The CRO road

Shift in focus
None of the CROs EPRM spoke to say they have had to take on any new responsibilities or fundamentally change their role since Enron’s collapse. But it is clear that the balance of the role has changed. AEP’s Smith, who has held the post for 18 months, says for most of that time he has been focused on credit and market risk. “When I first joined, 100% of the job was in those two categories, and the Enron event didn’t change that,” he says. “It’s only recently I’ve been able to move onto other business areas.”

Patrich Simpkins, executive vice-president and CRO at TXU Energy in Dallas, says: “Prior to Enron, risk tended to be seen as a trading issue, and so very few people focused on credit, operational or business risk. But Enron’s failure wasn’t due to market or even credit issues. It was a failure to recognise and calculate the underlying financial strength of the company, its asset base and accounting issues, which are operational and business risk issues.

“The changes in the energy trading sector have had one positive effect for CROs, which is to make the role and what it represents a permanent fixture in the company,” he adds. “The support for the work we’re trying to undertake – putting people and systems in place, increasing the level of governance – has been overwhelming.”

So what does a CRO do? AEP’s Smith says his core task is to ensure that management is informed of risk-taking positions throughout the company in a consistent format. At AEP, he does this by dividing risk into 10 separate areas: legal and compliance; organisational; credit; market; operational (systems and technology); environmental; financial documentation – which he says has grown in importance since Enron’s demise; liquidity; franchise; and sovereign (international).

Smith says he reports on these risks to senior management in a consistent format at least once a month, although he may report on areas such as credit and market risk on a daily basis, if events dictate. But he says it is important to understand that his role is not merely a reporting function.

“For example, if a trader exceeds his or her limits on the trading desk, it’s my part of my job to make a call on whether I agree or disagree with that,” he says. “I think this is a different approach from from that of a lot of organisations, where the CRO position is very much a reporting function.”

Other companies divide up risk differently. TXU’s Simpkins says he is charged with addressing risk in four specific areas – business, operational, credit and market risk – although he says areas such as political and regulatory risk also fall within these categories.

Simpkins defines the main purpose of the role as threefold: to ensure the viability of the company by safeguarding its assets and systems; to facilitate the trade-off between short-term profits and long-term value; and to maximise the level of risk-adjusted return by optimising assets and liabilities.

El Paso’s Anderson says his role encompasses three main decision-making areas: bringing a risk-adjusted perspective to capital allocation decisions, such as whether to invest in or divest assets; implementing controls on all business with a risk element, including trading and field services such as pipeline and refinery management; and incorporating risk-adjusted processes into all business areas.

“If the company comes up with a five-year strategic plan, it’s my job to incorporate risk scenarios – such as market or operational risk – into the plan, so that it becomes risk-adjusted, rather than just a straight projection of targets,” he says, “This can totally change a company’s perspective on its strategic objectives.”

A growing role
The CRO’s role is still growing and is not as senior as more established positions, such as chief financial officer (CFO) or chief operating officer (COO). All three CROs say they report to the CFO, with a dotted line of responsibility to the board of directors.

But with their mandate to manage risk across different business areas, CROs seem bound to tread on a few toes. TXU’s Simpkins says the biggest challenge for the increasingly significant CRO is resistance from heads of other business areas to having limits placed on their operating freedom.

El Paso’s Anderson says misinterpretations of the extent of the position are still common. In some companies, the CRO’s role is still seen solely as a trading management function, with responsibility for compliance functions.

“Although that’s a part of my job, it’s a lot wider than that – trading is only one source of risk within the company,” Anderson adds.

Career path
So where should aspiring CROs start? Before joining AEP as CRO, Smith worked in the military as an engineer, in the US treasury department as a bank examiner and then in risk management at investment bank Citigroup. Before coming to TXU, Simpkins worked for many years in risk management and banking at US firm Duke Energy and its subsidiaries. Both say there is no set career path for a CRO

Simpkins says a strong financial and economic background is the key requirement for the role. Experience in a second area – either marketing and deal negotiation, or a technical discipline such as engineering – is also useful, he adds.

“The job covers so many diverse areas that it’s also good to have some trading experience – either in the financial or commodities markets – and some understanding of accounting and tax issues,” he says. “The best CROs have had career paths that have included all these disciplines.”

But he says a financial background is crucial, and it is difficult to become a CRO from a pure trading or accounting background, because of the the steepness of the learning curve.

Technology
Meanwhile, the importance of technology in aggregating and interpreting data is growing. “In my first two years in this role, the IT side was pretty simple, and in terms of systems we didn’t go much beyond spreadsheets,” says El Paso’s Anderson. But he says events on the energy markets over the past 10 months and an increased focus on managing risk have increased the need for a flexible enterprise-wide risk management (EWRM) system. And this need is not being met.

“We’ve tried all the major software vendors as well as small independent manufacturers, but none of them has a platform that is nimble enough for our requirements,” Anderson says.

AEP’s Smith agrees that no software company is offering a company-wide EWRM system to aggregate risk. The 10 risk areas he oversees are reported on by as many as 10 different systems and integrated centrally. But he adds: “The lack of such a system shouldn’t hold back the CRO role – that’s a convenient excuse. You can always just put pencil to paper. There are so many qualitative factors involved in this job that an enterprise-wide software product – although welcome – would only get you halfway there.”

TXU’s Simpkins says: “There is no single EWRM system, and I don’t believe there ever will be. It would be so expensive for a software company to develop a system that far-reaching that I don’t think investors would have the patience to see it through.

“A CRO needs to develop networks, of people as well as technology,” he adds. “A CRO who relies solely on technology to manage risk will fail. Technology supports the informal risk culture that it’s a CRO’s job to create, but if that culture is not there, you’ve already failed in your task.”