PG&E Corporate Responsibility and Sustainability Report 2017

Risk Management

PG&E’s long-term objective for managing risk is to conduct data-driven, risk-based decision-making to support safe, reliable and efficient electric and gas service that is integrated into our planning process and becomes the foundation for our regulatory rate cases. To achieve this objective, PG&E has established a foundational risk management infrastructure and remains focused on integrating risk management into our culture and business practices.

Our Approach

At PG&E, risk management processes are facilitated by a central group, implemented by each line of business and overseen by senior management and the Boards of Directors.

Process Facilitation

The Vice President, Internal Audit and Chief Risk Officer (CRO) for PG&E Corporation and Pacific Gas and Electric Company is responsible for overseeing the enterprise and operational risk management process, internal audit and insurance functions, market and credit risk management, and reporting to the Audit Committees of the PG&E Corporation and Pacific Gas and Electric Company Boards. The CRO also facilitates and is a voting member of the PG&E Corporation Risk Policy Committee and the Utility Risk Management Committee, both of which include a subset of senior officers of PG&E Corporation and Pacific Gas and Electric Company.

Lines of Business Implementation

Each of PG&E’s lines of business develops and maintains a risk register—a ranking of risks specific to its operations. The risk registers were developed using a consistent methodology to identify, assess and prioritize risks and are refreshed each year to ensure that risk assessments capture any changes to risk levels. Each of these risk registers informs a PG&E-wide risk register that allows senior management to focus on the most significant risks.

The senior-most executive of each line of business maintains a Risk and Compliance Committee, which has oversight responsibility for all associated activities for risk and compliance programs within their organization.

The committee members ensure that activities related to enterprise and operational risk and compliance management within their respective organizations are suitable, adequate and effective, and that resources are available as needed. Activities may include, and are not limited to:

  • Reviewing and providing feedback on risk and compliance items,
  • Reviewing the results of annual risk identification and refresh processes,
  • Approving the addition or removal of risks (enterprise, operational and compliance) to the organization’s risk register,
  • Overseeing progress of mitigation activities through to completion, including an assessment of whether the objective was met,
  • Approving risk analyses and mitigation strategies that consider alternative analyses and the acceptable level of risk,
  • Approving and monitoring metrics for key risks and compliance requirements,
  • Reviewing progress on compliance training, and
  • Monitoring progress toward risk-reduction objectives.

Senior Management and Boards of Directors Oversight of Risk Management Activities

The PG&E Corporation and Pacific Gas and Electric Company Boards and their respective committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Boards
  • Evaluate risks associated with major investments and strategic initiatives (with assistance from the Finance Committee Footnote 1a)
Audit Committees
  • Discuss the guidelines and policies that govern the processes for assessing and managing major risks
  • Allocate to other Board committees the specific responsibility to oversee identified enterprise risks
  • Consider risk issues associated with overall financial reporting and disclosure processes
  • Discuss programs to monitor compliance with laws, regulations, policies and programs
Finance Committee Footnote 1b
  • Discusses risk exposures related to energy procurement, including energy commodities and derivatives, and other enterprise risks, as assigned by the Audit Committees
Nuclear, Operations and Safety Committee Footnote 1c
  • Advises and assists the Boards of Directors with respect to the oversight and review of risk management practices related to Pacific Gas and Electric Company’s nuclear, generation, gas and electric transmission, and gas and electric distribution operations and facilities
  • Oversees other enterprise risks, as assigned by the Audit Committees
Compensation Committee Footnote 1d
  • Oversees matters relating to safety, operational performance and compliance issues related to the Utility’s nuclear, generation, gas and electric transmission, and gas and electric distribution operations and facilities
  • 1. Refers to committees of the PG&E Corporation Board of Directors only. 1a, 1b, 1c, 1d

For a full description of Board committee oversight responsibilities, please see the webpages of the Boards of Directors of PG&E Corporation and Pacific Gas and Electric Company, as well as our 2017 Joint Proxy Statement.

Senior management and their committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Enterprise Risk Governance Committee
  • Provides strategic direction and oversight of PG&E’s enterprise and operational risk management program
Enterprise Compliance Governance Committee
  • Provides strategic direction and oversight of PG&E’s compliance and ethics programs

2016 Milestones

We continued to review and refine our approach to risk management, examining and ranking all enterprise and operational risks. Our risk management governance structures allow risks to be investigated both under a Board of Directors-directed review process and also from a “bottoms-up” approach that allows operational experts to apply their knowledge and identify emerging issues for PG&E.

Looking Ahead

PG&E is committed to achieving a best-in-class risk management program, and continuing to employ risk-based decision-making in our integrated planning process and regulatory approach. Areas of focus include:

  • A Risk Assessment Mitigation Phase filing with the California Public Utilities Commission (CPUC), which includes quantifying our top safety risks across PG&E,
  • Improved enterprise-wide monitoring and analytics,
  • Increased efforts to understand the tolerable level of risk for PG&E, and
  • An optimized risk portion of the integrated planning process.