Recent geopolitical events have had a major impact on the energy industry and its risk management function – changing the nature of risk and heightening management’s acceptance that worst-case scenarios can happen. In this interview with Marco Aspesi, we cover how risk management supports strategic decision making in a volatile environment, helping to protect and grow the business. Marco also shares the key principles for establishing and maintaining a successful risk management function as well as the importance of curiosity in risk managers.
Richard Thomas: There are many paths to risk management. What has your journey been?
Marco Aspesi: It’s been a journey spanning both the business and consulting side of risk management in Europe and the United States. I commenced my career with IBM in Italy and later moved to Ernst & Young (EY) in the US. This gave me an end-to-end perspective from strategic business decision making through to operations and risk interdependencies.
IBM’s approach to and understanding of business and risk management issues was very comprehensive. They were like the university for process and risk management. At EY I learned the strategic, forward-looking view about how risk can bring value to the business. In a large, mature market such as the US, clients demand this type of approach and are very discerning, which encourages the develop-ment of cutting-edge practices. For example, at the time, scenario planning was well advanced in the US but not common practice in Italy.
How has this journey influenced your approach to risk management? What are the key lessons learned?
Based on this experience, there are five key principles that guide my approach to Enterprise Risk Management (ERM). Firstly, you need to be very clear about the tangible benefits of any risk programme. Business leaders will only drive initiatives that add value. Provide a business case about how the initiative supports financial growth or minimises the risk associated with achieving the business objectives. This helps ensure that risk becomes part of the strategic decision-making process. Secondly, showcase the risk interdependencies using scenario analyses. This should be broken down by key processes and functions. Very few companies take the time to see how risk can change depending on the key dependencies.
Thirdly, prioritise risks in accordance with their likely business impact from the planning through to the reporting and actions required. Fourthly, establish a community. Talk to people in the business, obtain their feedback through structured feedback channels. These include, for example, workshops and establishing a digital community within the organisation to identify risk from different perspectives. People are increasingly willing to share information in such communities. The important point is to build trust within them, then they will continue to share information and ideas. Last but not least, you need the support of the CEO for a successful ERM programme.
“Very few companies take the time to see how risk can change depending on the key dependencies.”
What role does culture play in a successful ERM?
Culture is extremely important and relates to both the maturity of a particular market as well as the internal organisational culture. For example, the US and UK markets made an early cultural shift in accepting that risk needs to be managed rather than eliminated because there will always be inherent risk. A risk-free environment does not exist. So, you need to ensure that the leadership team understands the risks. In this way they can take conscious decisions in accordance with the risk appetite of the organisation. That’s a key “value add” of a risk management function.
Internally, you need the support of the CEO to ensure that risk management is part of the strategic decision-making process and permeates the business operations. Our CEO opens meetings with the topic because integrity provides our licence to operate and risks not properly mitigated, have the potential to damage that situation.
Richard Thomas
Partner, Risk Consulting Leader TIS, Territory Leader Internal Audit, PwC Switzerland
Tel.: +41 79 816 27 00
What does the risk function bring to top management’s table?
We’re a small team. What we can bring to the management table is an enterprise-wide risk framework and methodology highlighting risks and interdependencies as well as their financial impact if not mitigated. We also bring visibility to top management about those key risks and the business cases for recommended mitigation approaches.
How do you ensure a unified approach to risk management within the company?
By providing the framework and key tools. This runs from risk identification, planning and prioritisation through to reporting and mitigation action.
We use a “Risk Cockpit” to report on risk performance. This is a simple traffic light approach – green, amber, red. Red triggers collective action and tracking. We use workshops, with cross-functional teams to understand where the risk is coming from and how it might be changing.
“There is increased awareness that actively managing risk will bring value to the company.”
