2008 Annual Meeting ● Assemblée annuelle 2008

Québec

2008 Annual Meeting ● Assemblée annuelle 2008

Québec

Canadian Institute

of Actuaries

Canadian Institute

of Actuaries

L’Institut canadien desactuaires

L’Institut canadien desactuaires

JF

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Enterprise Risk Management

“Not just for Insurance Companies”

John R.S. FraserVice President, Internal Audit & Chief Risk Officer, Hydro One Inc., June 20, 20082008 Annual Meeting Conference Canadian Institute of Actuaries, Quebec City

Summary

1. Background on Hydro One

2. What we consider ERM to be

3. The Components of ERM

4. The ERM Processes

5. Risk Tolerances and Workshops

6. Risk Profiles

7. Resource Allocation

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Background on Hydro One• Ontario’s primary electricity

transmission & distribution company

• One of the largest Tx companies in N.A.

• $12 B of assets

• $4.6 B of annual revenue

• $1 B annual capital and maintenance spend

• 5000 employees plus 1,000 outsourced

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

1

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

ERM – Scope of Mathematical Intensity

Detailed math is the answer

Broad ranges are the way

to go

AU/NZS 4360

COSO

ISO 31000

SOA

CAS

PRMIAS&P

Moody’sRIMS

2

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

ERM is no big deal….

“Enterprise risk management is just basic actuarial science, which is now being applied in all industries.”

Sim Segal, FSA, CERA, MAA,

Managing Director

Aon’s Global Risk Consulting Group

(quoted by Rough Notes Magazine - October 2007)

3

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

ERM requires a major re-think…

“…actuaries of the fourth kind…” (a reference to actuaries working in ERM)

by Professor Paul Embrechts of the Swiss Federal Institute of

Technology as quoted by Stephen D’Arcy in his 2005 Presidential address to the Casualty Actuarial Society

4

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Risks Identification

“There is no point getting into a panic about the risks of life until you have compared the risks which worry you with those that don’t but perhaps should.”

Rothchild

Quoted by Felix Kloman in Risk Management Reports - Vol. 31 No. 10 - October 2004

5

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Why have ERM?

“...overly complex methods are likely never to be fully implemented, or, if they are, to generate a lot of resentment, non-compliance and workarounds.”

“…the minutia will be well-managed at great cost while ignoring the big picture, especially the future types of risks.”

David McNamee October 2004

Internal Auditor Magazine

6

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

What our ERM is not about

• Sarbanes Oxley• Compliance• Audits• Regulations• Performance Measurement• Credit, market or operational risk in isolation• Detailed calculations without the big picture

7

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008 • Good Governance

• Good Management (“a proxy for good management”)– Agreed objectives and risk strategies– Future business outlook– Prioritization of objectives, risks and

resources– Resource allocation

(i.e improving the business/operations while knowing your risks and using your resources wisely.)

What ERM is about:

10a

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

What ERM is about:

10b

Market

OperationalStrategic

OtherCredit

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Framework Initiated Formulated Implemented Robust

ERM Policy

ERM Framework

Executive Risk Committee

Common Language

Dedicated Corporate Risk Group

Champions

Integration with loss control

Integration with Strategic Planning

Integration with Business Planning

Policy and Organization(Hydro One ERM Status - April 2002)

11

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Tools & Techniques Initiated Formulated Implemented Robust

Approved Risk Tolerances

Workshops - Line

Workshops - Leadership

Voting Software

Measurement – broad ranges

Measurement – detailed metrics

Risk Register

Business Plan Templates

Scenario analysis

Sign-off by Line Management

ERM in VP’s Personal Contracts

Risk Tolerances and Workshops

(Hydro One ERM Status - April 2002)

12

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Deliverables Initiated Formulated Implemented Robust

Corporate Risk Profile

Reporting to Leadership/IRC

Reporting to Audit & Finance Committee

Reporting to Board

Reporting Processes(Hydro One ERM Status - April 2002)

13

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

CORPORATE RISK

PROFILE

BOARDCOMMITTEE

EXECUTIVEMANAGEMENT

POLICY &FRAMEWORK

RISK PROFILES &

BUSINESS PLANSLINE

MANAGEMENT

RISK TOLERANCES

MANAGE RISKS, $$MANAGE RISKS, $$

The ERM Process at Hydro One

14

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Turning Strategy into Risk Tolerances

Business Strategy

How are we goingto achieve our

overall Corporateaims??

