[image-caption title="Illustration%20By%3A%20Jerry%20Mosemak%2FNRECA" description="%20" image="%2Fremagazine%2Farticles%2FPublishingImages%2Fre-cover-main.jpg" /]
Throughout most of their history, the concept of risk for electric cooperatives has centered around the hazardous nature of the power industry. But over the past decade, broad transformations in the energy sector have brought waves of new potential risks to plan for and mitigate, from sophisticated cyberattacks and a global pandemic to climate change, personnel challenges and unprecedented regulatory obstacles.
“Everybody knows the risks are there, circling us like sharks,” says Ken Sivertsen, director of member services at JCE Co-op based in Elizabeth, Illinois. “Risks are changing constantly. Ten years ago, who heard of ransomware, that you could click on an innocent-looking link in an attachment, and before you know it, your phone is bricked, and they’re stealing all your information?”
But as in any industry, a certain amount of risk can help spur evolution and the need to meet new expectations, drive innovation and inspire new services.
[section separator="true"]
[section-item]
[row]
[column 4]
“If co-ops were unwilling to take on some risk, they wouldn’t be in the electric business—or broadband or propane or microgrids or other services,” says Pat Mangan, senior director of governance education at NRECA, which offers risk management courses for board members. “Broadband, for example, can present risks for those co-ops choosing to move into this business. But it also presents great opportunities.”
[/column]
[column 7]
[image-caption title="Ken%20Sivertsen%2C%20JCE%20director%20of%20member%20services%2C%20with%20the%20co-op%E2%80%99s%20business%20continuity%20diagram.%20(Photo%20Courtesy%3A%20JCE%20Co-op)" description="%20" image="%2Fremagazine%2Farticles%2FPublishingImages%2FKen%20Sivertsen%20JCE%20Co-op-3.jpg" link="%2Fremagazine%2Farticles%2FPublishingImages%2FKen%20Sivertsen%20JCE%20Co-op-3.jpg" linking="lightbox" /]
[/column]
[/row]
[/section-item]
[/section]
The key is to know where those risks are (or may arise) across the organization.
“The failure to identify and manage risks can result in fragmented views of impacts, inconsistent treatment and missed opportunities,” says Dave Viar, vice president of risk management at SMECO in Hughesville, Maryland. “This can lead to potential financial losses, reputational damage and missed chances for value enhancement.”
To get a better handle on the full range of challenges, co-ops are increasingly adopting the principles of enterprise risk management (ERM), a holistic approach that considers the impact of risk across the business.
NRECA Chief Risk and Compliance Officer Danielle Sieverling says co-op leaders are already engaging in broad risk discussions as they face new challenges or evaluate new business opportunities, “but they might not be calling it enterprise risk management.”
“ERM elevates the risk conversation by showing there is recognition across leadership that this is important, and collectively risks can be managed more effectively when a holistic view is applied,” she says.
“In its simplest form, it’s having conversations about the things than can go wrong and asking, ‘How are we managing these risks, and do we have a plan?’”
The Evolution of Risk
More comprehensive risk management strategies are becoming a priority for many industries.
“Co-op leaders are nimble and do a nice job evolving and creating mitigation solutions,” says Corey Parr, vice president of safety and loss prevention at Federated Rural Electric Insurance Exchange, underwriter for most of the nation’s electric co-ops. “But when the risk environment is changing at the pace we are experiencing, our mitigation strategies become crucial and more visible.”
[blockquote quote="%E2%80%9CFive%20years%20ago%2C%20I%20was%20spending%20little%20time%20with%20wildfire%20mitigation%20strategies.%20Today%2C%20it%20encompasses%20probably%2020%25%20of%20my%20time.%E2%80%9D" author="Corey%20Parr%2C%20vice%20president%20of%20safety%20and%20loss%20prevention%2C%20Federated%20Rural%20Electric%20Insurance%20Exchange" /]
A recent survey of corporate leaders and board members by North Carolina State University and global consultant Protiviti found a top 5 list of risks for 2023 that will sound familiar to electric co-op leaders: economic pressures; succession planning and attracting/retaining talent; cybersecurity threats; third-party products and services; and new regulatory changes and scrutiny.
