Risk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016

Similar documents
SAFETY MODEL ASSESSMENT

RISK ASSESSMENT MITIGATION PHASE OVERVIEW. December 13, 2016

Fraud Risk Management

Managing Grid Infrastructure. Kevin Dasso VP, Electric Asset Management Overview

Risk Management Framework. Group Risk Management Version 2

Kidsafe NSW Risk Management Plan. August 2014

Risk management procedures

Business Auditing - Enterprise Risk Management. October, 2018

Risk Management Framework. Metallica Minerals Ltd

GOV : Enterprise Risk Management Policy

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

PACIFIC GAS AND ELECTRIC COMPANY SAFETY MODEL ASSESSMENT PROCEEDING PREPARED TESTIMONY

Perpetual s Risk Management Framework

Enterprise Risk Management Program

Risk Management Policy and Framework

Scouting Ireland Risk Management Framework

Introduction to Risk for Project Controls

RISK AND OPPORTUNITY ASSESSMENT GUIDE RISK CRITERIA

Risk Management. Webinar - July 2017

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

CMP for Special Regs and Safety Issues. 1. INTRODUCTION Purpose Scope Submissions to Australian Sailing:...

An Introductory Presentation for ECU Staff

client user GUIDE 2011

RISK MANAGEMENT POLICY October 2015

SDG&E AND SOCALGAS DIRECT TESTIMONY OF DIANA DAY

LCS International, Inc. PMP Review. Chapter 6 Risk Planning. Presented by David J. Lanners, MBA, PMP

Senior Director, Fire Life Safety & Risk Management

RISK M A N A G E M E N T P L A N

RISK MANAGEMENT FRAMEWORK

Risk Assessment Workshop Pam Walaski, CSP, CHMM Director, Health and Safety GAI Consultants, Inc. Pittsburgh, PA

Risk Management Framework

Risk Management at Central Bank of Nepal

Risk Workshop Session 1. Malcolm Leinster

Risk Associated with Meetings

2014 Own Risk and Solvency Assessment (ORSA) Feedback Pilot Project Observations of the Group Solvency Issues (E) Working Group

An Update On Association Policies, Health Checks & Guidelines To A Safer Hockey Association. Lauren Woods Member Engagement & Operations

Procedures for Management of Risk

Procedure for Address Business Risk and Opportunities

Risk Management Plan for the <Project Name> Prepared by: Title: Address: Phone: Last revised:

Criteria for Establishing Objectives & Targets

Presented to: Eastern Idaho Chapter Project Management Institute. Presented by: Carl Lovell, PMP Contract and Technical Integration.

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Risk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY

ISO/DIS 9001:2015 Risk-Based Thinking

Risk Evaluation, Treatment and Reporting

12 GeV CEBAF Upgrade. Risk Management Plan

CORPORATE RISK MANAGEMENT POLICY

Fundamentals of Project Risk Management

The Proactive Quality Guide to. Embracing Risk

Project Selection Risk

Project Risk Management

INDICATED SHIPPER DATA REQUEST IS-SCG-004 SOCALGAS 2019 GRC A SOCALGAS RESPONSE DATE RECEIVED: FEBRUARY

NYISO Capital Budgeting Process. Draft 01/13/03

RISK MANAGEMENT FRAMEWORK

Risk Management Plan PURPOSE: SCOPE:

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Risk Management FUN! Humor Me

Nagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0

28 July May October 2016

Event Risk Assessment Tool (ERAT) Version 1.0 RARE. UNLIKELY Could occur at some time. POSSIBLE Might occur at some time LIKELY ALMOST CERTAIN

Hazard Prevention Program. Regulation 19

Certified in Risk and Information Systems Control

RISK MANAGEMENT FRAMEWORK

Ahsan Jamal. Case Study IDENTIFYING AND MANAGING KEY RISKS IN CONSTRUCTION PROJECTS

1. Define risk. Which are the various types of risk?

SCCE 2012 COMPLIANCE & ETHICS INSTITUTE. Workshop Agenda

Risk Assessment for Drug Products with Device Components

City Auditor s Office

What Makes Risk Management Work?

