A Case for Enterprise Risk Management in Indian Power Companies

A Case for Enterprise Risk Management in Indian Power Companies

Executive Summary

The Indian power sector, even as it grows exponentially, continues to face challenges from technical, social and geo-political factors - these affect the viability of the companies and even the sector as a whole. This paper reviews the current risk management practices in the Indian power sector based on the data shared by some notable utilities and also that available in the public domain. The paper concludes that there is a real need for all the stakeholders to have an effective Enterprise Risk Management (ERM) to not only deal with the risks but also at the same time take advantage of the tremendous growth potential presented by the government’s initiatives to reform the sector. It is our expectation that this paper will raise the awareness of all those involved on the benefits of ERM.

Preamble

India has adopted the path of industrialisation for economic development and improvement in the quality of life of its people. This necessarily calls for a significant investment in energy, which is both reliable, secure and affordable. The Government has taken several steps to add capacity from various sources. And with climate change a reality, it is incumbent for India to focus on renewables and other low-carbon energy sources to minimize GHG emissions. It also has to extensively revamp its T&D network to reduce energy losses and theft of power. 

As a developing country, India is faced with multiple challenges as it strives to become an equitable modern country. Providing cheap and reliable power to remote areas, is one of them but it is also an opportunity for the power companies. It calls for a lot of innovative solutions on the part of the industry to reap the benefits of this opportunity. The authors argue that designing and implementing an effective ERM ought to be an important part of the solution.

Background

 ‘Several parts of Delhi experienced massive power outages on 11^th June, 2024 due to a fire at a power substation in Mandola, Uttar Pradesh, which supplies 1,500 MW of power to the national capital. The cause of the fire was attributed to a surge in load and excessive heat.’ - News18, June 11, 2024

‘India projected its biggest power shortfall in 14 years in June after a slump in hydropower generation, its government told Reuters, and is racing to avoid outages by deferring planned plant maintenance and re-opening idled units.’ - Reuters, May 9, 2024

‘On Monday, 30^th July 2012, India suffered the biggest power outage in its history. The national electricity grids collapsed and around six hundred million people, more than half of the population, were left with no electricity.’ - The New Yorker, August 1, 2012

Notwithstanding the steps taken over the years to augment the power availability, such headlines highlighting the issues with the Indian power industry still regularly surface. Indian power sector reforms have progressed in fits and starts, notwithstanding the obstacles due to social, economic and political pressures. The load shedding and frequent blackouts of the past may not be the case anymore in most urban areas, but challenges remain and may get aggravated as energy demands grow.       

Discussions regarding the Indian Power Sector generally tend to focus on addressing macro issues such as government policy, capital allocation to industry infrastructure and equitable distribution of power, etc. They underscore the need for the management of individual power companies to enhance their abilities to cope with the uncertainties. The authors, who are closely associated with the Indian power industry, posit that deploying a robust enterprise risk management program will help in sound decision making and efficient operation. That will in turn help these companies to not only get better at managing downside risks but also help them get better at exploiting the strategic opportunities.

We surveyed the risk management landscape of some of the premier power companies in India, both in the public and the private sector. While there seems to be a recognition of the importance of enterprise risk management, scant information is available regarding the execution of such programs in the public domain. Our outreach to the leaders at different levels of the companies highlight a disconnect between the company’s professed risk management philosophy and the understanding of the same by employees (even those in leadership roles). 

It is essential that Indian power companies realize the benefits of proactively adopting enterprise risk management programs as a part of their strategic vision and day-to-day operations. There are already regulations spurring Indian companies to implement strong risk management programs. The goal of the company should not only be to conform with the regulations, but also to protect and enhance enterprise value and ensure long term resilience, which an effective ERM would help achieve. This paper attempts to generate a discussion leading to adoption of an effective ERM in the Indian power companies.

Challenges facing the Indian power sector

Even as the Indian Power Industry has come a long way, many challenges still remain. 