“Co-ops are facing the same potential threats as any other business in America,” says Sieverling. “These studies are a great starting point to help co-ops think about what is an ‘enterprise risk.’”
Federated has seen these evolving risks and now provides coverage for emerging challenges like heightened wildfire activity, large-scale battery storage and cyber incidents.
“Five years ago, I was spending little time with wildfire mitigation strategies,” Parr says. “Today, it encompasses probably 20% of my time.”
[section separator="true"]
[section-item 6]
[row]
[column 11]
Sivertsen, who has led JCE Co-op’s ERM initiative since 2021, notes that enterprise risk management and other such strategies involve a deliberate process of identifying, categorizing, addressing, tracking and monitoring individual risks and evaluating their potential impact across the entire organization. It’s then up to leadership to decide whether to accept the risk and how to handle it.
[/column]
[/row]
[/section-item]
[section-item 6]
[row]
[column 12]
[image-caption title="(Left%20to%20right)%20Dave%20Viar%2C%20SMECO%20vice%20president%20of%20risk%20management%3B%20Corey%20Parr%2C%20Federated%20vice%20president%20of%20safety%20and%20loss%20prevention%3B%20Danielle%20Sieverling%2C%20NRECA%20chief%20risk%20and%20compliance%20officer%3B%20and%20Pat%20Mangan%2C%20senior%20director%20of%20governance%20education%2C%20NRECA" description="%20" image="%2Fremagazine%2Farticles%2FPublishingImages%2Fcollage-recover-april2024.jpg" /]
[/column]
[/row]
[/section-item]
[/section]
“Ultimately, there are only four responses to risk: mitigate, transfer, accept or avoid,” he says. “We accept and control risk by putting up guardrails. That risk is also transferred to insurers or reinsurers.”
After the co-op’s directors adopted formalized risk review as part of its larger business continuity management program, it paid for Sivertsen to earn his certification as a business continuity professional from the Disaster Recovery Institute International.
As risk manager, Sivertsen keeps the co-op’s “risk register” and oversees its ERM framework and ensures it’s integrated across the organization. The process adds another layer to staff workloads, he says, but a designated risk manager is important “because if no one identifies and, more importantly, assigns ownership of that risk, then everybody else thinks someone else is taking care of it.”
Minnesota generation and transmission cooperative Great River Energy has also adopted ERM.
[section separator="true"]
[section-item]
[row]
[column 4]
“We have a number of impressively engaged functioning risk teams that include at least one senior sponsor” from committees across the G&T, including safety, security, market risk and reputation, says Director of Enterprise Risk Management Michael McFarland. “Mitigating risk is everyone’s job.”
McFarland—who also helps member co-ops assess risk on proposed projects—says his job isn’t to discourage risk. “My idea of the worst risk manager is the person who comes in and says, ‘It’s too risky. You have to stop doing it,’” he says.
[/column]
[/row]
[/section-item]
[/section]
Co-ops wanting a deeper dive into ERM can start with simple steps that can help take a hard look at financial, operational and reputational risk, McFarland says.
“From a pragmatic and practical perspective, it’s what are the things that we most value, and what are we going to do to make sure those things are protected,” he says.
“And if they’re not protected, what plans do we have in place to respond to threats?”
Mangan says it pays to start with the building blocks of risk management: identification of actual or potential risks, assessment of each risk, mitigation strategies, consistent communication and transparency around a solid strategic plan.
“Communication is key to ensuring that everyone is aware of the risks, understands the mitigation strategies and knows how to respond in case of risk events,” Mangan says.
Sivertsen says to remember that while it’s impossible to mitigate risk to zero, co-ops can succeed by managing their response.
Up until recently, “JCE Co-op adhered to the, ‘If you don’t mention it, it won’t bite you’ approach to risk,” he says. “But we’re a small co-op, and we need to protect ourselves. We now talk about risk.”