CRISC. Isaca CRISC Certified in Risk and Information Systems Control Version: 1.0

Practical aspects of determining and applying a risk appetite for SMEs

Multidimensional RISK For Risk Management Of Aeronautical Research Projects

Project Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich

Topic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011

Risky Business. Jaidev Iyer Operational Risk Expert, CEO J-Risk Advisors

0470_022817_03_chap01.fm Page 11 Wednesday, September 8, :29 PM. Part I The basics of project risk management

Contents INTRODUCTION...4 THE STEPS IN MANAGING RISKS ESTABLISH GOALS AND CONTEXT IDENTIFY THE RISKS...8

An Overview of the Enterprise Risk Management Process

Auckland Transport HS03-01 Risk and Hazard Management

Impressions from Applying ISO to an Avalanche Mitigation Project

Intro Public-Private Partnership (P3) Finance Course

BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA

Risk Management Framework

Quality Control & Compliance Initiative. This document is publicly available to any staff member on the following network path:

Sections of the ORSA Report

The Components of a Sound Emerging Risk Management Framework

ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK

Risk Management Planning

Risk Management at the Deutsche Bundesbank March 2011

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

CASUALTY ANALYSIS PROCEDURE (document FSI 17/WP.1, annex 2)

Risk Management Policy and Procedures.

Version: th November 2010 RISK MANAGEMENT POLICY

ERM: Lessons Learned and Tools Used from One University's Nearly 10-Year Implementation Journey. University Risk and Compliance

4.0 The authority may allow credit institutions to use a combination of approaches in accordance with Section I.5 of this Appendix.

Structured ScenarioS

Enterprise Risk Management Integrated Framework

Risk Management Policy

Transcription:

Risk Assessment Mitigation Phase Risk Mitigation Plan Lessons Learned (RAMP B) November 30, 2016 #310403

Risk Management Framework Consistent with the historic commitment of Southern California Gas Company (SoCalGas) and San Diego Gas & Electric Company (SDG&E) (collectively referred to as the utilities) of evaluating and mitigating risks to the public, employees, and infrastructure, the utilities implemented new risk management practices as described in the Safety Model Assessment Proceeding (S-MAP) proceeding, Application (A.) 15-05-002 and A.15-05-004. The utilities risk management framework is consistent with the Cycla Corporation 10-step Evaluation Method adopted in Decision (D.) 16-08-018. 1 The utilities consolidated Cycla s 10-steps into six distinct steps, each of which are described below: 1. Risk identification; 2. Risk analysis; 3. Risk evaluation and prioritization using a 7X7 matrix; 4. Mitigation plan development; 5. Risk-informed investment decisions and risk mitigation implementation; and 6. Monitoring and review. Figure 1 Risk Management Process 1 D.16-08-018 Ordering Paragraph 4. Page SDGE/SCG B-1

Risk Identification Risk identification, as defined by ISO 31000, is the process of finding, recognizing and describing risks. It includes the identification of risk sources, events, their causes and potential consequences. On an annual basis, the Enterprise Risk Management (ERM) organization facilitates the enterprise risk identification process through interviews and meetings with risk owners and managers to review and discuss potential changes to the utilities respective enterprise risk registry. The utilities are moving toward a more structured approach to classifying risks and mitigations through the development of its new risk taxonomy. The purpose of the risk taxonomy is to help categorize and understand the spectrum of risks to which the companies are exposed using a common framework. The taxonomy helps ensure that the risk identification process covers the full range of risks to which the utilities are exposed, in a structured manner. As the companies ERM function continues to evolve, the taxonomy will provide a shared language around risk and support a broader range of ERM activities, which include: risk ownership, mitigation planning, and risk measurement and monitoring (e.g., key risk indicators). The taxonomy breaks into two main branches at the highest level: operational risks and crosscutting risks. Operational risks are those events that can result in damage to or loss of company or public asset, environmental impact, personnel injury, and/or interruption of service to customers. These are defined as operational implications. The taxonomy further categorizes operational risks by commodity, asset-type and classifies risk triggers that tie to operational risks. Cross-cutting risks are called such because they cut across a range of assets, and are not linked to specific triggers associated with those assets. The companies early implementation of the taxonomy is laid out in this report and can be seen in each risk chapter where each risk was mapped to the appropriate categories of risk, assets and drivers in accordance with the taxonomy. Figure 1 below is a visual depiction of the taxonomy. Page SDGE/SCG B-2

