparison of risk management practices is

that ERM is a suitable process to properly capture the risk faced by a firm in either case. However,

the scope of ERM in a public sector company is much more related with the reliability of the

operation rather than with its return, as is in the case of a private sector.

This difference is also present when we take the different management perspectives (operational,

strategic and financing). Even though operational perspective experiences little change, strategic

perspective is altered, in the sense that the strategy will be defined taking into account the risk

profile and not independently of it. On the other hand, the role of credit rating agencies is probably

more significant when the government no longer acts as collateral, which also entails changes in

terms of financial perspective.

Due to this alterations, a system to manage risk that would, in a more structured way, guarantee that

financial and strategic risks, which would then present in a different capacity, would probably be a

good complement to the current ERM practice were Hydro One to become a private company.

Nevertheless, and despite this room for improvement, we still believe in the suitability of the ERM

process, even in the context of a private firm.



VII. RECOMMENDATIONS

Taking into account all that was mentioned throughout our case analysis, we believe there are two

important sets of recommendations to be made for Hydro One as far as its risk management

practices are concerned.

The first recommendation is related with our first fundamental question, concerning the importance

of risk management practices at Hydro One. In this regards, as we have shown, risk management is

not only important in itself, but it is also important due to its intimate link with other key decisions

for a company, such as strategy or capital structure – risk management is the way to go if a company

intends to keep its capital structure, strategy and credit rating unchanged if there is an increase in

the level of risk to which it is exposed. Bering this in mind, we firmly believe that it is absolutely

essential for the company to have a system of risk management in place.

This brings us to our second recommendation, which answers our second fundamental question,

concerning the suitability of the ERM process for being such system of risk management. On this

regards, our general recommendation is that this is a system which adds value to the company, by

creating a culture where risk management is everyone’s responsibility, from the Board of Directors to

individual employees20 and by integrating all the existing risks into a single Corporate Risk Profile, and

so must continue to be a common practice in the company’s policy, as this properly captures all the

risks faced by the company, being them operational, regulatory, or strategic and financial risks.

Nevertheless, and even though we recognize the strengths of the process, we also believe there is

still some room for improvements in its various steps, with initiatives such as having the discussion

occurring electronically instead of face-to-face in order to reduce the “follow the leader” stigma, the

partial inclusion of the internal auditors in the debate process, and the publication of quarterly

Corporate Risk Profiles instead of semi-annually, so that important risks are not found only too late.

Finally, considering the potential changes the company might go through in the near future,

specifically a larger size (following the growth expansion strategy) and a privatization (following the

last IPO attempt), we still believe that the ERM framework would remain an appropriate process to

manage risk at Hydro One. Concerning the larger size, and following the increase of systemic risk the

company would entail for the overall economy, we believe the process would still be effective,

provided that it would be able to properly continue to capture the regulatory risks, which are bound

to increase. Therefore, it is our recommendation that special attention should be drawn to this,

perhaps with a special debate time reserved for the issue, if the company size significantly increases.

As for the possible privatization, we also believe that ERM would still remain a suitable process to

manage risk, despite the different motivations we believe would be behind risk management in one

instance and the other. Yet, in this case, we believe a greater focus in the process to the financing

and strategic aspects is recommendable, as these usually have a different presence in public and

private companies.

In short, we believe ERM is a suitable practice for Hydro One to adequately identify and manage its

risk for the time being and also for the future, provided that the company is able to implement the

necessary changes in the process – adapt – as the evolving framework of the company changes.

20

Tom Aabo, John R.S. Fraser, Betty J. Simkins, “The Rise and Evolution of the Chief Risk Officer: Enterprise Risk Management at Hydro One”, Journal of Applied Corporate Finance, A Morgan Stanley Publication, 2005



VIII. APPENDIX

EXHIBIT 1 – HYDRO ONE’S RISKS IMPACT ON STRATEGIC GOALS

Risk Type

Source of Risk

Customer Satisfaction

Reputation

Margin Improvement

Safety Quality Credit Rating

Growth Strategy

Op

erat

ion

al

Workforce Medium High None None Low None

IT Medium None None Medium Low None

Asset Condition Medium Medium High Medium Medium None

Limited Physical Capacity

High None None Medium Low None

Catastrophic Events

Low None Mediu

m Medium Medium None

Dangerous Operating

Environment Medium None High None Low None

Bargaining Power with

Suppliers None Medium None None Low Medium

Reg

ula

tory

Regulatory Uncertainty

Low High Low Low High Low

Lower Distribution

Rates Medium None None Medium None None

Stra

tegi

c /

Fin

anci

ng

Political opinion on growth

None None None None High High

Financial limitations to Infrastructure

program

None None None None Medium Medium

Macroeconomic Factors:

Commodity Prices, Exchange Rates, Interest Rates,

Exposure to Credit Risk

None High None None Medium Medium

hydro

Documents

risk management practices

financial risks

transversal process

importance of managing

hydro ones risks

operational risks

ways of managing risk

regulatory risks