What do the power outages in Texas in 2021 and the ones in California in 2018 and 2019 have in common? Although the crises are different – one faced fire, the other an ice storm – in both cases, the power utility industries were negligent in climate change disaster risk management.
The root causes of these power grid failures were known in advance by the employees of the responsible organizations, and were therefore 100% preventable. The overarching problem, however, is that these organizations are heavily siloed, and do not have effective Enterprise Risk Management (ERM) practices in place to escalate across those silos (and then up through multiple levels of management, and across their numerous supply chains).
ERM is a risk-based business methodology supported by software that identifies, assesses and prepares an organization’s operations for risk, compliance readiness and performance to achieve their objectives. This alleviates root cause failures by bridging silos and creating enterprise-wide transparency.
How do we know about these risk management failures?
What every company must realize is that in a See-Through Economy, social media is directly tied to reputational risk – and the truth about negligence can no longer be kept under wraps or disguised in the spin of a good PR firm. The truth always surfaces and gets rapidly shared.
This particular story of negligence is larger than most; the U.S. power grid consists of 3,195 energy utilities that are a mixture of public, cooperative and private investor ownership¹, and there are 50,000 water utilities. The weakest links in our power and water ecosystem that commonly lead to outages are extreme weather, antiquated reliability planning and malfunctioning markets.
Under extreme weather risk, the U.S. utilities sectors share something in common: an over-reliance on historical weather patterns used to plan future consumption conditions. This is like driving by looking backwards through the rear view mirror. Front line employees are aware of these risks, but the other departments that are responsible for deferred maintenance and capacity planning are heavily siloed. They also lack a common escalation and response capability to provide risk management inputs to the planning and investment departments, and transparency for the failure to address these risks at the board or regulator level. This is a recipe for disaster. Ultimately, the electrical grids have been facing the impacts of climate change, and those impacts will only get worse over time. From heatwaves to cold snaps, hurricanes to wildfires, our current methods for ensuring grid reliability are clearly not meeting its challengers.
It is all too easy to blame the problems on the bigger, more strategic issues of reduced emissions and climate change mitigation. While world leaders are busy debating global issues like rising sea levels and world peace, in the meantime, it is the obligation of every organization on this planet to identify how these risks will impact us – and then take action.
No organization can be absolved of the responsibility to keep contractual obligations, and the power and utilities industry is just a fraction of all industries impacted by climate change risk. It also greatly affects the banking and insurance industries.
Banks and insurance companies alike have assets in property. They have the responsibility of assessing the building codes to determine if the forward-looking risks have been mitigated for the new weather zones they find themselves in. Once a risk every 100 years or so, floods and storms are now once-per-decade events that are likely to become the new normal. Extreme fires and cold snaps are no different. Failing to take these dangerous trends into account is negligent. Utilities, banks and insurers can all expect class-action lawsuits in addition to regulatory fines if they fail to take a risk-based approach to planning and effectively act on those plans.
What needs to be done?
As I wrote in my blog post back in 2012, ERM Compliance and Enforcement: Avoiding Liabilities, the largest part of any liability is the inability to demonstrate the board and management’s extent of activity in trying to “know risk” at the front line, and mitigate where needed. An organization’s risk management systems gain protection from Federal Sentencing Guidelines, which offers relief for individuals and organizations from negligence claims. This is because it provides evidence of effective risk management.
Like a metal detector for a needle in a haystack, a risk taxonomy enables organizations to quickly identify and quantify the materiality of risks by the front line supervisory level and aggregate to the board while preserving a direct connection to mitigation activities and monitoring. Although bad things happen to good people and good companies, it only becomes negligence when there is an inability to produce credible documentation that your company identified the risk and took reasonable actions to mitigate it.
¹2,020 are publicly owned, 932 are rural electric cooperatives, and 243 are investor-owned utilities.
About the Author: Steven Minksy
Steven Minsky is a recognized thought leader in risk management, CEO and Founder of LogicManager. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts and published action plans to help organizations prepare.