7 minute read 27 Feb 2019
Man walking inside a cooling tower

How can utilities manage risks they don’t measure?


Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.

7 minute read 27 Feb 2019

Given the severity of impact, likelihood and velocity of top risks in the power and utilities (P&U) sector, organizations will need new strategies to respond.

We have been hearing for some time the looming need to embrace transformation to succeed in the future. For the P&U sector, that future is approaching fast.

As the sector moves toward tipping points that promise game-changing consequences, organizations face rapidly evolving risks. In the EY Global Power & Utilities Risk Pulse Survey, respondents identified the rise of distributed energy resources (DERs), changing customer demands and new digital technologies, including the Internet of Things (IoT), as their top strategic risks — ones that are set to grow in importance.

When asked to measure these risks based on the likelihood of occurrence, severity of impact and velocity at which they will feel the impact, respondents rated all risks as high across all three categories.

Given that the sector is in the midst of significant disruption, this is hardly surprising. But what is concerning is that our survey revealed that P&U organizations’ response strategies remain unclear.

Measuring risk is about understanding the time horizon, what the consequences may be based on exposure, the relative likelihood of an event occurring and how quickly the consequences will materialize.
Matt A. Chambers
EY Global and Americas Power & Utilities Risk Leader
Cotopaxi volcano erupting in the distance behind a hilly town
(Chapter breaker)

Chapter 1

How to think about P&U risk

Choose your model, and assess time, impact, likelihood, and speed.

Measuring risk effectively is about a combination of understanding:

  1. The time horizon for measuring the risk:
    • Using DERs as an example, forecasting could reveal that the magnitude of the impact of growing DER penetration in 1 year will be significantly different than in 5, 10 or 20 years. Given the long lead times for P&U development, taking a long-term view may be necessary to adequately prepare.
  2. How severe the impact may be:
    • Measuring how hard a utility will be hit should a specific scenario occur should use a range of criteria, including impact on capital, cash flow, reputation, etc.
  3. The relative likelihood of a risk event occurring:
    • For instance, if a utility pegs the financial impact of 25% DER penetration at US$5 billion, it can then use forecasting and analytics to determine probability distributions across different time horizons. It may assign probabilities of 5% that this event will occur in the next 3 years, 25% that it will occur 5 years from now and 75% that DERs will reach such penetration 10 years from now.
  4. The speed at which those consequences will materialize:
    • When DERs reach critical mass, will the utility feel the full US$5 billion impact on its revenue and earnings immediately? Or will it trickle out over the following decade? This is the velocity of risk — the speed of impact once the event occurs.

So, how can utilities measure likelihood, impact and velocity of risk? Several techniques exist; the best method depends on how sophisticated and granular the risk measurement needs to be.

Generally, measurement techniques fall into one of three categories: qualitative, quantitative or hybrid:

  • Qualitative: often uses a scorecard to assess the risks and mitigations in place and estimate the severity of the event. However, this approach may lack the precision and rigor that statistical analysis of detailed data sets provides.
  • Quantitative: relies on empirical data and scenario planning. The challenge is that while there is a wealth of data for more traditional risks, there is little historical data available for the newer types of risks.
  • Hybrid: combines quantitative scenario modeling with qualitative techniques using internal and external sources, as well as other business and control factors. The challenge here is in choosing the right balance of different techniques.

P&U organizations view their top risks as high likelihood, high impact and high velocity. What’s more, they believe these risks will become more significant as their organizations transition to a future utility world.

Yet, respondents also admit that they aren’t prepared for what’s to come.

In the case of DERs, our survey found that 33% say they either have an ineffective strategy or no strategy at all in place to address the risk. Another 28% consider the strategies they have in place to be only somewhat effective.

Respondents admit to being in a similar position when it comes to digital and the IoT, as well as changing customer demands and expectations.

Given the lack of effective response strategies and anticipated increasing importance in the future by a majority of respondents, it’s no surprise that the residual risk exposure to these newer risks is perceived to be high. But without effective measurement to understand the true exposure, developing more effective strategies will continue to prove elusive.

Yellow helicopter on a snow-covered mountain top
(Chapter breaker)

Chapter 2

How to respond to P&U risk

Should you retain, reduce, increase, or transfer?

Once P&U organizations understand the implications of their most important risks, they may determine that the risk exposure is too significant to mitigate. Divesting or exiting may be the most appropriate strategic response.

However, if they choose to manage the risk, there are four primary routes to consider:

1. Retain

Given the state of readiness (or lack of it), particularly as it relates to top strategic risks, this appears to be a typical model. Disruptive change has the potential to undermine asset values across the entire value chain — so utilities need to determine how to finance losses, should they occur.

For instance, we have witnessed significant asset impairments recorded by European utilities in recent years driven by write-downs of underperforming fossil fuel assets, which struggle to compete with highly subsidized, low-marginal-cost renewables.

2. Reduce

Utilities looking to be more proactive can undertake actions that help reduce the likelihood of the occurrence or the severity of the impact. This may involve working with regulators to evolve the current approach to create incentives for utilities and third parties to invest more in innovative technologies, including distributed renewables, batteries and energy efficiency.

We have seen examples of performance-based regulatory initiatives, such as the UK’s RIIO framework and New York’s Reforming the Energy Vision strategy.

3. Increase

Some pioneering utilities looking to get ahead of the risk — and their competitors — are electing to increase their exposure by exploiting emerging risks. This may involve making structural changes to their business models.

In recent years, the major German utilities have exercised this option by separating traditional nuclear and fossil-fuel generation businesses from their renewables and retail service side.

4. Transfer

When a utility doesn’t like the profile of a certain risk but doesn’t want to avoid it entirely, it has the option of partnering or contracting with third parties to share the exposure.

In the US, master limited partnerships (MLPs) have proven to be especially suitable for financing midstream natural gas pipeline infrastructure. MLPs provide a pass-through tax structure and lower cost of capital, which lowers the financing risk for capital-intensive projects.

Preparing for the future of P&U

The changes facing the P&U sector will bring new challenges and fresh opportunities.

To chart a course toward a future P&U world — one that seizes the potential upside of disruption — organizations need to measure and fully understand the inherent and residual risks they face across financial, strategic, operational and compliance categories.

They need to develop an effective strategic response that allows utility boards and executives to make informed decisions about their risk posture — whether to accept and address the risk or eliminate it altogether.

But, most important, is that P&U organizations need to prepare today to avoid a future trajectory into obsolescence.

So, what’s your plan for managing the new strategic risks that are fast approaching?

Take the risk pulse of your own organization

Read our other survey results and deep-dive articles to learn what your peers are saying about key risks in the financial, operational, strategic and compliance categories. Take the opportunity to have your say by completing the EY Global Power & Utilities Risk Pulse Survey on behalf of your organization or find out more about how our risk and cybersecurity professionals can help.


With so much disruption threatening the sector, basing your strategic decisions on data and robust risk assessment frameworks is the best way to avoid bad calls. Even with this approach there are still challenges – but if you don’t understand the extent of your risk exposure, your chances of weathering the storm are slim.

About this article


Matt Chambers

EY Global and Americas Power & Utilities Risk Leader

Risk management leader in power and utilities. Solving complex problems with pragmatic solutions. Avid snow skier. Sports lover. Father.