poyry risk management audit ver 4

Pöyry Enterprise Risk Management Audit

Oslo, January 2015

2

PÖYRY MANAGEMENT CONSULTING – ENERGY

· Europe’s leading specialist energy management consultancy

· Offering expert advice from strategy to implementation on policy, regulation, business operations, financing and valuation and sustainability

· Providing in-depth market analysis and strategic insight across Europe

· Over 200 energy market experts in 12 offices across Europe:· Düsseldorf· Helsinki· London· Milan· Moscow· Oslo

· Oxford· Paris· Vienna· Villach· Zurich· Madrid

3

PÖYRY ENTERPRISE RISK MANAGEMENT AUDIT

…from board room to trading desk and back

4


· You do not want last resort Auditors to take lead:

Enterprise Risk Management needs to be forward looking and proactive – are you ready for the future?

5


· What’s up?· Expected cost:

· EU regulations and the transition towards Internal Energy Market (IEM).

· Tougher regulation sanctions (unlimited?).· Change of market design and capacity markets· More mandatory reporting.

· Expected revenue:· Current market prices are down· Future market prices are down· Will we ever see nominal 2008 levels again?

· Expected P&L· Does expected P&L, return and dividend reflect changes in revenue

and cost?· Does asset valuation reflect market values?· Should stable dividend expectations be solved by increasing risk?

Enterprise Risk Management needs to be forward looking and proactive – are you ready for the future?

Energy Act EU regulation

6


· Pöyry Enterprise Risk Management Audit is a structured way to diagnose current status, identify need for change, redesign and implement ERM improvements.

· Supplementary examples:· Enterprise Risk Management - FrameworksFrameworks are nothing but frameworks they all need tailormade implementation. Putting it all togheter depends on KPI & KRI library quality and several other factors.

· Enterprise Risk Management - CompliancePoint of no return is reached. Transition from Energy Act to EU regulation will be a gamechanger. We are moving from intention based frameworks to detailed regulations.

· Enterprise Risk Management - Tailor made implementation

Several issues to look at depending on company. Provided examples are meant as ideas for scoping with clients.

Todays agenda:

7

PÖYRY ENTERPRISE RISK MANAGEMENT AUDITEnterprise Risk Management Goals & Process:

· Enterprise Risk Management goals:· Understanding the shock resistance of the

enterprise to its key risks· Managing enterprise risk exposure to the level

desired by senior management.

· Enterprise Risk Management process:· Coordinating Risk Management Objectives and

Components· Focusing on cooperation among departments to

manage the organization’s full range of risks as a whole.

· Creating a framework for effectively managing uncertainty, responding to risk and harnessing opportunities as they arise.

· Embodying the notion that risk analysis cuts across the entire organization.

RM Objectives

Ris

k C

ompo

nent

s

8

PÖYRY ENTERPRISE RISK MANAGEMENT AUDITWhat is it, why do you need it and the alternative approach

· What: Pöyry Enterprise Risk Management Audit is a structured way to diagnose current status, identify need for change, redesign and implement ERM improvements:· Based on real world experience from trading & hedging environments combined with decades of

fundamental analysis and studies.· Voluntary, Confidential and Objective

· Why: Enterprise Risk Management is vulnerable to implementation and often fail to deliver:· Consistency and coherency are crucial in all aspects of implementation. Lack of standardization,

communication, coordination, cooperation and understanding are devastating.· Need for tailor made implementation combined with strong dependency on individuals· Internal audits cannot be neutral and objective· Mandatory external audits are ex-post focused (based on accounting & tax legislations)· Solutions that are not soundly based could contribute to unforeseen consequences and increased

risk

· Alternative: External audits and an objective second opinion are a far more convenient way of improving ERM quality than learning the hard way from own mistakes

Diagnostic Redesign Implementation

9

PÖYRY ENTERPRISE RISK MANAGMENT AUDIT

· Evaluating G’SOT:- Goal- Strategy- Objectives- Tactics

· With focus on:- ERM Framework

- Strategic RM- Compliance RM- Reputational RM- Financial RM- Operational RM

· Using:- KPI, KRI and KCI

· Evaluation:- Gap analysis- Improvement Proposal

Voluntary, Confidential and Objective audit with intention of improvement

1. KPI: Key Performance Indicators, KRI: Key Risk Indicators, KCI: Key Control Indicators

10


· Evaluating G’SOT:- Goal- Strategy- Objectives- Tactics

· With focus on:- ERM Framework

- Strategic RM- Compliance RM- Reputational RM- Financial RM- Operational RM

· Using:- KPI, KRI and KCI

· Evaluation:- Gap analysis- Improvement Proposal

Voluntary, Confidential and Objective audit with intention of improvement

1. KPI: Key Performance Indicators, KRI: Key Risk Indicators, KCI: Key Control Indicators

11COPYRIGHT©PÖYRY


11PÖYRY MANAGEMENT CONSULTING

Where do we start?