Hitachi Energy is a global technology leader that is advancing a sustainable energy future for all. We serve customers in the utility, industry and infrastructure sectors with innovative solutions and services across the value chain. Together with customers and partners, we pioneer technologies and enable the digital transformation required to accelerate the energy transition towards a carbon-neutral future. We are advancing the world’s energy system to become more sustainable, flexible and secure whilst bal-ancing social, environmental and economic value. Hitachi Energy has a proven track record and unpar-alleled installed base in more than 140 countries. Headquartered in Switzerland, we employ around 38,000 people in 90 countries and generate business volumes of approximately $10 billion USD.
What is the main question that every risk manager can expect to hear from their CEO?
“How can I predict risk?”
How do you address this question?
With both, qualitative and quantitative data – if you have it. It’s easier, for example, in financial services, where you typically have a lot of historical data on which to build predictive models. That’s something we need to develop. But people in the market know about the current and emerging risks. So, it’s extremely important to pro-actively reach out and talk to them via workshops with cross functional teams and building a digital community.
“There is now an urgent awareness that the unexpected can actually happen. The pandemic and the Ukraine have had a major influence in this regard.”
What are your key challenges?
Digital transformation and keeping pace with the rate of change. Information is quickly outdated. Therefore, using analytics to understand the situation and building a community are paramount for improved risk identification.
Have geopolitical considerations, such as the war in Ukraine, changed risk management?
Yes, in regards to risk awareness levels and the nature of the risks. There is now an urgent awareness that the unexpected can actually happen. The pandemic and the Ukraine situation have had a major influence in this regard. They have increased the awareness that actively managing risks will bring value to the company.
The risks have changed, although the methodologies have not. For example, you have to rethink your manufacturing footprint to deal with inflation and supply chain disruptions. This has led to a faster risk management cycle in which detection and fast responses are critical.
What specific impact has this had on the energy industry?
The main change is “de-globalisation”. Markets are becoming more local, for example, because of international supply chain disruptions. This means that risks are becoming more market or environment specific, for example, in a product or region. Therefore, it is important to understand where the risk comes from and its particular impact on a product or area.
“Be curious. This is very important in a risk manager.”
What are the most important skills for a successful risk manager?
You need to understand the business, what’s going on and communicate the business benefits of any risk management programme based on facts. For example, ESG is not just a good thing to do, if you comply, then you increase the chances of more business. Basically, you need to succinctly address three key questions: What are your business objectives? What risks could jeopardise you achieving them? What actions do we need to take? The last question is the hard part because the people responsible for the action are not in the risk team. For this reason, you need to be comfortable with taking a very col-laborative approach.
Finally, what advice would you give to someone starting out in the risk management function?
Be curious. This is very important in a risk manager. Be open to comments and create an environment that enables feedback and collaboration.
Marco is Senior Vice President Global Head of Internal Audit, Risk and Internal Control at Hitachi Energy and before that, with Hitachi ABB Power Grids.
He has held key senior management positions in risk and financial management in the energy, aviation and management consulting sectors. With a track record in driving change and solving complex business problems, Marco is focused on creating positive relationships with top level management, developing internal talent, as well as fostering integrity and goodwill within the team.
Marco holds a Master of Business Administration from Cleveland State Uni-versity, a Bachelor’s degree in Business Management from the Università Cattolica del Sacro Cuore and has post graduate leadership qualifications from the IMD.
In this interview we cover some of the cutting edge thinking and practices transforming finance industry from the leading digital financial services provider, Sygnum Bank, the world’s first regulated digital asset bank.
PwC's Global Risk Survey reflects the views of 3,500+ risk and business executives from various industries around the world.
PwC's Global Economic Crime and Fraud Survey 2022 respondents reported total losses of US$42B, on top of the damage to brand, reputation and market share.
PwC’s 2022 Global Digital Trust Insights reflects the perspectives of business and technology executives on simplifying cyber.
Partner, Risk Consulting, Risk Consulting Leader TIS (Trade, Industry, Services) and Internal Audit, PwC Switzerland
Tel: +41 79 816 27 00
Partner, Leader Financial Services Risk Consulting & Internal Audit, PwC Switzerland
Tel: +41 58 792 46 28
