On Enterprise-Wide Risk Management

Monday, January 23, 2012

Michele Westergaard


In this challenging environment, board members and management executives are striving to maintain their tight grip on costs while maintaining a proper focus on enterprise-wide risk.

Jack Dybalski is the Vice President and Chief Risk Officer of Xcel Energy based in Denver, Colorado. He is responsible for key risk assessment, commodity and credit risk management as well as generation modeling, asset risk management, risk analytics, sales forecasting, load research, and compliance for trading.

Mr. Dybalski answered a series of questions written by marcus evans to discuss the role of a CRO within a company. Allresponses represent the view of the Mr. Dybalski and not necessarily those of Xcel Energy. (Note that the responses have been approved by Xcel Energy.)

What would be a more collaborative structure which may help companies to manage risk better alongside performance?

JB:The specifics will vary significantly from organization to organization and will also depend on the types of risks that are predominant in the organization.  Four things have evolved over the years at Xcel Energy that have led to an increasingly successful program.

  • We have developed governance processes whereby risk management review and assessment is required prior to execution of material transactions and key projects.
  • The business functions have developed a high degree of risk consciousness
  • The risk management function is integrated with the strategy and planning actions of the organization
  • The Board of Directors takes a strong interest in risk management issues and receives a review of the company’s “Key Risks”

What would you say the differences between risk and uncertainty?

JB: Uncertainty is only one piece of risk. Uncertainty needs to be applied to multiple risk parameters such as “earnings impact”, “timing”, “controllability’, impact of external drivers” and “interaction with other risks” to get a full flavor of the risk involved. 

Uncertainty needs to be placed in the perspective of the business and in the perspective of executive management to have meaning.

What is the exact role of the Chief Risk Officer in an organization?

JB: This will vary widely from organization to organization and will likely evolve over time as the organization changes. Flexibility and willingness to absorb tasks that need doing are key traits. So any CRO looking for an exact definition from the perspective of specific tasks may very well be unsuccessful. 

Certain tasks can be defined via policy as needed but are really the small part of the role.  An overarching role is to understand the key issues facing the organization, creatively challenge business processes by asking what can go wrong… then working to plug the potential holes. 

Communicate the risks to executive management and the Board. Perform from the perspective of “what can be?” rather than “what is it now?”  Gain the trust and collegial interaction amongst company peers to achieve the optimal level of risk and reward consistent with the Company’s stated strategies.

What would be the possible areas of risk ownership for the CRO?

JB: Again, this can and will vary widely from organization to organization. At Xcel Energy, the specific areas of risk ownership have evolved over many years. Many of them were items that simply needed doing for the business. 

Some came about because of the particular highly analytic skill sets within the risk management organization. Regardless of who actually performs the specific tasks, the key is full transparency and consistency of measurement/assessment techniques as much as possible for use by executive management. 

One key role for risk management is the communication of how to think about risks and how to portray them for full understanding by all. If that can be accomplished, then the organization is well on its way to comprehensive risk views.

Jack S. Dybalski is Vice President and Chief Risk Officer at Xcel Energy. He will be a key speaker at the marcus evans 5th Annual Enterprise Risk Management Conference taking place in from March 19-21, 2012 in Chicago, IL.

For further details on the upcoming conference, contact michelew@marcusevansch.com

Possibly Related Articles:
Enterprise Security
Information Security
Compliance Enterprise Security Management Risk Assessments Leadership Policies and Procedures Enterprise Risk Management Michele Westergaard Jack Dybalski Chief Risk Officer CRO
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.