PG&E Corporate Responsibility and Sustainability Report 2018

Northern California Wildfires

Risk Management

Nothing is more important to PG&E than the safety of our customers, employees and the public. In keeping with that focus, PG&E’s long-term objective for managing risk is to conduct data-driven decision-making to support safe, reliable and efficient electric and gas service that is integrated into our planning process and becomes the foundation for our regulatory rate cases.

Our Approach

At PG&E, risk management processes are facilitated by a central group, implemented by each line of business and overseen by senior management and the Boards of Directors.

Process Facilitation

The Vice President, Internal Audit and Chief Risk Officer (CRO) of PG&E Corporation and Pacific Gas and Electric Company is responsible for overseeing the enterprise and operational risk management process, internal audit and insurance functions, market and credit risk management, and reporting to the Audit Committees of the PG&E Corporation and Pacific Gas and Electric Company Boards. The CRO also facilitates and is a voting member of the PG&E Corporation Risk Policy Committee and the Utility Risk Management Committee, both of which include a subset of senior officers of PG&E Corporation and Pacific Gas and Electric Company.

Lines of Business Implementation

Each PG&E line of business develops and maintains a risk register—an inventory of risks specific to its operations. The risk registers were developed using a consistent methodology to identify, assess and prioritize risks and are refreshed each year to ensure that risk assessments capture any changes to risk levels. Each of these risk registers informs a PG&E-wide risk register that allows senior management to focus on the most significant risks.

The senior-most executive of each line of business maintains a Risk and Compliance Committee, which has oversight responsibility for all associated activities for risk and compliance programs within their organization.

The Risk and Compliance Committee ensures that activities related to enterprise and operational risk and compliance management within their respective organizations are adequate and effective, and that resources are available as needed. Activities may include, but are not limited to:

  • Reviewing and providing feedback on risk and compliance items,
  • Reviewing the results of annual risk identification and refresh processes,
  • Approving the addition or removal of risks (enterprise, operational and compliance) to the organization’s risk register,
  • Overseeing progress of mitigation activities through to completion, including an assessment of whether the objective was met or if the mitigation was re-scoped,
  • Approving risk analyses and mitigation strategies that consider alternative solutions,
  • Approving and monitoring metrics for key risks and compliance requirements,
  • Reviewing progress on compliance training and
  • Monitoring progress toward risk-reduction objectives.

Senior Management and Board of Directors Oversight of Risk Management Activities

The PG&E Corporation and Pacific Gas and Electric Company Boards and their respective committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Boards
  • Evaluate risks associated with major investments and strategic initiatives (with assistance from the Finance Committee Footnote 1)
Audit Committees
  • Discuss the guidelines and policies that govern the processes for assessing and managing major risks
  • Allocate to other Board committees the specific responsibility to oversee identified enterprise risks
  • Consider risk issues associated with overall financial reporting and disclosure processes
  • Discuss programs to monitor compliance with laws, regulations, policies and programs
Finance Committee Footnote 1
  • Discusses risk exposures related to energy procurement, including energy commodities and derivatives, and other enterprise risks, as assigned by the Audit Committees
Safety and Nuclear Oversight Committees Footnote 1
  • Advise and assist the Boards of Directors with respect to the oversight and review of risk management practices related to Pacific Gas and Electric Company’s nuclear, generation, gas and electric transmission, and gas and electric distribution operations and facilities
  • Oversee other enterprise risks, as assigned by the Audit Committees
Compensation Committee Footnote 1
  • Oversees potential risks arising from compensation policies and practices
  • 1. Committees of the PG&E Corporation Board of Directors only.1a, 1b, 1c

For a full description of Board committee oversight responsibilities, please see the webpages of the Boards of Directors of PG&E Corporation and Pacific Gas and Electric Company, as well as our 2018 Joint Proxy Statement.

Senior management and their committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Enterprise Risk Governance Committee
  • Provides strategic direction and oversight of PG&E’s enterprise and operational risk management program
Enterprise Compliance Governance Committee
  • Provides strategic direction and oversight of PG&E’s compliance and ethics programs

2017 Milestones

We continued to review and refine our approach to risk management through expanded use of quantification and operational risk modeling.

In 2017, Pacific Gas and Electric Company filed its first Risk Assessment Mitigation Phase (RAMP) report (PDF), providing the California Public Utilities Commission (CPUC) with initial quantitative, probabilistic views of the Utility’s top safety risks. The report identifies the costs associated with controlling these risks, describes future mitigation plans—including anticipated risk reduction—and includes a specific discussion on our safety culture and information on our asset replacement plans.

Looking Ahead

PG&E is committed to building on the progress made through the RAMP process by further expanding the use of operational risk models in decision-making to incorporate lessons learned, as well as additional regulatory comments and insights, with the goal of minimizing risk and maximizing the safety of the customers and communities PG&E serves.

PG&E will continue to employ risk-based decision-making in our integrated planning process and regulatory approach as we seek to achieve a best-in-class risk management program.