Data collection:• Why are we in business:

• G’SOT (Goals, Strategy, Objectives and Tactics)

• Evaluation of G’SOT consistency & coherency with ERM Framework

• Strategic-, Compliance-, Reputational-, Financial-, Operational RM

• KPI, KRI and KCI Library

Phase 1 - Identification Phase 2 - Capture

Diagnostic Redesign Implementation

Based on:Pöyry Enterprise Risk Management Audit Diagnostic Report• Proposal for RM redesign

Des

crip

tion

Res

ult

Pöyry Enterprise Risk Management Audit Diagnostic Report:• GAP quantification • Identification of improvement

Based on:Pöyry Enterprise Risk Management Audit Redesign Proposal• Significant on-site presence • Implementation of new

management processes and information tools

• Coaching and training of staff at all levels to utilize improvements

• Capture of improved KPI, KRI and KCI results

Pöyry Enterprise Risk Management Audit Redesign Proposal:• Presentation of the proposal• Red flag report, identification of

implementation challenges.• Define solutions to overcome

technical barriers

Pöyry Enterprise Risk Management Audit Implementation Report:• Identification of improvement• Identification of objectives for follow

up

12COPYRIGHT©PÖYRY


12PÖYRY MANAGEMENT CONSULTING

Details on Phase 1Phase 1 - Identification

Diagnostic

Des

crip

tion

Res

ult

Pöyry Enterprise Risk Management Audit Diagnostic Report:• GAP quantification • Identification of improvement

· Approach, context and scope of the Audit• Identify an appropriate suite of focus areas• Project work streams details• Project timeline• Budget

· What we need from you:• Quantitative & qualitative description of G’SOT• ERM Framework, e.g.:

• Organisation map and risk owner hirarchy• Risk policy & operational risk limits• Portfolio structure• KPI, KRI and KCI Library

· Deliverables• Pöyry Enterprise Risk Management Audit Report:

· Pöyry project team:• Heine Rønningen• Michel Martin• Cathrine Torvestad

Data collection:• Why are we in business:

• G’SOT (Goals, Strategy, Objectives and Tactics)

• Evaluation of G’SOT consistency & coherency with ERM Framework

• Strategic-, Compliance-, Reputational-, Financial-, Operational RM

• KPI, KRI & KCI Library

13







Todays agenda:

14

ENTERPRICE RISK MANAGEMENT FRAMEWORKS

· ERM Qualitity is dependent on implementation rather than the choice of policy framework school.

· ERM Policy based on:• COSO ERM:Committee of Sponsoring Organizations of the Treadway Commission www.coso.org

• RM effect on objectives• RM as a compliance based function

• ISO 31000:International Organization for Standardization www.iso.org

• R/RM as an event or process• RM as a strategic discipline for making risk-adjusted

decisions• COSO/ISO Hybrid or other solutions

Enterprice Risk Management (ERM) Policy: Different methodologies, same objective and challanges

http://www.coso.org/

http://www.iso.org/

15

RISK MANAGEMENT FRAMEWORKS

• RM Quality is dependent on implementation. No closed form solution/equation

• RM Policy based on:• @ Risk methodology:

• Value at Risk (VaR)• Cash flow at Risk (CFaR)• Profit at Risk (PaR)• X at Risk (XaR)

• Other methods: • Function of probability and

expected value• All based on:

• Predefined distributions• Empirical values• Monte Carlo simulation• Market values• Mean reversion• External boundaries• Assumptions

Strategic, Compliance, Reputational, Financial, Operational RM Policy: Different methodologies, same objective and challenges

16

RISK MANAGEMENT CONSISTENCY AND COHERENCY

· Missing link between RM components can be devastating in reaching the objectives.

· Consistent: the quality of behaving the same way over time (input, methodology, output).

· Coherent: the quality of being logically connected (organization levels, business units..).

Consistency and coherency are of outmost importance in all aspects of the business

17


· Expected EBITDA· Dividend Capacity· CAPEX budget

Financial RM Link Operational RM· Risk owners· Exposure limits· Stop loss rules· Hedging\Rehedging strategy

· A common base for:· Input· Calculation methods· Output

18


· Specific: Explicit description of what we are measuring

· Measureable: Absolute or relative benchmark values

· Achievable: Far fetched goals are discouraging

· Relevant: Coherent with objectives and Consistent over time

· Time-bound: time dimension and granularity must be explicit

Are the indicators SMART

19







Todays agenda:

20

RISK MANAGEMENT COMPLIANCEBoth external & internal compliance are important

• External:• Regulations

– Increasing regulatory risk in a rapid changing regulation regime.

