Risk and Compliance Management

PG&E’s goal is to deliver safe, reliable and affordable gas and electric service to the millions of homes and businesses that depend on us. Numerous operational risks affect the provision of gas and electric service, including factors such as seismic activity and wildfires. Although risk cannot be entirely eliminated, PG&E is committed to effectively managing these operational risks and taking all reasonable measures to provide gas and electric service to our customers in a manner that helps ensure the safety of the public, our customers and our employees.

A Spectrum of Risks

PG&E manages risk throughout the enterprise:

  • Operational Risk Management includes activities that manage risks that could have a potentially catastrophic impact on public and employee safety, customer service or PG&E’s financial condition.
  • Physical Risk Management includes security and access control, theft prevention, cybersecurity, fire prevention and management of risks associated with our physical plant.
  • Compliance Risk Management includes all programs designed to help ensure that PG&E complies with both the spirit and the letter of all regulatory requirements.
  • Market and Credit Risk Management includes activities that monitor and manage PG&E’s exposure to risks associated with PG&E’s energy portfolio, including trading in energy commodities, financial hedging and counterparty risk.

Developments During 2011

During 2011, PG&E Corporation and the Utility refined their approach to risk management in two specific ways: first, by bringing increased Board-level attention to the area of safety and operational risks; and second, by further empowering the operational lines of business to identify, assess and manage operational and safety risks within each business area, and then raising those issues to the applicable Board as appropriate.

The PG&E Corporation Board of Directors established a new Nuclear, Operations and Safety Committee that is responsible for, among other things, specifically discussing risks related to public and employee safety, operational performance and compliance issues related to the Utility's nuclear, generation and gas and electric transmission and distribution operations.

The PG&E Corporation Board expanded the scope of the management-level Risk Policy Committee (RPC) beyond its prior duties to oversee energy procurement transaction and credit and market risk. The RPC now is generally responsible for overseeing PG&E Corporation's and the Utility's management-level risk management activities, including those related to safety and operational issues. The RPC also reviews risks identified by the lines of business (see below) and recommends new risks for Board review, as appropriate.

Each line of business (LOB) within the companies is establishing its own risk and compliance committee. These LOB committees review all major operational and safety risks within that LOB (including public safety), review and approve risk analyses and mitigation strategies and track mitigation progress. These committees also identify risks that should be brought to the RPC. Each LOB risk and compliance committee is led by a senior officer and must include at least one appointed risk manager with expertise in risk management and compliance.

These enhanced risk management structures provide additional focus on operational and safety issues. They also allow risks to be investigated under the established Board-directed review process, as well as from a ”bottoms-up“ approach that allows operational experts to add their knowledge and identify emerging issues for the companies.

Board-Level Duties

The Boards and their committees have specific oversight responsibility for risk management in the following areas:

  • The Boards evaluate risks associated with major investments and strategic initiatives, with assistance from the PG&E Corporation Finance Committee.
  • The Boards oversee the implementation and effectiveness of the overall compliance and ethics programs, with assistance from the PG&E Corporation and Utility Audit Committees.
  • Each company’s Audit Committee discusses the guidelines and policies that govern the processes for assessing and managing major risks, allocates to other Board committees the specific responsibility to oversee identified key operational risks and considers risk issues associated with overall financial reporting and disclosure processes.
  • The PG&E Corporation Finance Committee discusses risk exposures related to energy procurement, including energy commodities and derivatives, and other key operational risks, as assigned by the Audit Committees.
  • The PG&E Corporation Nuclear, Operations and Safety Committee discusses risks related to the Utility’s nuclear and other operations and facilities, safety and other key operational risks, as assigned by the Audit Committees.
  • The PG&E Corporation Compensation Committee oversees potential risks arising from the companies’ compensation policies and practices.

Other risk oversight responsibilities also have been allocated, consistent with each committee’s substantive scope. For a full description of Board committee oversight responsibilities, please see PG&E Corporation’s and Pacific Gas and Electric Company’s 2012 Joint Proxy Statement.

Internal Audit: An Important Tool in Managing Risk

Our Internal Auditing program provides independent, objective assurance over the adequacy of processes and controls to manage business risk and provide control advisory services. The program follows a standardized, disciplined approach to help management evaluate and improve the effectiveness of risk management, control and governance processes.