1. Increasing gap between demand and supply: India's total installed generation capacity is around 427 GW with a population of approximately 1.4 billion. This translates to a per capita capacity of roughly 0.3 KW. In the developed countries, the per capita capacity is generally above 1 KW, e.g. 3.4 KW in the USA, 2.8 KW in Germany and roughly 1.4 KW in China. According to the International Energy Agency (IEA), India’s electricity demand is expected to triple by 2040. To meet this demand, the Indian government has set a target to double the country’s present installed generation capacity by adding another 450 GW by 2030. While this may not be sufficient to close the gap, it surely points to a significant prospect for growth in the Indian Power Sector.
2. T&D losses: T&D losses in India are currently around 18-20%, as against 6 to 8% in developed nations and 10 to 12 % in China. India’s T&D infrastructure needs to be modernized to not only improve its efficiency but also address the leakages (technical losses, thefts, meter tampering). While efficiency improvements are a gradual process and need significant investments, non-technical losses needs to be controlled rather expeditiously.
3. Energy Transition: As on June, 2023, India’s total electricity from fossil fuels amounted to 57% of total production, and that from non-fossil sources (Renewable sources including Hydro, Waste-to-energy, Cogeneration and Nuclear) comprised the remaining 43%. (cf. Power Sector at a Glance ALL INDIA | Government of India | Ministry of Power). India is committed to becoming net-zero or carbon-neutral by 2070 despite myriad challenges of transitioning to low-carbon or renewable energy systems. 

Opportunities in the Indian power sector

There are several indicators that bode well for the Indian Power Sector. 

1. Favourable Policies: The Indian government has taken important initiatives to encourage private investment in the power sector to strengthen and modernize the country's power infrastructure. Investments are being made in expanding and upgrading transmission and distribution networks to enhance their capacity and efficiency.
2. Power Export Opportunities: India is already connected to the power grids of neighbouring countries such as Bangladesh, Bhutan, and Nepal. There are plans to expand cross-border electricity trading, which besides business will help in better bonding with the neighbours.
3. Technologies for risk mitigation: Use of modern technology to monitor risk factors and measure risk severity levels has assumed significance, and help to take appropriate control actions to prevent or minimize their impacts. Technological advances have made it possible to deploy and integrate renewable generation at a competitive cost. Technologies such as Internet-of-Things (IoT), Digital Twins, advanced telemetry, artificial intelligence (AI) and forecasting tools are providing us innovative ways to access and process time-series data of energy systems, draw useful insights and mitigate risks of supply interruptions. Blockchain technology, widely accepted for secure energy trading and on-line payments, enhances cyber security and reduces the risks of online frauds. AI-based software tools, used for modelling and forecasting, increase the accuracy of demand prediction and reduce the risks of supply mismatch, price shocks and revenue losses. Advances in battery storage and smart grid technologies are helping to build energy backups and optimize energy flows. Adoption of advanced metering technologies are helping to accurately monitor the energy consumption, perform total energy accounting and check revenue losses. Load flow analysis software act on a multitude of network data to identify network vulnerabilities, apply corrections, plan timely upgrades and reduce operational risks. AI-based tools are helping to offset the risks associated with RE integration, such as intermittency of supply for the generators and grid stability for the network operators.

Failures in managing risks

During our review of various companies, we found some notable failures, which we argue could have been dealt better if an effective ERM had been in place.

The information received from one distribution company currently embroiled in a series of disputes and litigation, highlighted multiple cases of failure of risk management and many areas where contractual terms between a government entity and this company were not defined in a way to address exigencies. Frankly, several of the issues could have been foreseen. Prolonged litigation and significant losses have finally resulted in the franchisee walking away.

When the companies incur losses or fail, and investors lose their appetite for further investment, Government’s policy goals cannot be met. It can be inferred that these pitfalls could have been avoided if there were a comprehensive risk management program in place in both the parties.