Figure 1 Risk Taxonomy Page SDGE/SCG B-3

Risk Analysis Risk analysis as defined by ISO 31000 is the process to comprehend the nature of risk and to determine the level of risk. It provides a basis for risk evaluation and decisions about risk mitigation. As stated in ISO 31000, risk analysis is undertaken with varying degrees of details depending on the risk and the availability of data and resources. The utilities utilize a combination of qualitative and quantitative analyses to analyze their risks. On an annual basis, the ERM organization facilitates a risk assessment session where risk owners discuss their risk analysis based on the information they have and the risk mitigations in place. Risk Evaluation & Prioritization Risk evaluation is the process of comparing the results of risk analysis against impact and likelihood dimensions. The utilities use the 7x7 Risk Evaluation Framework (REF) to evaluate the level of risks and differentiate risks from one another by gauging their frequency of occurrence against their potential impact. On an annual basis, the ERM organization facilitates the risk prioritization session where risk owners discuss the relative ranking of the utilities enterprise risks with senior management and achieve consensus around risk priorities. In the REF, risk scores are calculated from two primary inputs: impact and frequency. The impact is the effect or outcome of an event. The frequency reflects the likelihood of the risk event occurring within a certain time. Both the impact and the frequency are evaluated on a scale of 1 7 as depicted in Figure 3 below. Page SDGE/SCG B-4

Health, Safety, & Environmental: Endanger workplace or public safety; impact to surrounding environment; Long-term: 10+ years Medium-term: 3-10 years Short-term: 1-3 years Operational and Reliability: Disruption to company operations that could impact customers; may be measured in quantity of impacted customers, critical locations, loss of energy flows, and/or duration Regulatory, Legal, & Compliance: Diminishing relationship and increased scrutiny by regulators or government agencies; ongoing media coverage forces outreach to policy makers/regulators; increasing stakeholder revolt or objections leading to increased oversight; loss of license, exclusivity, or monopoly Financial : Potential financial loss, including disallowance, legal actions or fines, replacement energy, remediation, damage to 3rd party properties, etc. Impact 7 6 5 4 3 2 1 Catastrophic Severe Extensive Major Moderate Minor Negligible Fatalities: Many fatalities and life threatening injuries to the public or employees. Immediate, severe, and irreversible impacts to environment > 1 MM customers affected; or impacts an entire metropolitan area, including critical customers; or of more than a year due to permanent loss to a facility Actions resulting in closure, split, sale of the company, or criminal conviction Loss > $3 billion Ability to raise capital significantly impacted; or decrease in stock price greater than 25%; or potential insolvency Fatalities: Few fatalities and life threatening injuries to the public or employees. Severe and long-term impacts to environment >100 K customers affected; or impacts multiple critical locations and customers; substantial greater than 1 months Cease and desist orders are delivered by regulators; Critical assets and facilities are forced by regulators to be shut down; revoking license, market-based rate authority, or monopoly $1 B - $3 B Ability to raise capital is challenged; or decrease in stock price greater than 15% Permanent/Serious Injuries or Illnesses: Many serious injuries or illnesses to the public or employees. Significant and medium-term impacts to environment > 50 K customers affected; or impacts multiple critical locations or customers; substantial greater than 10 days Governmental, regulatory investigation (including criminal), and enforcement actions lasting longer than one year; violations that result in fines/penalties and large non-financial sanctions $100 MM - $1 B Ability to raise capital becoming more difficult; or decrease in stock price greater than 5% Permanent/Serious Injuries or Illnesses: Few serious injuries or illnesses to the public or employees. Significant and shortterm impacts to environment > 10 K customers affected; impacts single critical location or customer; greater than 1 day Violations that result in fines or penalties, or a Minor Injuries or Illnesses: Minor injuries or illnesses to many public members or employees. Moderate and shortterm impacts to environment > 1 K customers affected; impacts single critical location or customer; for 1 day regulator enforces nonfinancial sanctions, or Violations that result in significant new and fines or penalties updated regulations are enacted as a result of an event Minor Injuries or Illnesses: Minor injuries or illnesses to few public members or employees. Environmental impact is immediately correctable or contained within small area > 100 customers affected; impacts small area with no disruption to critical location or customer; less than 1 day Self-reported or regulator identified violations with no fines or penalties No injury or illness or up to an un-reported negligible injury. No environmental impact < 100 customers affected; impacts small localized area with no disruption to critical location/customer; less than 3 hours No impact to administrative impact only $10 MM - $100 MM $1 MM - $10 MM $50 K - $1 MM < $50 K Frequency of an occurrence: How often does the risk event occur Frequency/Likelihood 7 6 5 4 3 2 1 Common Regular Frequent Occasional Infrequent Rare Remote > 10 times per year 1-10 times per year Once every 1-3 years Once every 3-10 years Once every 10-30 years Once every 30-100 years Once every 100+ years Page SDGE/SCG B-5

