Interview with Julie Vishnyakov, Vice President, Co-Head of Market Risk at Constellation EnergyMs. Vishnyakov answered a series of questions written by marcus evans before the upcoming 4th Annual Risk Management in Energy Trading Conference, November 8-9 in Houston, TX. All responses represent the view of the Ms. Vishnyakov and not necessarily those of Constellation Energy. (Note that the responses have been approved by Constellation Energy.)What has made creating an integrated risk management system such a difficult process?JV: Robust strategies for risk and compliance are necessary for controls against deficiencies in corporate governance and operational and financial inefficiencies, as well as for safeguarding the company’s assets, reputation, and ultimately, the interest of shareholders. However, most of these risk and compliance strategies are managed through isolated, manual processes and systems. This raises project costs, duplicates efforts across the enterprise, and deflects resources away from key business initiatives.An integrated Governance, Risk and Compliance (GRC) approach helps to achieve sustainable integrated risk programs by facilitating the efficient use of risk information in strategic decision-making. Ensuring the usage of consistent terminologies and methodologies across departments encourages a risk-focused corporate culture. Furthermore, the integrated approach provides a comprehensive view of the organization’s overall risk profile, and assures senior management on the effectiveness of internal controls and frameworks.Over the past 2 years, Constellation has transformed the way it thinks about and evaluates strategic risk. During the implementation phases of the system we sought to overcome a number of challenges to list a few:Each business unit had its own risk and control terminology and assessment criteriaPrior to the implementation of the GRC, each business unit used their own terminology and process to define and assess risks and controls. The lack of a common risk framework, definitions and rating methodology did not provide a unified perspective of risk. As a result, risk evaluation across the enterprise was disjointed and in turn, hindered data aggregation and reporting to senior management. Furthermore, we gained consensus with the businesses to standardize likelihood and impact assessment values consistent with the enterprise-wide perspectiveControl functions duplicated efforts by reviewing similar, if not the same, risks and controlsConstellation Energy, similar to any company operating in a highly regulated environment, is subject to multiple compliance requirements, including NERC, FERC, SOX and other legal and regulatory mandates. Compliance with each of these regulations was managed independently by each department. There was no common platform unifying the processes or associated controls. Consequently, controls and other related efforts were unnecessarily duplicated across the enterprise. As a result of the integrated approach, we have gained agreement on common categories, definitions and framework of processes, risk, and controls, allowing identification and assessment of all areas of risk in a cohesive manner.What have you learned from previous attempts of integrating risk buckets?JV: Two important lessons learned were uncovered. First, it is essential that any company take a holistic approach to risk management. Second, management buy-in and agreement is of paramount importance.A company focused on strategic risk management constantly assesses risk factors to ensure they reflect business realities. Risk management integration begins by defining the risk appetite of the company proportionate to strategic goals. The management committee defines the company’s appetite for risk exposures subject to board of director approval. It also defines what risk, how much risk, risk ownership and the timing of risk taking in support of the strategic plan. Risk assessments should be owned by the business with input from the functional support groups to assist in the identification and quantification of risks.Creating this top down and bottom up approach to shifting the culture of risk identification and management throughout the enterprise is the key to success. Also, it is very important to educate individuals across the company take responsibility for risk management, understanding how their risks aggregate, and how to take the appropriate steps needed to bring risk levels to acceptable levels. It is incumbent on risk managers to demonstrate the value of integrated risk to each part of the business. Lastly, improving enterprise risk through an enhanced communication and making information more readily and efficiently available is a must.How does market risk factor into creating an integrated risk management system?JV: To build and maintain an effective risk management framework, a company must continuously evaluate the risk landscape. Risks such as change in market liquidity, lack of price volatility, legislation changes, natural hazards and weather risk, and trader fraud are just a sampling of risks that any market risk manager must continuously evaluate. The risk manager with input from the experts across the enterprise must determine how to classify and quantify the impacts of these risks. For example, how are these risks categorized? Are they operational vs. market vs. reputational or business and strategic, etc in nature? Also, are these risks internal or external? Are these emerging risks that are looming on the horizon? How likely are each of these risks and do these risks impact current earnings or the longer term economic value of the firm? Each of these questions must be answered under a common framework in order to accurately, and justly determine the top priorities of the company.The market risk manager therefore becomes a key player during the Risk Control Self-Assessment (RCSA) process. The results of these types of assessments are aggregated and contribute to the priorities of the company.How can an integrated system help measure risk effectively?JV: By understanding the enterprise risk factors, a company can develop strategies to optimize controls, improve performance and reduce the negative impacts to the business. A simple, repeatable RCSA process creates a mechanism where each business unit and functional group identify key processes, the risks that impact the process and assign probability and impact estimates. Each risk is linked to mitigating controls and each control is regularly evaluated for effectiveness. The overall assessment process will lead to process effectiveness and efficiency by aggregating data and providing standard tools to evaluate across the enterprise. A common language of risks, controls and business processes ensures a cohesive integrated risk process, facilitates risk aggregation across business units, functions and the enterprise and highlights interdependencies between risks and controls spanning numerous processes and functions. The technology solution empowers Constellation to institutionalize its RCSA methodology that supports individuals across the company to ultimately take responsibility for risk management.In the end, it boils down to some general themes discussed earlier. The goal of any integrated risk management system is to increase transparency, standardize terminology and process all under a commonly accepted framework.For further details on the upcoming conference, please contact:Michele WestergaardMarketing/PR Coordinatormarcus evansTelephone: 312 540 3000 ext 6625Email: firstname.lastname@example.org
The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.