The issues faced may be broadly classified as follows:

1. Projects Stalled: Factors such as fuel supply problems, disagreements over power purchase agreements (PPAs), financing difficulties were cited. Examples include projects by companies like Jindal Power, Tata Power and Reliance Power      
2. DISCOM Struggles: State-owned power distribution companies face financial distress, often due to the state governments offering electricity subsidies but failing to compensate the DISCOMs, results in delayed payments to the generating companies. Despite regulatory reforms and easing of bureaucratic bottlenecks, debt ridden DISCOMs are proving to be ineffective partners. A December 2023 study by a Delhi based think tank, Centre for Science and Environment found that DISCOMs were supposed to provide seamless access and connectivity for rooftop solar systems to the national grid but that this was sometimes seen as “in direct conflict with business interests of the companies”.
3. Loss of Market Participants: Some companies have exited the market due to these hurdles and other such challenges. It is perhaps not far-fetched to argue that some of these risks and challenges could have been identified and mitigated with better risk management.

Given the challenges and opportunities in its wake, a framework based on strong policies, high capital investment and entrepreneurship, supported by enabling technology and innovation, will be needed. One key factor of success will be how the risks are dealt with proactively and effectively in accordance with the strategic objectives of the individual companies.

Risk management in the Indian power sector

While not much information is available in the public domain regarding the risk management practices of the Indian power companies, we examined a few programs which we could obtain information on. It is clear that the companies we studied have recognized the need for having enterprise risk management programs in place. In several cases, we found clearly articulated risk policy and risk management programs in the public domain.

However, we could not find examples of a risk management success story. Even senior executives of some companies were oblivious of the risk management practices, which demonstrates that risk management has been perhaps a siloed activity mostly confined to the corporate headquarters. We suspect that such programs might meet the government or complinace requirements, but the operating level seems disconnected with such programs. It is understood from GRIDCO that the loss of trained personnel is a major risk for them as skilled personnel in this fledgling area are scarce.

This illustrates that there is a need to approach risk management more strategically and use it as a decision-enabling tool rather than a checkbox exercise to satisfy a regulatory mandate. The true value of ERM can be unlocked only when strategy and risk management work in tandem so as not to manage the downside risks only but also exploit the upside opportunities. This is required to ensure success on a sustainable basis.

Regulatory requirements in risk management

In India, there is no legal mandate yet to incorporate enterprise risk management in non-financial companies. However, there are provisions under different laws when considered in totality, making a push for having a robust risk management program. Here is a brief overview of various legal provisions.

The Companies Act 2013 in India mandates that companies implement a risk management framework. Here is a summary of the key requirements:

1. Board Responsibility: The Board of Directors is responsible for developing and implementing a risk management policy for the company.      
2. Disclosures: The Board's report must include a statement outlining the developed and implemented risk management policy.
3. Independent Review: The role of the company's audit committee includes evaluating the effectiveness of the risk management systems.

The SEBI LODR (Listing Obligations and Disclosure Requirements) regulations complement the Companies Act by mandating specific disclosures and emphasizing the Board's role in overseeing risk management for listed companies. 

The Central Electricity Authority (CEA) of India issued the "Guidelines on Cyber Security in the Power Sector" in 2021. These guidelines are mandatory for all "Responsible Entities" in the power sector. Despite the obvious need for growth and indications of supportive public policies, the power companies have not been able to seize the opportunities in the market. A lot of it is due to policy issues such as lack of regulatory clarity and lax enforcement.

In this paper, however, the focus is on the risk management practices of individual power companies. As per our analysis, there are several risks that need to be better managed at the individual company level. The first step is to understand their own company’s risk profile and manage it well before they can exploit the opportunities. Some notable risks in the Indian power sector are:

1. Project delays and cost escalation
2. Inadequate fuel supply / Inefficient fuel linkages
3. Land acquisition and permit risks
4. Regulatory Changes
5. Geo-political risks
6. Non-performing assets (NPAs)
7. High AT&C losses
8. Financial risks due to delays in payments/ non-payments by consumers to DISCOMs, who in turn default to the generating companies
9. Contractual risks
10. People (HR) risks
11. Climate risks

These risks can be categorized as strategic, financial, operational and regulatory risks. Implementing a comprehensive enterprise risk management framework will help identify such risks and work out mitigation measures, while exploiting the opportunities through innovation and strategic decisions.     