Business Objectives

KeyPerformance

Indicators

RiskTolerances

What is ourattitude toward

failure for each KPI??

How will wemeasure successfor each Business

Objective??

What 6-10 objectivesdo we want to

factor in todecision-making?

15

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Key Components of ERM Process

ERM Policy & Framework

Asset Planning

Corporate Risk ProfileScan of Events Business Plans

Audit & Finance Committee

Board

Risk Workshops

Corporate Risk Tolerances

Strategic Planning

Business Objectives

16

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Example of HOI risk tolerances

Risk Tolerances Business

Objectives Event Impact Description 5

Worst Case 4

Severe 3

Major 2

Moderate 1

Minor

Financial

Net Income shortfall (after tax, in one year)

$>150M shortfall $75-150M shortfall $25-75M shortfall

$5-25M shortfall <$5M shortfall

Reputation

Negative Media Attention; Opinion leader and Public Criticism

National media attention; opinion leaders/customers nearly unanimous in public criticism

Provincial media attention; most opinion leaders/customers publicly critical

Significant local attention; Several opinion leaders/ customers publicly critical

Credible letter(s) to Ministry of Energy, to Premier, to Chair of OEB, or to Minister of Environment, that require action

Letter(s) to Senior Management

Customer /Reliability

Outages on the Hydro One system

One of: >100,000 Customers Distribution or >1000MW Tx for more than 7 days

One of: 40k-100k Customers Dx or 400-1000MW Tx for 4-7 days

One of: 10k-40k Customers Dx or 100-400MW Tx for 2-4 days

One of: 1k-10k Customers Dx or 10-100MW Tx for 4-24 Hrs

One of: <1000 Customers Dx or <10MW Tx for <4 Hrs

Worst Case:- threatens the

survival of the organization

in its current form

Minor:- noticeable

deterioration in results

Major:- significant

deteriorationin results

17

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Environmental Hazards

0 20 100%806040

Worst Case

Severe

Major

Moderate

Minor

8

2

1

7

5

4

3

2

1

Number of participants

who voted for each category

18

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

0 20 100%806040

Environmental Hazards

Worst Case

Severe

Major

Moderate

Minor

5

4

3

2

1

3

10

5

19

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2

3

4

2 3 4

Probability

Mag

nit

ud

e

NOTE: Size of bubbles depicts confidence in

controls

Briefing Sessions: voted results & meaning

“Meanings:”• themes, patterns in discussion• common causes

20

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008 Risk Source March 2001 Dec. 2001 Risk Trend

Cost Reduction Very High Very High

Regulatory Uncertainty

High Very High

Initial Public Offering High High

Customer Relationships

High Medium

Human Resources Medium Medium

Safety High Medium

Corporate Risk Profile

Note: Each risk category is explained with a half page analysis outlining the sources of the risk and the mitigants in place or planned.

21

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Spending Prioritization: Making choices based on value

Vehicles??

House??

Medical??

Travel??

Highest “Risk Mitigation” Value for money

+

Intolerable Risks

22

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

“True” tolerances: “Red Zone”5W

orst Case

4Severe

3Major

2Moderate

1Minor

5 Very Likely

4 Likely

3 Middle Odds

2 Unlikely

1 Remote

23

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Program Level Cost Cuml. Cost

Risk if not done

Bank for Buck (1)

Vehicles Highest Risk $2 $2

4.6 House Highest Risk $6 $8 4.5 Medical Highest Risk $1 $9 3.9 Vehicles Minimum

Level $1 $10 2.8 2.80

House Level 1 $3 $13 3.0 1.00 Vehicles Level 1 $2 $15 1.9 0.95

House Minimum Level

$5 $20 3.2 0.64 Medical Minimum

Level $12 $32 2.3 0.19

Ranking across work programs

(1) i.e. value for $’s

IntolerableRisk

“BANGfor

BUCK”

Resources = $14

24

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Standard & Poor’s Questions on ERM:

– Is there a statement of risk appetite or risk tolerance?

– How does the company identify and control each major risk?

– What information about each major risk is shared with senior management and/or the board of directors?

– What environmental scanning techniques does the company use to anticipate the emergence of extreme disasters?

– What contingency plans has the company developed?(Excerpts from Standard & Poor’s January 14, 2008

Bulletin)

25

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

2008

Ann

ual M

eetin

g

Ass

embl

ée a

nnue

lle 2

008

Questions?