– MAD & REMIT are at the top of regulators agenda.

• Internal:• Business Culture: Googles definition of Knaves

«Knaves "lie, cheat, steal, and take credit for other people's work"»

ACER and NRA users of Nasdaq OMX Smarts

21

· Regulations• EU 713/2009 ACERs role• EU 714/2009 X-Border (NC CACM, NC FCA...)• EU 543/2013 Transparency• EU 1227/2011 (REMIT) Commodity Market abuse &

Insider trading• Directive 2004/39/EC (MiFID)• EU 1287/2006 (MiFID IA)• EU 648/2012 (EMIR) Central Clearing Party• EU 596/2014 (MAD) Derivatives Market abuse &

Insider trading

· Compliance Risk:• Reputational• Sanctions

• Worst case: unlimited based on harm

RISK MANAGEMENT COMPLIANCERegulations

22

Derivative regulations

MiFID: Investor protection, MP classification (fin, non fin +/-)Contract definition and exemptions

EMIR: Central Counterparties (CCP)Contract definition from MiFID

MAD: Market abuse & inside tradingContract definition from MiFID

REMIT: Market abuse & inside tradingOwn contract definition, Transparency data = inside information (certain criteria)

Transparency regulation: Mandatory disclosure of data.Definition of data and data owner.

MAD and REMIT => Complimentary regulation with the same intention => Prohibition of market abuse and inside trading

Commodity regulations

Cross border: EC 714/2009

NC EB: Electricity Balancing

NC CACM: Capacity & Congestion

NC FCA: FWD Capacity

23




Exemption- Must be physically settled- Traded on OTF not RM- Regulated by REMIT

Nordic design European design

European market design exemption from derivatives?Nordic market design «cannot escape».

24




Bilateral leakage

- Must be physically settled- Traded on OTF not RM- Regulated by REMIT

Nordic design European design

• Increased cost under EMIR could possible increase bilateral trading.• Nordic market design «cannot escape».• Physical EFET FEMA with operational netting may be exempted• If Transition to physical => Financial capital may pull out (inc. cost, complexity)

25







Todays agenda:

26

RISK MANAGEMENT TAILOR MADE IMPLEMENTATION Risk Management : A process of continuous improvement.

· Risk Management is not a one shot exercise

· Ajustment of objectives· Continuous Risk

Assesment• Identify• Analyse• Evaluate

· Risk treatment• Create/adjust control

enviroment• Control the activities• Inform/Communicate• Monitor

· Start over....

27

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONRisk management function positioning

· Risk committee· Chief Risk Officer (CRO)· Both

· Keys to success- CRO peer with business line leaders- CRO reporting line to the board (or Risk

Committee)- CRO has a broader risk focus than compliance- CRO position and interaction with senior

management clearly defined- Managing risk is everyone’s job- Management values RM as an equal discipline to

opportunities pursuit

28

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONKPI & KRI: Assumptions, benchmarking and backtesting performance

· Performance evaluation & Hurdle rates:- CAPM «nice tool» for companies quoted on an

exchange with relevant peers.- Most companies are not quoted on an exchange- What is your Market Cap, Beta or Small Cap premium?

· Other evaluation methods based on risk adjusted performance:- RORAC: Return On Risk Adjusted Capital- RAROC: Risk Adjusted Return On Capital- RARORAC: Risk Adjusted Return On Risk Adjusted

Capital - Sharp Ratio: Actual return – Risk free rate / Volatility- V2 Ratio – Actual return vs. Benchmark return

· Bonus programs & performance based incentives- Relation to KPI & KRI- Size, Downside risk, Watermark

29

RISK MANAGEMENT TAILOR MADE IMPLEMENTATION

· Must be sound based in corporate G’SOT· Example:

- KPI = max (Actual Price/DA Price)

· Does not say anything about the potential or the risk:- Bearish scenario:

- No hedge: KPI = 1, highest risk, 100% lost potential- Hedge A: KPI = 1.8, lowest risk, 20% lost potential- Hedge B: KPI = 1.2, high risk, 80% lost potential

- Bullish scenario- No hedge: KPI = 1, highest risk, 0% lost potential- Hedge A: KPI = 0.6, lowest risk, 80% lost potential- Hedge B: KPI = 0.9, high risk, 20% lost potential

· Hedging close to delivery gives higher probability of maximizing KPI at the price of a higher risk:- A good strategy for a lazy trader with P&L incentives

only?- Perhaps not that good for the company?

