PG&E Corporate Responsibility and Sustainability Report 2018

PG&E Chapter 11 Update

Risk Management

PG&E is resolute in our commitment to the safety of our customers, employees and the public. In keeping with this focus, we strive to embed risk management in every critical business process, making data-driven decisions to support safe, reliable and affordable electric and gas service.

Our Approach

At PG&E, risk management processes are facilitated by a central group, implemented by each line of business and overseen by senior management and the Boards of Directors.

The Vice President, Internal Audit and Chief Risk Officer (CRO) of PG&E Corporation and Pacific Gas and Electric Company is responsible for overseeing the enterprise and operational risk management program, internal audit and insurance functions, market and credit risk management, third-party risk management, and Sarbanes-Oxley Act compliance reporting jointly to the Executive Vice President and Chief Financial Officer and the Audit Committees of the PG&E Corporation and Pacific Gas and Electric Company Boards. The CRO also facilitates and is a voting member of the PG&E Corporation Risk Policy Committee and the Utility Risk Management Committee, both of which include a subset of senior officers of PG&E Corporation and Pacific Gas and Electric Company.

With guidance from a central program office, each line of business develops and maintains a risk register—an inventory of risks specific to its operations. The risk registers are developed using a consistent enterprise-wide approach to model, measure and reduce risk. With our methodology, PG&E is able to calculate a baseline risk score and evaluate different mitigation strategies for their ability to reduce that baseline score. The methodology places an emphasis on identifying and prioritizing the highest safety risks and provides transparency and accountability for risk reduction progress. Risk mitigations are tracked throughout the year and risk assessments are refreshed at least annually to capture the impact of mitigation strategies and reflect the operating environment.

The senior-most executive of each line of business maintains a Risk and Compliance Committee, which has oversight responsibility for all associated activities for risk and compliance programs within their organization. The Risk and Compliance Committee ensures that activities related to enterprise and operational risk and compliance management within their respective organizations are adequate and effective, and that resources are available as needed.

In addition, the PG&E Corporation and Pacific Gas and Electric Company Boards and their respective committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Boards
  • Evaluate risks associated with major investments and strategic initiatives (with assistance from the Finance Committee Footnote 1)
Audit Committees
  • Discuss the guidelines and policies that govern the processes for assessing and managing major risks
  • Allocate to other Board committees the specific responsibility to oversee identified enterprise risks
  • Consider risk issues associated with overall financial reporting and disclosure processes
  • Discuss programs to monitor compliance with laws, regulations, policies and programs
Finance Committee Footnote 1
  • Discusses risk exposures related to energy procurement, including energy commodities and derivatives, and other enterprise risks, as assigned by the Audit Committees
Safety and Nuclear Oversight Committees Footnote 1
  • Advise and assist the Boards of Directors with respect to the oversight and review of risk management practices related to Pacific Gas and Electric Company’s nuclear, generation, gas and electric transmission, and gas and electric distribution operations and facilities
  • Oversee other enterprise risks, as assigned by the Audit Committees
Compensation Committee Footnote 1
  • Oversees potential risks arising from compensation policies and practices
  • 1. Committees of the PG&E Corporation Board of Directors only.1a, 1b, 1c

For a full description of Board committee oversight responsibilities, please see the webpages of the Boards of Directors of PG&E Corporation and Pacific Gas and Electric Company, as well as our 2019 Joint Proxy Statement.

Senior management and their committees have specific oversight responsibility for risk management in their respective areas:

Entity Risk Oversight Responsibilities
Enterprise Risk Committee
  • Provides strategic direction and oversight of PG&E’s enterprise and operational risk management program
Enterprise Compliance Governance Committee
  • Provides strategic direction and oversight of PG&E’s compliance and ethics programs

2018 Milestones

In 2018, the Safety and Enforcement Division (SED) of the California Public Utilities Commission (CPUC) issued a report on PG&E’s first Risk Assessment Mitigation Phase (RAMP) report, which provided the CPUC with initial quantitative, probabilistic views of the Utility’s top safety risks. The report identified the costs associated with controlling these risks, described future mitigation plans—including anticipated risk reduction—and included a specific discussion on our safety culture and information on our asset replacement plans.

PG&E has worked to implement SED’s improvements and recommendations—specifically, a foundational change that is moving PG&E to a risk register that is focused on event-based risks. This shift is intended to strengthen PG&E’s ability to more holistically model risks while accounting for interdependencies and removing any redundancies across different lines of business.

Additionally, in the spirit of continuous improvement, PG&E is enhancing its risk models based on lessons learned in both the CPUC’s RAMP and Safety Model Assessment proceedings.