The risk score for each risk is then calculated using the following algorithm: Risk score = 10 Each impact category is assigned a weight as follows: 40% for Health, Safety & Environmental, 20% for Operational and Reliability, 20% for Regulatory, Legal & Compliance, and 20% for Financial. Frequency ratings translate to certain values as shown in the table below: Frequency Rating Value 1 0.005 2 0.018 3 0.058 4 0.183 5 0.577 6 3.162 7 31.623 Thus, if a risk received a score of 6 for Health, Safety & Environmental Impact, 5 for Operational and Reliability Impact, 5 for Regulatory, Legal & Compliance Impact, and 6 for Financial, it would receive a score of 369,280 based on the following calculation: (Using frequency table, frequency 5 has value of 0.577) = 0.4*0.577*106 [safety] + 0.2*0.577*105 [reliability] + 0.2*0.577*105 [compliance] + 0.2*0.577*106 [financial] = 230,800 [safety] + 11,540 [reliability] + 11,540 [compliance] + 115,400 [financial] = 369,280 Page SDGE/SCG B-6

Risk Mitigation Plan Development & Documentation Based on the analysis and evaluation of risks, risk owners and managers develop and document risk mitigation plans to capture the state of the risk given current mitigations and any proposed additional mitigations. On an annual basis, the ERM organization facilitates the risk mitigation planning session where risk owners present their key risk mitigation plans and alternatives considered to the senior management team and discuss the feasibility and prudency of those proposed plans. This risk mitigation planning session helps shape the utilities priorities going into the annual investment planning process and helps identify gaps and/or areas of overlap in risk mitigation plans. Risk Informed Investment Decisions and Risk Mitigation Implementation The capital planning process is the utilities current process for prioritizing funding based on risk informed priorities and input from operations. On an annual basis, initial capital allocations begin with inputs from Functional Capital Committees that comprise subject matter experts who perform high level assessments of the capital requirements based on achieving the highest risk mitigation at the lowest attainable costs. These requirements are presented to the Capital Planning Committee which is a cross-functional team representing each functional area with capital requests. This committee reviews the spending requirement submissions from all functional areas, and projects are evaluated against priority metrics including safety, cost effectiveness, reliability, security, environmental and customer experience. The Capital Planning Committee then presents its recommendations for capital spending to the Executive Finance Committee which reviews the recommendations and either approves the proposed capital funding allocations or requests changes. Once the capital allocations are approved, each individual operating organization is chartered to manage their respective capital needs within the capital allotted by the plan. Similar to the utilities risk evaluation processes, the capital planning process is continuing to evolve as the utilities endeavor to achieve the shared goal of determining the risk reduction per dollar invested. In this report, the utilities demonstrate the first steps towards this evolution by showcasing a pilot the utilities are currently conducting to calculate a risk spend efficiency for the proposed mitigations. This approach is further described in the Overview & Approach section of this report. Monitoring and Review Monitoring and review of all aspects of risk management supports the utilities efforts at continuously improving its risk management framework. Periodic reviews of the utilities risk registry are performed to keep the registry current and facilitate discussions on any emerging or new risks that the utilities could face. Existing Key Risk Indicators (KRIs) support the monitoring of the utilities key risks and as mentioned above, the process of identifying and implementing KRIs will continue to improve this step of the process. Page SDGE/SCG B-7

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback