Enterprise Risk Management (ERM)
Program
PNM Resources, Inc.
March 29, 2007
Presentation to American Public Power Association
March 2007
Austin, Texas
1
How we got started
Definition of ERM
• Depends on Risk Focus
– Committee of Chief Risk Officers: ERM is a
program that works to manage all risks faced by an enterprise in an
integrated fashion. Risks are identified, measured, and prioritized
uniformly throughout business units. ERM then works to manage
these risks based on their overall impact to the entity by allocating
mitigation resources on a consolidated basis.
– AON:
ERM is the proactive execution of a senior management
sponsored entity-wide strategic process of assessing and responding
to the collective risks that impact an organization’s ability to
maximize shareholder value.
2
Program Goals
ERM Value Drivers
•
•
•
•
•
•
•
Aligning Corporate Tolerance & Strategy
Coordinating Disparate Risk Management Functions
Quantifying Risks & Risk Adjusted Returns
Improving The Deployment of Capital
Enhancing Risk Response Decision-Making
Identifying & Managing Cross-Enterprise Risks
Providing Integrated Responses to Multiple Risks
3
Risk Management Corporate
Structure
EnterpriseWide Risk
Management
•Risk Map
•Coordination
with Strategic
Plan and Capital
Allocation
•Management of
Mitigations
Executive
Policy
Committee
Board
of
Directors
Board
Risk
Liaison
Chief
Financial
Officer
•Set Risk Tolerance
•Develop Strategic Risk Focus
•Prioritize Mitigations
Audit
Committee
Finance
Committee
Oversee Adequacy
of Risk Policies
and Procedures
Oversee Financial
Risk Tolerance and
Insurance Coverage
4
Risk
Management
Committee
Establish Financial
Risk Policies and
Procedures
Steps to Implementation
ERM Program
Board Governance
Executive Policy Committee
Determines
“if”, “what” & “who”
of risk planning.
Start here
ERM Process Roadmap
•Identifies, measures, prioritizes risk
•Reports risk to Sr. Management
• Provides mitigation management &
monitoring
In a cyclical process, ERM provides decision support to
Executive Policy Council (EPC). Then, the EPC sets strategic
focus for risk action planning which later is followed by ERM
5
monitoring of strategic plans.
Integrated Strategic
Planning Process:
Incorporates Sr. Mgmt. Decision Making Into:
• Corporate Strategic Plan
• Long Range Plan
• Annual Operating Plan
• Performance Plans &
• Incentive Plans
ERM Process Roadmap
Execute Risk Action Plan
and
Monitor Effectiveness
Begin Each Year
Identify Risk
Data Collection
•Interviews with PNM Experts
•Due Diligence
•Financial Statements
•Internal Reports
•External Databases
•Research
•Compare to Industry Data
Mitigation
Decision Making
&
Allocation of Risk
Decisions & Mitigations
•Hedge
•Insure Risk
•Allocate Mitigation Resources
•Optimize Risk Appetite
•Determine Risk Tolerances
Measure Risk
Risk Database
Prioritize Risk
Risk Map & Risk Reports
• Top 20 Risks
• Effects Short & Long Range Plans
• Effect on EPS
2001-2007 Data
Risk Analytics
•Probabilities
•Impacts
•Expected
losses
6
X
Risk 1
Risk 2
Risk 3
Risk 4
Risk 5
Risk 6
Risk 7
Risk 8
Risk 9
Risk 10
X
X
X
X
X
X
X
X
X
X
X
X
7
Capital and
Investment
Commodity
Operational
Strategic
Identifying Risks
Measure Risks
Sabotage Risk
0.14%
Technical Risk
0.15%
Regulatory/Political
Risk
20.51%
Com petitive/Marketing
Risk
14.97%
Environm ental Risk
10.92%
Financial Risk
4.04%
Organizational/Strategic
Risk
15.95%
When risks are
segmented by
function a
clearer picture
begins to
develop.
Hum an Capital Risk
3.47%
Operational Risk
26.17%
Natural Risk
0.06%
8
Legal Risk
3.62%
Prioritize Risks
Traditional
Risk Maps
assist in
bringing
perspective
to the
relationships
between the
various risk
issues.
9
Prioritize Risks
The Executive
Policy
Committee
chooses key
risks for
strategic
focus—ones
that are
actionable and
provide the
highest
mitigation
value.
10
Analyze Risks….examples
Monte Carlo
simulation has
proven a powerful
analytic tool in
measuring the
probabilities
associated with key
exposures.
Monte Carlo simulation is used to adjust earnings
projections for outage exposures.
11
Strategic Focus
Risk Action Planning
Each Business
Unit is charged
with creating
strategic action
plans that align
with corporate
strategy and
mitigate known
exposures.
12
Strategic Focus
Decision Making,
Mitigation Planning & Allocation
Each strategic
action plan is
measured for
cost and
effectiveness…
….all plans are
compared to one
another to
determine those
offering the
greatest value.
13
Strategic Focus
Budgeting
Mitigation
budgeting is
part of the
yearly budget
process.
Management
knows what
kinds and size
of exposures to
anticipate and
how much it
will cost.
14
ERM Value As A Strategic Tool
ERM is a long journey but its value as a
strategic tool is bearing fruit. Better risk
decision-making results in better deployment of
capital and a better compliance structure in an
atmosphere of greater risk awareness.
15
Lessons Learned
•
Buy-Off on ERM Should First Come from Executive Management
• Buy-Off on ERM Should First Come from Executive
Management
• Buy-Off on ERM Should First Come from
Executive Management
16
17