6 minute read 27 Feb 2019
Photographer taking picture of erupting volcano

Five ways for P&U organizations to turn risks into opportunities


Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.

6 minute read 27 Feb 2019

The power and utilities (P&U) sector faces many challenges; a sound risk management strategy is the key to success in the Transformative Age.

Many utilities are continuing to invest time, money and resources into improving their risk management and compliance efforts, even as they face downward pressure on revenues — with some overspending by as much as 25% to 30%. Yet, critical gaps remain.

Most significantly, our assessment of P&U organizations’ risk management capabilities — part of the EY Global Power & Utilities Risk Pulse Survey — found that they often lack a clear understanding of all the risk management activities being performed, who’s doing them, and where in the organization these activities are happening. Efforts are often ad hoc and scattershot, and risk functions tend to be siloed. This impairs visibility across the enterprise, confuses roles and responsibilities, and creates uneven responses that may not reflect the probability of the risk or its impact.

In fact, only 22% of P&U organizations say that their risk activities are well coordinated.

Utilities should be asking themselves whether their operating model is agile enough to respond and react to risks or events as they unfold. Does it flex and adjust when you need?
Matt A. Chambers
EY Global P&U Risk Lead
Engineers walk below two large gas pipes
(Chapter breaker)

Chapter 1

Establish a risk-enabled culture with exceptional leadership

In today’s transformative age, effective risk management starts at the top.

Effective risk management starts at the top with clarity around risk strategy and governance.

It is critical that the proper oversight and accountability exist at the board and executive levels. Leaders should establish clear communication and direction and set a good example in raising the awareness of risk being everyone’s responsibility.

At a time when risks are increasingly complex and evolving increasingly rapidly, to successfully meet the challenge, everyone needs to be a risk manager, from the CEO down. An enhanced governance structure, board-level reporting and communications can improve visibility, accountability and transparency.

Additionally, effective risk analysis, reporting and oversight could ultimately improve strategic decision-making throughout the organization, improving longer-term prospects, as well as short-term resilience.

People stand and watch geysers erupt in Iceland
(Chapter breaker)

Chapter 2

Assess risk appetite and tolerance

To effectively deal with more complex risks, you need to understand how they might affect your business strategy.

Defining risk appetite and tolerance is an important first step in developing a robust utility risk management framework that is fit to address the challenges of transitioning to a future energy world.

The rapid rise and evolution of distributed energy resources (DERs), digital technologies, the smart grid and the “electrification of everything” are challenging traditional ways of doing business. But, it also creates compelling opportunities for utilities to explore new revenue streams and develop sustainable business models to succeed in a future energy world. P&U organizations will need to balance these opportunities against associated and mounting risks.

This is why P&U organizations should integrate risk management into their overall business strategy design and execution if they want to develop an in-depth understanding of the external and internal drivers of change across the business and operational landscape.

This convergence of strategy and risk  is essential to identify options for decision-making amid uncertainty — having a comprehensive road map in place will help utilities assess multiple pathways toward a preferred future state.

Three Royal Air Force red arrows flying in blue sky
(Chapter breaker)

Chapter 3

Adopt an integrated and agile three lines of defense model

Improving the effectiveness, efficiency and coordination of your resources is key to success.

Various risk defense mechanisms have evolved over time, blurring the traditional three lines of defense model and causing overlapping scope, as well as reporting and governance structures. Inconsistent methods prevent functions across the organization from leveraging each other’s work, and too many tools and technologies exist that use disparate risk and control language. As a result, the amount of money P&U organizations are spending to monitor risk is staggering.

Integration, alignment and coordination of activities across the three lines of defense presents an opportunity for P&U organizations to improve effectiveness, efficiency and coordination of enterprise-wide resources. It’s here where utilities can identify “high-value” areas to deliver significant incremental cost savings.

Confusion surrounding roles and responsibilities may be contributing to a less effective risk management environment. This is why organizations should also challenge “what gets done,” “where it gets done,” and “who does it” to help identify areas of overspend or underinvestment.

Four Engineers working up high on electricity pylons
(Chapter breaker)

Chapter 4

Manage risk, not compliance

Moving from reacting to anticipating regulatory changes will help you stay ahead of the curve.

Compliance management is not risk management. However, effective risk management enables utilities to respond faster to changing regulations and demonstrate compliance.

Rather than being in a reactive mode each time new standards are announced, P&U organizations should anticipate and assess the risk of potential changes and effectively incorporate them as they arise. This agile approach can reduce the costs of risk management over the long term through improved flexibility and greater efficiencies in the deployment of people, technology and processes.

To do this, P&U organizations need to set up an effective risk management and response and coordination framework so that they can meet compliance requirements, improve performance and ensure business continuity in the face of adverse events and rapid change.

Man on smartphone waiting as electric car charges
(Chapter breaker)

Chapter 5

Focus on innovation

New technologies can help you address new challenges.

Like the rapidly changing P&U sector itself, enterprise risk management is evolving in exciting new ways. P&U organizations are increasingly deploying data analytics and digital technologies, such as robotic process automation (RPA) and blockchain, to increase efficiencies, reduce costs and improve performance.

For example, with RPA, utilities can streamline and automate the execution of repetitive business processes, which improves quality, security and execution time. Meanwhile, blockchain, with its decentralized distributed ledger capabilities, could potentially improve the security of future P&U business models, such as peer-to-peer energy transactions across networked DERs.

Adopting a more agile risk management framework — enabled and facilitated by new technologies — will allow P&U organizations to evolve and improve over time, respond to changing circumstances and take advantage of the cost reduction opportunities presented by investment in innovative technology.

Take the risk pulse of your own organization

Read our survey results and deep-dive articles to learn what your peers are saying about key risks in the financialstrategic, operational and compliance categories, or find out more about how our risk and cybersecurity professionals can help.


From leadership down, to respond to the rapidly-changing risks affecting the sector, P&U organizations need to change how they approach risk management. You need to take a strategic approach that leverages new technologies and anticipates potential new developments rather than simply react.

About this article


Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.