The role of Enterprise Risk Management

ERM is a ‘holistic’ framework that organizations use to identify, assess, and manage risks that could potentially hinder their ability to achieve their objectives. The core notion of ERM is to adopt a portfolio approach to managing risks. ERM promises to lower the firm's total risk by building resilience against systematic failures and monitoring growth opportunities; optimize performance and consequently increase a firm's value and longevity. A breakdown of the key aspects of ERM include:

1. Focus:

• Takes a comprehensive view of all potential risks faced by an organization, rather than focusing on isolated risk silos within departments.
• Considers both internal and external risks, encompassing financial, operational, strategic, reputational, and other potential threats.

2. Process:

• Involves a structured process with several key steps, namely Risk Identification, Risk Assessment, Risk Prioritization, Risk Mitigation, Risk Monitoring and Risk Reporting.
• These are all ongoing processes that the ERM needs to be adapt to. Reports will keep stakeholders updated on the current and emerging risk profiles.

3. Global Standards:

Two of the important global standards that have influenced the framework of ERM are defined below:

• COSO (Committee of Sponsoring Organizations of the Treadway Commission) - ERM, according to COSO, is "a process, effected by an entity's board of directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect its value and implement risk management strategies to manage risk to be within its risk appetite."      
• ISO 31000 - Unlike COSO, which outlines a specific process, ISO 31000 offers a framework for organizations to design their own ERM system. It emphasizes principles and guidance for effective risk management.

Both COSO ERM and ISO 31000 offer valuable approaches to ERM. Both are non-mandatory and typically provide the same basic components of implementation. Having implemented ERM programs in multiple companies both in the power sector and in the retail sector, it is our recommendation to take an eclectic approach to implementing a fit for purpose ERM program. The key is to define the goal of the program and take a phase-wise approach for the best experience. 

Benefits of ERM  

ERM is more than just managing risks, as it also provides strategic inputs to the decision-making process. It helps navigate uncertainties with confidence and empowers business leaders to take appropriate risks within the boundaries of the company’s risk appetite as they pursue growth and long-term success.

Several other studies link ERM with increasing firm value.  Aon's 2020 Global Risk Management Survey found that companies with mature ERM programs reported higher profitability and shareholder returns compared to those with less mature programs. PwC's 2019 State of Risk Management Survey indicated that organizations with strong risk cultures outperform their peers on various financial metrics. 

ERM program can be a valuable tool for energy companies. By proactively managing risks, energy companies can improve their decision-making, operational efficiency, and overall resilience, leading to long-term success in a dynamic and uncertain environment. The value of ERM has been recognized globally and several energy companies have implemented it in western countries. There are also other benefits for establishing an ERM programme, as explained below:

1. Improved Board Governance:

Increasingly, boards are asked to understand the risk profile of the companies both in the short-term as well as in the long-term. Increasingly, board members are being held personally liable for failure of risk management. In our experience, boards need clarity around the following questions:

1. Value of the enterprise

• Value protection - What is the organization doing to protect its value? Value leakage can be due to operational inefficiencies, loss of pricing power, loss of demand, supply chain vulnerability etc. The management would be best served if they have a clear idea about the value leakage risks and the strategy to mitigate them.
• Value enhancement - What is the organization doing to enhance its value over a certain timeframe? Typically, an organization would have a strategic vision to ensure growth; what strategy has been selected and why; what risks are being added to the risk profile of the organization due to the strategic initiative.

2. Reputation of the enterprise: What is the organization doing to build and protect its reputation? Increasingly, reputation is becoming a risk by itself, meaning that it is not enough just to do things right. This is more so in the digital age where news travels almost instantaneously. Companies will need to be a lot more proactive and deliberate in managing their reputation on an on-going basis. That means they will need to understand the expectation of all their stakeholders including the public at large, be mindful about navigating through them and finding the optimal trade-offs. To quote Warren Buffet ‘it takes twenty years to build a reputation and five minutes to ruin it’.     
3. Resilience of the enterprise: Calls for management to keep in view long term implications of current decisions to ensure its long-term survival. This calls for identification of resilience risks and their mitigation.

