Appendix 2: Transpower's framework for managing risk
Risk management policy
Transpower has a Risk Management Policy (the Policy) that documents:
- the framework within which Transpower's risks (including those related to projects) can be identified, assessed, managed, and reported;
- the principles that will be applied;
- the risk assessment criteria;
- risk reporting; and
- risk management governance and responsibilities.
The Policy includes the Corporate Risk Assessment Matrix. The Matrix provides guidance on the likelihood (the probability that an event is likely to occur during a particular time) and consequences (outcome or effect) of an event so that risks can be assessed and quantified. This is aimed at ensuring consistent measuring of risks.
Risk management governance structure and responsibilities The Policy also sets out a risk management governance structure and the responsibilities of the groups within the structure. This structure is shown in Figure 2.
Board responsibilities
The board is responsible for approving the Risk Management Policy and evaluating its effectiveness. The board is also responsible for considering the major risks and how well the risks are being managed. This includes considering whether the necessary timely actions are taken to remedy any identified significant failings or weaknesses.
The Audit and Finance Committee is responsible for reviewing the Annual Internal Audit Plan to check that it reflects Transpower's risk profile and for recommending that the board approve the plan. The Audit and Finance Committee is also responsible for overseeing how non-technical risks are managed.
The board appoints a Network Risk Committee. The Network Risk Committee's terms of reference require the committee to consider, assess, and review asset and network risks and their controls. These risks include building, capacity, reliability, maintenance, and general adequacy of Transpower's grid assets and operations to meet the needs of the electricity industry and achieve the company's objectives set out in its business plan and Statement of Corporate Intent. The Network Risk Committee is also responsible for reviewing policies and procedures.
Management responsibilities
The chief executive has overall responsibility for ensuring that all risks are identified, assessed, managed, and reported in a transparent, structured, and consistent way.
The chief executive, general managers, and chief engineer are accountable for ensuring and monitoring compliance with the Policy.
General managers are responsible for identifying, assessing, recording (in the Company Risk Register), and managing all risks for which their functional group is accountable. This includes:
- ensuring that changes to risks or new risks are identified and reported as they arise; and
- designating risk owners within their divisions to establish accountabilities and ensure that these accountabilities are met.
In keeping with the Policy and terms of reference, managers set up a Management Risk Committee to provide a multidisciplinary forum where divisions could "explore and discuss" risks. This committee, responsible for monitoring Transpower's main risks, comprises the chief executive, one person from each division, and the risk and audit manager. It meets monthly and is meant to focus on high-impact risks that may affect or involve more than one part of the business.
Programme and project managers are responsible for identifying, assessing, recording (in the company risk register), and managing all risks to their programme or project. This includes ensuring that details of any changes to programme or project risks, or new risks, are reported as they arise.
Risk registers
All identified risks are recorded in a corporate risk register. Project risks are included in their own project risk registers.
page top