About the Business

Risk and Compliance Management

The Chairman’s Ethics Council is designed to help raise and address issues relating to business ethics and conduct at PG&E.

PG&E’s long-term sustainability is inextricably tied to our mandate of delivering safe, reliable and affordable gas and electric service to the millions of Californians who depend on us. In the course of our regular operations, certain risks such as seismic activity and wildfires have the potential to interfere with this ability.

PG&E continues to refine its approach to identifying and managing risks, and we are taking all reasonable measures to provide gas and electric service to our customers in a manner that helps ensure the safety of the public, our customers and our employees.

A Spectrum of Risks

PG&E focuses on monitoring and managing three broad categories of risk across the business:

  • Enterprise and Operational Risk. This encompasses risks that could have a potentially catastrophic impact on public and employee safety, customer service or PG&E’s financial condition as well as other risks that arise from our operations.
  • Compliance Risk. This includes all programs designed to help ensure that PG&E complies with both the spirit and the letter of all applicable legal and regulatory requirements.
  • Market and Credit Risk. This includes PG&E’s exposure to risks associated with PG&E’s energy portfolio, including trading in energy commodities, financial hedging and counterparty risk.

Recent Developments

Since 2011, PG&E Corporation and the Utility have refined their approach to risk management in three specific ways: first, by driving risk management into the operations and improving analytical rigor associated with the assessment of risk within each business area; second, by creating a strengthened governance process to oversee risk management activities and progress; and third, by incorporating risk more fully into PG&E’s annual integrated planning process.

In 2012, each line of business within PG&E established its own risk and compliance committee. These committees review all major enterprise and operational risks within the line of business (including public safety), review and approve risk analyses and mitigation strategies, and track mitigation progress. Each risk and compliance committee is led by a senior officer and must include at least one appointed risk manager with expertise in risk management and compliance.

In 2013, PG&E took further steps to prioritize and incorporate risk management into the strategic planning process. These included holding a day-long Senior Executive Risk and Compliance Session in conjunction with annual discussions on corporate strategy and resource prioritization. In the session, each line of business shared key risks, including enterprise, operational and compliance risks; identified risk mitigations and controls; and discussed interdependencies between the lines of businesses to manage risks.

Board-Level Duties

The PG&E Corporation and Utility Boards and their respective committees have specific oversight responsibility for risk management in the following areas:

  • The Boards evaluate risks associated with major investments and strategic initiatives, with assistance from the PG&E Corporation Finance Committee.
  • The Boards oversee the implementation and effectiveness of the overall legal compliance and ethics programs, with assistance from the PG&E Corporation and Utility Audit Committees.
  • Each company’s Audit Committee discusses the guidelines and policies that govern the processes for assessing and managing major risks, allocates to other Board committees the specific responsibility to oversee identified enterprise risks and considers risk issues associated with overall financial reporting and disclosure processes.
  • The PG&E Corporation Finance Committee discusses risk exposures related to energy procurement, including energy commodities and derivatives, and other key risks, as assigned by the Audit Committees.
  • The PG&E Corporation Nuclear, Operations and Safety Committee discusses risks related to the Utility’s nuclear, gas, electric and other operations and facilities, and oversees other enterprise risks, as assigned by the Audit Committees.
  • The PG&E Corporation Compensation Committee oversees potential risks arising from the companies’ compensation policies and practices.

Other risk oversight responsibilities also have been allocated, consistent with the Boards’ and each committee’s substantive scope and duties. For a full description of Board committee oversight responsibilities, please see PG&E Corporation’s and Pacific Gas and Electric Company’s 2013 Joint Proxy Statement.

Internal Audit: An Important Tool in Managing Risk

Our Internal Audit department provides independent, objective verification regarding the adequacy of processes and controls to manage business risk. Our Internal Audit department also provides control advisory services to support new business processes throughout PG&E. They advise and guide lines of business on how to develop effective controls and where to implement these controls. The department follows a standardized, disciplined approach to help management evaluate and improve the effectiveness of risk management, control and governance processes.

The Internal Audit department works annually with senior management within the lines of business to design an audit plan that focuses on high-risk areas. The Internal Audit department assesses, monitors and reports on the adequacy of internal controls in areas such as energy procurement, information technology, energy delivery, customer care and capital projects. The Audit Committees of the PG&E Corporation and Utility Boards receive periodic reports on audit findings, progress made implementing the annual audit plan and changes made to the audit plan.

Driving Compliance and Ethical Conduct

PG&E’s operations are subject to laws and regulations issued by more than 150 federal, state and local governmental bodies. Our Compliance and Ethics department works with organizations throughout the business to help employees and PG&E comply with these requirements, operate ethically and drive compliance process improvements.

PG&E’s Employee Code of Conduct handbook

PG&E’s Employee Code of Conduct, which is available online.

PG&E’s Employee Code of Conduct emphasizes PG&E’s values, describes our standards of conduct and addresses key regulatory and compliance requirements. Annually, PG&E takes a number of steps to help ensure that every employee knows about the code. Each year, for example, we require management employees to certify that they have read, understand and will comply with the code. Union-represented employees receive electronic reminders or briefings from supervisors about the code.

In 2012, we updated the code’s guidelines covering employee use of social media and the retention of company records. In 2013, we will continue to refine the code to reflect changes in our safety policies and to respond to new conduct issues and trends.

Just as we are committed to ethical business conduct and compliance with applicable laws, regulations and policies, we expect the same commitment from our vendors and Boards of Directors. In December 2012, the Boards of Directors received training and reaffirmed their Code of Business Conduct and Ethics for Directors. And we continue to provide our Code of Conduct for Contractors, Consultants and Suppliers to all of our suppliers.

Additionally, last year we established the Chairman’s Ethics Council, a new initiative designed to help raise and address issues relating to business ethics and conduct at PG&E. The Council met five times in 2012, including one meeting that was open to all employees.

The Council is comprised of management and union-represented employees at multiple levels, including officers, directors, managers, front-line supervisors and field employees. The leaders of our two largest labor unions, the International Brotherhood of Electrical Workers and Engineers and Scientists of California, are also part of the Council.

Other actions we have taken to help ensure that employees meet compliance commitments include:

  • Monitoring a compliance “scorecard” and working with the lines of business to implement plans to enhance their overall compliance program.
  • Maintaining and leveraging the best practices and knowledge of a network of Compliance Champions. These employees lead efforts in their organizations to identify compliance requirements, establish appropriate controls and monitor those controls to help ensure they are both efficient and effective.
  • Continuing to expand an Enterprise Compliance Tracking System to help manage the thousands of compliance requirements applicable to PG&E.
  • Improving the way in which our standards and procedures are written and communicated.

In 2012, more than 99 percent of employees completed our annual compliance and ethics training, which is typically conducted in small groups to stimulate discussion and share experiences. Supervisors also led conduct-related briefings with their work groups throughout the year.

We continue to encourage employees to ask questions and raise concerns with their supervisors or through other means. For example, PG&E’s Compliance and Ethics Helpline is available to employees, contractors and customers 24 hours a day. Calls are confidential, and callers may remain anonymous. We respond to callers promptly, investigate their concerns and follow up with them to provide closure. We also review call data to identify trends and develop approaches to address those trends broadly.

The volume of Helpline calls we received in 2012 was roughly 2.8 calls per 100 employees, falling within the normal range of 0.3 to 6.5 calls per 100 employees according to a benchmark report prepared by NAVEX Global. We believe this reflects a broad awareness among employees that the Helpline is an avenue to raise concerns. In 2012, the largest percentage of concerns related to interactions between employees. The next largest category was calls from employees who recognized possible misconduct.

We also continued our practice of posting confirmed but unnamed employee misconduct cases and the resulting discipline on PG&E’s internal website. This supports a culture where appropriate conduct is expected and reinforces the fact that PG&E takes misconduct seriously and takes steps to address it.