• Letter from the Chairman and CEO
• About the Report
• Global Reporting Initiative
• Challenges
• Feedback

• Our Business
• Our Employees
• Our Communities
• Our Environment

• 1
• 2
• 3
• 4
• 5
• 6
• 7

• 8
• 9

Enterprise Risk Management

PG&E takes an integrated approach to risk management and, as part of our risk management strategy, we established an enterprise-wide program. Companies are increasingly using Enterprise Risk Management (ERM) to improve their management of major risks in order to achieve their business objectives.

PG&E's ERM program takes a holistic approach to managing potentially catastrophic risks that face our business. Cross-functional teams, guided by subject matter experts and experienced managers, follow a systematic method to identify, evaluate and monitor risks. Oversight by a committee comprising senior officers helps ensure risk management activities are consistent with the company's overall corporate strategy. Regular communication to the PG&E Corporation and Utility Boards of Directors enhances accountability and reinforces the importance of risk management at all levels of the company.

In 2008, we conducted a structured reevaluation of which risks should be covered by the ERM program. This reevaluation provided an opportunity for senior management to evaluate the most significant concerns facing PG&E, calibrating the program with challenges in the current business environment and external stressors that potentially affect operations.

This renewal of the ERM program will continue in 2009, with a critical reanalysis of these top risks and alignment of risk management activities with business strategies. Tracking and validation of the effectiveness of risk management plans through management reporting and internal audits facilitate program sustainability and promote accountability for risk management activities throughout the company.

PG&E's enterprise-level risks span the spectrum of business risks, and include those associated with energy commodities, operations, natural hazards, political and regulatory issues, economics and the environment. Risk assessments and mitigation plans have been developed to enhance how PG&E addresses risks. These assessments and plans continue to be refined and improved by taking into account changing market, regulatory and other forces. Additionally, many of the risk management plans include engaging with external stakeholders who influence the company's ability to manage these risks successfully.

An example of an enterprise risk facing PG&E is the threat of an earthquake disrupting our operations. Given the vast infrastructure PG&E maintains, a seismic event has the potential to disrupt operations in many ways (including physical damage to or destruction of pipelines, power plants and other facilities, and potential disruption of our supply chain or of our ability to move people and resources around our service area to restore service). PG&E maintains a team of geoscientists and other professionals dedicated to examining the potential impacts of a seismic event on PG&E, planning how the company will manage those impacts and helping design and build our facilities in a way that allows them to withstand likely events. The team's goal is to help ensure PG&E is capable of serving our customers after a seismic event.

A variety of different seismic risk mitigation initiatives are presently underway at PG&E, ranging from building retrofits to emergency exercises and drills based on various earthquake scenarios. Consistent with the model PG&E follows for its enterprise risks, periodic reassessment of the risk management program helps to ensure we are addressing the most likely scenarios and potential points of failure. The seismic team works closely with representatives of impacted departments within the company to provide an integrated, holistic approach to this top risk. Their efforts are periodically reported to the company's senior leadership team and the Boards of Directors, and a similar approach is taken with other enterprise risks.