To carry out its work, our Internal Auditing program annually designs a plan—in conjunction with LOB senior management—that focuses audit attention on high-risk areas. Through its work, Internal Audit assesses, monitors and reports on the adequacy of internal controls in areas such as energy procurement, information technology, energy delivery, customer care and capital projects. The Audit Committees of the PG&E Corporation and Utility Boards receive periodic reports on audits conducted, progress made implementing the annual audit plan and on changes made to the audit plan.

Driving Compliance and Ethical Conduct

PG&E’s operations are subject to laws and regulations issued by more than 150 federal, state and local governmental bodies. Our Compliance and Ethics department works with organizations throughout the business to help employees and the companies comply with these requirements, operate ethically and drive process improvement across compliance activities.

PG&E’s Employee Code of Conduct emphasizes PG&E’s values, describes our standards of conduct and addresses key regulatory and compliance requirements. Annually, PG&E takes a number of steps to help ensure that every active employee knows about the code, including a process for management employees to certify that they have read, understand and will comply with the code. Union-represented employees receive electronic reminders or briefings from supervisors about the code.

We plan to update certain sections of the code in 2012 to stay current with a changing ethics landscape, such as how employees may use social media in a business setting. We also continue to refine the code to respond to new conduct issues and trends.

Just as we are committed to ethical business conduct and compliance with applicable laws, regulations and policies, we expect the same commitment from our vendors and Boards of Directors. In December 2011, the Boards of Directors reaffirmed their Code of Business Conduct and Ethics for Directors. In 2011, we also reissued our Code of Conduct for Contractors, Consultants, Suppliers and Vendors to all of our suppliers.

To emphasize our commitment to an ethical culture, in 2011, we laid groundwork for an Ethics Council, which was formally established in early 2012. The Council is convened quarterly by the Chairman, CEO and President of PG&E Corporation and includes management and union-represented employees, as well as the leaders of our two largest labor unions. It provides a forum to discuss, review and address issues relating to business ethics and conduct at PG&E.

Other key steps we’ve taken to enable employees to meet compliance commitments include:

  • Maintaining a network of Compliance Champions to lead efforts in their organizations to identify compliance requirements, understand the relative risks of those requirements, establish appropriate controls to help ensure compliance and monitor those controls to help ensure they are both efficient and effective.
  • Developing a compliance “scorecard” and launching line of business risk and compliance committees that are enabling each organization to identify and address appropriate focus areas.
  • Continuing to expand an Enterprise Compliance Tracking System to help manage the thousands of compliance requirements applicable to PG&E. The system allows PG&E to maintain an inventory of requirements, work processes and controls and to assign compliance tasks to the employees responsible for completing them.
  • Improving the way in which our standards and procedures are written and communicated. Our goal is to help employees who use those documents to perform their work safely, correctly, efficiently and in compliance with laws, regulations and internal requirements, while minimizing the opportunity for human error.

In 2011, more than 99 percent of employees completed our annual compliance and ethics training, which is typically conducted in small groups to stimulate discussion and share experiences. Each year, a new training video addresses current issues and responds to employees’ suggestions. We supplemented the training with five additional conduct-related briefings that supervisors could conduct with their work groups throughout the year.

We continue to encourage employees to ask questions and raise concerns with their supervisors or through other means. For example, PG&E’s Compliance and Ethics Helpline is available to employees, contractors and customers 24 hours a day. Calls are confidential, and callers may remain anonymous.

The volume of Helpline calls we received in 2011 was within the average range, roughly 2.5 calls per 100 employees. We believe this reflects a broad awareness among employees that the Helpline is an avenue to raise concerns. In 2011, the largest percentage of concerns related to interactions between employees. The next largest category was calls from employees who recognized possible misconduct or conflict of interest issues.

We respond to callers promptly, investigate their concerns and follow up with them to provide closure. We also review data about the calls to identify trends and develop approaches to address those trends broadly.

We also continue our practice of posting on PG&E’s internal website confirmed instances of employee misconduct and the resulting discipline. This supports a culture where appropriate conduct is expected and reinforces the fact that PG&E takes misconduct seriously and takes steps to address it.