KPI & KRI selection

30

RISK MANAGEMENT TAILOR MADE IMPLEMENTATION

· Standardized process· Tailormade content· A non-summative drill down

exercise

· Define risk apetite:- Reward risk mitigation on some

risks?- Reward risk adjusted P&L on

some risks?

KPI & KRI Selection and calibration based on G’SOT & Risk Assessment

𝑔𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛= 𝑓 ¿

𝑚𝑎𝑟𝑘𝑒𝑡𝑝𝑟𝑖𝑐𝑒= 𝑓 ¿𝑖𝑛𝑓𝑙𝑜𝑤= 𝑓 ¿

31

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONKPI & KRI: Risk owner & portfolio framework

· Creating an efficient library of KPI & KRI is highly dependent on portfolio structure

· Separation of Preformance & Risk related to key elements crucial:

· Forecast· Inflow· Constraints· Regulations

· Basis· Profile· Bidding Zone

· Market· Xtra· Static· Dynamic

32

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONKPI & KRI: Risk owner & portfolio framework

· Efficient portfolio structure makes it easier to adjust risk according to objectives using KPI & KRI triggers

33

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONKPI & KRI: Assumptions, benchmarking and backtesting market input

34

· Standardized & Cleared:

· ..or Bilateral OTC- Counterparty Credit Risk

- Based on Basel II/III– A-IRB– IRB– Standard

- Internal models

RISK MANAGEMENT TAILOR MADE IMPLEMENTATIONCounterparty Credit Risk: Bilateral OTC vs. Central Counterparties

35


· ERM Quality is dependent on implementation rather than the choice of policy framework school.

· RM Quality is dependent on implementation. No closed form solution/equation

· Missing link between RM components can be devastating in reaching the objectives.

· External Compliance Risk worst case: unlimited based on harm

· ERM is dependent on implementation. There are no closed form solutions. Mistakes can be devastating in reaching the objectives. Consequences could worst case be unlimited.

ERM Presentation red ink summary:

· External mandatory audit is based on accounting legislation – vague on risk management.

· Use Pöyry Enterprise Risk Management Audit to fill the gap.

36


…most black swans are white. Controlling your risks gives you confidence within the confidence interval.

Contacts:

Heine RønningenEmail: [email protected] Telefon: +47 90 60 87 74

Michel MartinEmail: [email protected] Telefon: +47 xxxxxxxx

Cathrine TorvestadEmail: [email protected] Telefon: +47 xxxxxxxx

mailto:[email protected]



38

PÖYRY ENTERPRISE RISK MANAGEMENT AUDITPutting it all togheter...

RM:StrategicComplianceReputationalFinancialOperational

Mission & Vision_Goals__ Strategies___Objectives____Tactics

39

KPI = MAX (ACTUAL PRICE/DA PRICE)Bearish scenario:

40

KPI = MAX (ACTUAL PRICE/DA PRICE)Bullish scenario:

41

RISK ASSESSMENT

· When in doubt.....• Decompose

• Identify, analyse, evaluate• Adjust for covariance• Aggregate

Identify, Analyse, Evaluate

42

(P) Hedged Item:

Forecast

(T) Tax:= 31% of P

(S) Spot:= x% of P-T

(H) Hedge Total:

= P - T – S(Hstd) Hedge Total

Standard = (H) MWh mapped to

standard hedging instruments

(Hx) Hedge Xtra:

= max (Hstd)

(Hs) Hedge Static:

= Hstd - Hx

(Hd) Hedge Dynamic:

= Hstd - Hs

RISK OWNER & PORTFOLIO FRAMWORK

Value@Risk focus

CashFlow@Risk focus

43

RISK OWNER & PORTFOLIO FRAMWORK(P) Hedged itemEmpirical analysis & forecasts

44

RISK OWNER & PORTFOLIO FRAMWORK(S) SpotA natural hedge if price and generation are negatively correlated

45

RISK OWNER & PORTFOLIO FRAMWORK(Hs) Hedge staticStatic programs could work both for actual hedging and benchmark

46

RISK OWNER & PORTFOLIO FRAMWORK(Hd) Hedge dynamicClose to trading activity, stronger demand for KPI & KRI

47

HEDGED ITEM VS. HEDGING INSTRUMENT, HEDGING COST

48

NORMAL DISTRIBUTED PRICE CHANGE VS. ACTUAL

49

VOLATILITY MARKET VS. OWN

50

VALUE AT RISK OUTLIERS

51

BASEL II/IIIIRB

poyry risk management audit ver 4

Documents