Managing risk and building resilience

Rising intensity and consequences of strategic, operational, enterprise, and climate related risks have made resilience a chief concern for utilities

While resilience may not be easy to define, an analytical approach can identify reliability and safety risks by their impacts and sources. Among the most prominent in recent years are the varied effects of climate change, which have had some of the largest impacts on reliability and safety.

With severe damage, longer recovery times, and aging infrastructure comes the need for utilities to minimize exposure to risks and contain their consequences while providing long-term value to the communities and stakeholders they serve.

A core competency of a utility

Resilience should be at the heart of a utility’s mission. Although resilience and reliability are distinct concepts, they are related. Reliability is being there when needed. It is the ability to provide uninterrupted electric, water or natural gas service. Resilience is the ability to restore reliability. The distinction is particularly important when it comes to assessing the risks that threaten reliability, resilience and safety.

For utilities, resilience can equate to limiting the number of outages during or following a hurricane or wildfire, safeguarding the system against cyber incidents, identifying and eliminating vulnerabilities to critical assets and evolving with technology disruption. Building resiliency requires more than restoring operations to their prior state but rather securing the company and its assets against greater threats.

Assessing risks and improving performance

In the current risk environment, some companies have taken steps to strengthen their service by investing in additional mitigations and controls.  Leading organizations are leveraging data, utilizing advanced analytics, and state of the art risk analysis techniques to evaluate the effectiveness of various investments and decisions to mitigate risk.  CEOs and Board of Directors are asking “can this risk put us out of business” and “what impact will this have on our reputation?”

The five key attributes of a resilient organization

1. Prepare


Create an integrated risk framework with a clear definition and alignment of enterprise strategy, capital and operations and maintenance investments, and asset management philosophy

2. Prevent

Coordinate responsibilities across Enterprise Risk Management, Compliance, Internal Audit, and Lines of Business to ensure risk management and compliance as part of the operating culture

3. Protect

Understand operational risk at various levels - frequency, severity, and velocity of risks to develop appropriate controls and mitigations

4. Practice

Implement crisis management best practices
to effectively respond to risk by identifying, analyzing, and having a plan to address the risk before it occurs

5. Pivot


Monitor the effectiveness
of investments in controls and mitigations to reduce the frequency of risks and contain their effects when they do occur



With experience advising utilities with low likelihood, high consequence risks facing their business, KPMG has the industry expertise and deep functional knowledge to help you develop a data driven, risk-informed strategy, to prepare for multiple threats, build resiliency and ultimately, enhance your bottom line.