2. Informed Risk Taking

Every organization faces several risks as it conducts its business. Not all risks can be eliminated, nor should the strategy be to mitigate every risk that there is since the cost of mitigation can potentially outweigh the benefits. Traditionally, there are four different ways to mitigate risks: avoid, mitigate, transfer and accept. However, companies must also get better at savvy risk taking.

Being too risk averse has caused many companies to fail. Taking too little risk can be more damaging than taking too much risk. Power companies are dealing with multiple uncertainties as they aim to exploit tremendous opportunities for growth. As we have indicated earlier in this paper, companies will need to innovate constantly to stay ahead of the curve and innovation involves risk. So, it is imperative that they become adept at calculated risk taking. 

In a highly dynamic and complex business environment, decisions will need to be made with insufficient information and will need to be made quickly. A properly designed and implemented ERM program can help organizations make robust optimal risk-return trade off decisions. A key element of the ERM program is the implementation of a risk appetite framework. As the word ‘appetite’ implies, companies will need to create a culture where risk taking is encouraged within a stated set of guidelines.

However, the risk appetite framework needs to be supported by other risk management components, such as a comprehensive risk taxonomy, robust risk identification and assessment processes, data and analytics capabilities, and a risk aggregation and prioritization logic based on risk materiality. Risk appetite needs to be integrated into risk governance, risk reporting, risk decision-making and risk mitigation activities.      

Based on the experience of one of the authors, a former CRO of large utilities, the risk appetite framework, when implemented and executed successfully, moves the risk management program towards playing offense instead of defence. This requires a significant paradigm shift both in case of the executive leadership as well as the risk professionals.

3. Identification of Emerging Risks

Many experts agree that we live in a world characterized by Volatility, Uncertainty, Complexity and Ambiguity (VUCA). ERM program is as an ongoing process of identification and assessment of the emerging risks. This includes understanding risks inherent in the company’s strategic plans, risks arising from the competitive landscape and the potential for technology and other developments to impact the company’s profitability and prospects for sustainable, long-term value creation.

4. Sustainable Long-Term Planning

A robust ERM program encourages a long-term perspective in decision-making. This could involve investments in renewable energy sources, grid modernization projects, or cybersecurity upgrades.

ERM value realization - a Hydro One case study

Hydro One - a Canadian electricity transmission and distribution company, is a prime example of how ERM can significantly benefit an energy company.  The following case study of Enterprise Risk Management (ERM) from Hydro One illustrates how the values of ERM detailed above were realized.

Challenges and Shifting Risk Profile

In the early 2010s, Hydro One faced a changing landscape. Deregulation of electricity markets, the rise of renewable energy technologies, and growing climate change concerns presented new threats and opportunities. The CEO, Laura Formusa, recognized the need to reassess Hydro One's risk profile and adapt its strategy accordingly.

Implementing ERM

1. Hydro One became an early adopter of ERM. They established a comprehensive risk management framework that identified, assessed, and prioritized potential risks across the organization.

2. This framework considered various aspects, including:

1. 1. Operational risks (e.g., power outages, equipment failures)
2. 2. Regulatory risks (e.g., changes in environmental regulations)
3. 3. Financial risks (e.g., fluctuations in energy prices)
4. 4. Market risks (e.g., competition from renewable energy sources)

Outcomes delivered

1. Improved Strategic Decision-Making: By having a clear understanding of potential risks, Hydro One could make more informed decisions about investments, market opportunities, and long-term strategies.
2. Enhanced Operational Efficiency: ERM helped identify areas for improvement in risk mitigation and operational processes, leading to a more efficient and reliable power grid. This led to stronger overall business resilience in the face of a changing energy landscape
3. Increased Resilience: The company became better prepared to handle unforeseen events and adapt to a changing market environment.
4. Positive Reputation and Investor Confidence: A robust ERM framework showcased Hydro One's commitment to responsible management and risk mitigation, potentially leading to a more positive reputation and increased investor confidence.
5. Improved financial performance: Hydro One's proactive approach to risk management has been credited with contributing to higher revenue returns, enhanced credit rating and increased investor confidence.

Conclusion

About the Authors